On 17/12/99 Shao Zhang wrote:
I have no other choice. I need it to read the shadow passwd. It is only accessible within a private network and all traffic is SSL encrypted. So I guess it is pretty secure.
well reading shadow password files from apache is bad anyway (i assume for htaccess?) since it allows very fast and mostly unstoppable password cracking efforts on your system password files, you might as well just unshadow the passwords since any additional protection offered by shadow passwords is completely undone by letting apache read them.
but even for reading shadow passwords you do not need to run as root, run as www-data and group shadow, the shadow files are group shadow readable.
-- Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/