Freeside installation problem

Michael Slater slaterm at slaterm.amitar.com.au
Thu Mar 26 14:32:13 PST 1998


Hi, All i did to get it working was change UID.pm in a few places so that
freeside runs as user "nobody", the same as my web server. I dont know if
this is the most secure way to do it, but we are talking about a machine
behind a firewall. The part i can figure out, is how it is supposed to
actually add the user to the systems passwd/shadow files, and or spit out
a radius user file, as it does not seem to have those options. Otherwise,
it seems to work just fine.


Michael

On Thu, 26 Mar 1998, Ivan Kohler wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> On Wed, 25 Mar 1998, News Subsystem wrote:
> 
> > On Thu, 26 Mar 1998, Ivan Kohler wrote:
> >
> > > You may also want to take a look at the suExec feature of Apache, which
> > > appears to provide similar functionality - it executes scripts as the
> > > owner of the script (thus the setuid bit would not be needed).  I haven't
> > > tried this myself.
> > > 
> > I believe that it is necessary to have apache running as root in order to 
> > use the suExec feature.  This is a major security problem, much worse 
> > that setting the suid bit on a users files.
> 
> The documentation (specificly suexec.html from the manual) seems to
> indicate that the suexec wrapper itself is setuid root, but that apache
> does not run as root.  I would guess that given Apache's popularity (and
> wide distribution of source code :) ), a correctly installed suexec should
> be fairly safe.
> 
> - -- 
> Ivan Kohler <ivan at sisd.com> - finger for PGP key
> Silicon Interactive Software Design - http://www.sisd.com/
> "I want to go on a mountain-top / with a radio and good batteries
>  play a joyous tune / and free the whole human race from suffering" -Bjork
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
> 
> iQCVAwUBNRoImr7OPBeQJv09AQGE/wP9FRrIdUeGi+aFRLoTi1V0GLt0QUpuYa0K
> xoIxnv5V6KSnMcDkte+noB+2sDQiXd050yRlyYX3Bm9eHgkTra7dLwoPRC+tn3BR
> 06Ly0mvLDJIsacd7fkuevSnzo4LBH0IAuupW3WGeyho7vtiymdaCpNI5W8i7EII5
> VNw46eWwyIQ=
> =JAPh
> -----END PGP SIGNATURE-----
> 




More information about the freeside-users mailing list