Freeside installation problem

Patrick Greenwell patrick at namesecure.com
Fri Mar 27 10:21:27 PST 1998


On Thu, 26 Mar 1998, Ivan Kohler wrote:

> > While understand the basic desire behind UID.pm, I cannot find a
> > particularly good reason to do all the UID/GID gyrations. Is there a
> > compelling reason not to run an iteration of the server as user freeside
> > with appropriate authentication? 
> 
> The "UID/GID gyrations" are done to run as an unprivledged user (whatever
> your web server is running as: nobody or www-data) most of the time,
> switching to the more dangerous freeside user only for specific
> tasks.  

Again, I understand the desire behind UID.pm, I was just curious as to
what "dangerous" things user freeside does, not having had a chance to
look through the source.

> suExec in apache appears to provide similar functionality, though I don't
> know if it leaves the ruid as nobody.  

suexec will refuse to work on an already setuid/setgid program.

> It seems safer than running the server as the freeside user.

Well, as it does not operate on setuid/setgid programs it would leave the
ruid/euid as "freeside" throughout the whole script, defeating the
purpose of UID.pm  correct?

So, back to square one. :-)


/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
Patrick Greenwell				         (800) 299-1288 v
			   Systems Administrator	 (510) 377-1414 f
	                         NameSecure		     
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/





More information about the freeside-users mailing list