Re: users and security ibwebadmin
Hello,
I tried the question below first on debian-mentors but harvested silence.
Hopefully it is more on topic here.
I am not on the list, CC appreciated but I will read the archive.
Many thanks,
Remco Seesink
On Sun, 23 May 2004 18:48:24 +0200
Remco Seesink <raseesink@hotpop.com> wrote:
> Hello,
>
> I am packaging ibwebadmin, a web administration tool for firebird
> and interbase databases.
>
> I ran into a problem with users and groups and wonder how to resolve it.
>
> The program runs some tools from the firebird packages (eg gbak, isql etc.)
> These tools work locally on database files. All the database related files
> are owned by the firebird user and group.
>
> The firebird tools run as the www-data user as they are invoked from the
> apache process.
>
> Adding www-data to the firebird groups seems a security risk for the database
> when it would be hit by a worm. New databases would still be created as the
> www-data users instead of the firebird user.
>
> Must I do something with suid? Make the firebird tools suid firebird? I am not
> experienced with ins and outs of suid but I understand they are often a source
> of security hazards.
>
> How could I set it up secure so ibwebadmin is still able to process the database
> files?
>
> If this questions are not basic and more appropriate for debian-security tell me
> and I'll take them there.
>
> I have been playing around with the firebird packages and have a version with some
> minor bugs fixes sitting on my harddrive. If it needs a firebird fix I could do
> that. (It's orphaned)
>
> Cheers,
> Remco.
>
>
> --
> To UNSUBSCRIBE, email to debian-mentors-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
Reply to: