Re: cannot run pgps in a cgi script under apache
Ethan Benson [erbenson@alaska.net] wrote:
> On 17/12/99 Shao Zhang wrote:
>
> > I have configured apache to run as root(Both User and Group).
>
> very bad
I know.
> > I have tried to use SetEnv PGPPATH /root/.pgp with no luck.
>
> sounds like environment problems, should that PGPPATH not be called
> PGPPATH=/whatever/.pgp/ ? maybe you should try setting a $HOME
> variable instead. pgp 5.0 was very buggy. have you tried using gpg
> instead?
I got SetEnv from the apache doc. It did not specify a "=" sign.
I will have a go with gpg.
>
> > Do I have to use suEXEC from apache? I thought I configured
> > apache to run as root for both User and Group, then all the cgi
> > scripts will be run as root as well...
>
> don't run apache as root, you are asking/begging for your system to be cracked.
I have no other choice. I need it to read the shadow passwd. It
is only accessible within a private network and all traffic is
SSL encrypted. So I guess it is pretty secure.
Cheers,
Shao.
--
____________________________________________________________________________
Shao Zhang - Running Debian 2.1 ___ _ _____
Department of Communications / __| |_ __ _ ___ |_ / |_ __ _ _ _ __ _
University of New South Wales \__ \ ' \/ _` / _ \ / /| ' \/ _` | ' \/ _` |
Sydney, Australia |___/_||_\__,_\___/ /___|_||_\__,_|_||_\__, |
Email: shao@cia.com.au |___/
_____________________________________________________________________________
Reply to: