On Fri, Dec 17, 1999 at 01:17:10PM +1100, Shao Zhang wrote > Ethan Benson [EMAIL PROTECTED] wrote: > > On 17/12/99 Shao Zhang wrote: > > > > > I have no other choice. I need it to read the shadow passwd. It > > > is only accessible within a private network and all traffic is > > > SSL encrypted. So I guess it is pretty secure. > > > > well reading shadow password files from apache is bad anyway (i > > assume for htaccess?) since it allows very fast and mostly > > it is not for htaccess. It is mainly used for setting up acounts > which invovles writing as well. >
It would probably be safer to run apache as www-data and use an SUID perl script in a restricted area (i.e., require htpasswd-authentication to access, ideally only allow access from trusted IPs) to do the admin stuff for you; that way at least only the stuff in the script gets run as root. John P. -- [EMAIL PROTECTED] [EMAIL PROTECTED] "Oh - I - you know - my job is to fear everything." - Bill Gates in Denmark
