From owner-freebsd-security Thu Nov 14 4:31: 6 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4C85937B401 for ; Thu, 14 Nov 2002 04:31:04 -0800 (PST) Received: from mail-gp.star.spb.ru (gamma.star.spb.ru [217.195.79.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9C62A43E3B for ; Thu, 14 Nov 2002 04:31:02 -0800 (PST) (envelope-from nkritsky@internethelp.ru) Received: from green.star.spb.ru (green.star.spb.ru [217.195.79.10]) by mail-gp.star.spb.ru (8.9.3/8.9.3) with ESMTP id PAA61255; Thu, 14 Nov 2002 15:30:46 +0300 (MSK) Received: from IBMKA ([217.195.82.21]) by green.star.spb.ru with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id VCZNDKNQ; Thu, 14 Nov 2002 15:30:45 +0300 Date: Thu, 14 Nov 2002 15:30:47 +0300 From: "Nickolay A. Kritsky" X-Mailer: The Bat! (v1.49) Personal Reply-To: "Nickolay A. Kritsky" X-Priority: 3 (Normal) Message-ID: <6080042384.20021114153047@internethelp.ru> To: Kirk Bailey Cc: "security@FreeBSD.ORG" Subject: Re: list scripts, permissions, and ownerships. In-reply-To: <3DD32C5A.9784D742@netzero.net> References: <3DD32C5A.9784D742@netzero.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello Kirk, Thursday, November 14, 2002, 7:53:46 AM, you wrote: KB> I have a problem. I am writing a script to create lists, and another to destroy KB> them- that is, MAIL lists, such as mailman, majordomo, and mojomail and tinylist KB> all work with. (I write TinyList.) KB> The aliases file must have certain permissions, and it appears to be 644 in my KB> freebsd box- hope that's correct, but it works fine. And the ownership is root, KB> and that works fine. KB> well, apache in the box is nobody:wheel and runs scripts as such. I have the KB> scripts owned nobody:wheel also. They run, but it cannot access the aliases KB> file-permissions/ownerships. OK, changed the relevant scripts' ownerships to KB> root (gasp!) and tried to run things that way. still no luck. Scripts apparently KB> are running as nobody, even though owned by root. KB> OK, a few questions. KB> First, how to I get a script to discover what identity it is running as? id(1) whoami(1) KB> Second, how can I insure it runs as a particular identity(so as to be compatable KB> with the email system), when run by the web server? apache has some feature called `suexec'. I think it can help you. Search the apache manual. ;------------------------------------------- ; NKritsky ; mailto:nkritsky@internethelp.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message