[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: cannot run pgps in a cgi script under apache

On Fri, Dec 17, 1999 at 01:17:10PM +1100, Shao Zhang wrote
> Ethan Benson [erbenson@alaska.net] wrote:
> > On 17/12/99 Shao Zhang wrote:
> > 
> > >	I have no other choice. I need it to read the shadow passwd. It
> > >	is only accessible within a private network and all traffic is
> > >	SSL encrypted. So I guess it is pretty secure.
> > 
> > well reading shadow password files from apache is bad anyway (i 
> > assume for htaccess?) since it allows very fast and mostly
> 	
> 	it is not for htaccess. It is mainly used for setting up acounts
> 	which invovles writing as well.
> 

It would probably be safer to run apache as www-data and use an SUID perl
script in a restricted area (i.e., require htpasswd-authentication to
access, ideally only allow access from trusted IPs) to do the admin stuff
for you; that way at least only the stuff in the script gets run as root.


John P.
-- 
huiac@camtech.net.au
john@huiac.apana.org.au
"Oh - I - you know - my job is to fear everything." - Bill Gates in Denmark
Reply to: