On 17/12/99 Shao Zhang wrote:
I have configured apache to run as root(Both User and Group).
very bad
Now, I have a cgi perl script which calls pgps to sign a message. It works fine if I run it locally, but when I run it from the web, I got the following error from pgps: Cannot open configuration file pgp.cfg Cannot open secret keyring "secring.skr" Cannot open public keyring "pubring.pkr" Cannot find a private key for signing: shao@shaoz.dhs.org This is how I called pgps from the script:$output = `/usr/bin/pgps -at -f mutt.$$ -o mutt.header.out.$$ -z \"my keys\" -u shao\@shaoz.dhs.org 2>&1`;I have tried to use SetEnv PGPPATH /root/.pgp with no luck.
sounds like environment problems, should that PGPPATH not be called PGPPATH=/whatever/.pgp/ ? maybe you should try setting a $HOME variable instead. pgp 5.0 was very buggy. have you tried using gpg instead?
Do I have to use suEXEC from apache? I thought I configured apache to run as root for both User and Group, then all the cgi scripts will be run as root as well...
don't run apache as root, you are asking/begging for your system to be cracked.you would be much better off either just using the existing www-data user or creating your own special account (adduser --system) with its own home directory and have apache run as that.
-- Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/