Freeside installation problem
Patrick Greenwell
patrick at namesecure.com
Fri Mar 27 10:21:27 PST 1998
On Thu, 26 Mar 1998, Ivan Kohler wrote:
> > While understand the basic desire behind UID.pm, I cannot find a
> > particularly good reason to do all the UID/GID gyrations. Is there a
> > compelling reason not to run an iteration of the server as user freeside
> > with appropriate authentication?
>
> The "UID/GID gyrations" are done to run as an unprivledged user (whatever
> your web server is running as: nobody or www-data) most of the time,
> switching to the more dangerous freeside user only for specific
> tasks.
Again, I understand the desire behind UID.pm, I was just curious as to
what "dangerous" things user freeside does, not having had a chance to
look through the source.
> suExec in apache appears to provide similar functionality, though I don't
> know if it leaves the ruid as nobody.
suexec will refuse to work on an already setuid/setgid program.
> It seems safer than running the server as the freeside user.
Well, as it does not operate on setuid/setgid programs it would leave the
ruid/euid as "freeside" throughout the whole script, defeating the
purpose of UID.pm correct?
So, back to square one. :-)
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
Patrick Greenwell (800) 299-1288 v
Systems Administrator (510) 377-1414 f
NameSecure
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
More information about the freeside-users
mailing list