Re: Netscape Roaming Package

To: Debian Userslist <debian-user@lists.debian.org>
Subject: Re: Netscape Roaming Package
From: martin@internet-treff.uni-koeln.de (Martin Bialasinski)
Date: 21 Jan 1999 12:18:43 +0100
Message-id: <[🔎] m103I8J-0003jSC@haitech.martin.home>
In-reply-to: Karsten Bolding's message of "Thu, 21 Jan 1999 09:07:14 +0100"
References: <19990120001825.3990.qmail@murphy.novare.net> <[🔎] 36A6E032.45745D3D@tin.it>

>> "KB" == Karsten Bolding <bolding@tin.it> writes:

KB> And finally added www-data to shadow group
KB> addgroup www-data shadow

Be careful about this. Now everything running as www-data (webserver,
maybe cgis) can read /etc/shadow.

Even if noone can execute CGIs with the webserver uid or use dynamic
content (SSI), it is still possible that a CGI has a security hole. So 
it is best to minimize the access www-data has.

So you better look for another solution. Sorry, I can't help you more, 
but I don't run apache.

Ciao,
	Martin

Reply to:

Follow-Ups:
- Re: Netscape Roaming Package
  - From: "Daniel R. Allen" <dallen2@coder.com>

References:
- Re: Netscape Roaming Package
  - From: Karsten Bolding <bolding@tin.it>

Prev by Date: Re: .fvwm2rc
Next by Date: Re: No sound with xcdroast
Previous by thread: Re: Netscape Roaming Package
Next by thread: Re: Netscape Roaming Package
Index(es):
- Date
- Thread