Date: Tue, 10 Feb 2004 16:35:49 +0000 From: Jez Hancock <jez.hancock@munk.nu> To: Lewis Thompson <purple@lewiz.net> Cc: FreeBSD-questions <questions@freebsd.org> Subject: Re: Shell script containing passwords. Message-ID: <20040210163549.GA25922@users.munk.nu> In-Reply-To: <20040210160635.GA7479@lewiz.org> References: <20040209233743.GA58010@lewiz.org> <4028FF18.6090302@circlesquared.com> <20040210160635.GA7479@lewiz.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Feb 10, 2004 at 04:06:37PM +0000, Lewis Thompson wrote: > On Tue, Feb 10, 2004 at 03:56:08PM +0000, Peter Risdon wrote: <snip> > > Not that I know of, but have you considered compiling apache with > > suexec? Assuming your other users have seperate logins, this might work. > > You can have apache execute scripts as the appropriate user, not www. > > That way, a 700 permission should prevent other users from reading your > > scripts. > > I read some stuff about this. I got the impression it required using > PHP as a CGI, instead of mod_php. Am I wrong in thinking this? The > overhead of using PHP as CGI is a little too high because the server is > already pretty stretched... Have a look at /usr/ports/www/suphp - be warned though, last time I looked at it the checks it uses to ensure UID 0 scripts aren't executed did not work correctly on FreeBSD. One slightly more complicated option is to rearrange your user/group permissions on a server-wide basis - there's a detailed description in this post: http://lists.freebsd.org/pipermail/freebsd-questions/2003-August/014731.html HTH -- Jez Hancock - System Administrator / PHP Developer http://munk.nu/ http://jez.hancock-family.com/ - Another FreeBSD Diary http://ipfwstats.sf.net/ - ipfw peruser traffic logging
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040210163549.GA25922>