httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bob Bell <bobb...@zk3.dec.com>
Subject [users@httpd] suEXEC and /etc/passwd
Date Tue, 04 Feb 2003 16:51:23 GMT
[ Disclaimer: I've searched FAQs, Usenet archives, and mailing list
archives and can't find an answer to this question, but I am more than
willing to accept a pointer ]

I'm running an Ensim-based site with name-based virtual hosts.  suEXEC
is in use.  I want to make the web directories for those hosts
(including cgi-bin directories) owned by a different user than the Ensim
"site administrator".  That is, I want to make them owned by the
"webmaster" user for that domain.  Actually accomplishing that, and
serving static pages and providing FTP access, etc. is not a problem
(which is why I'm not posting to an Ensim list).

The problem is that that user is in the /etc/passwd file for that
domain, but not in the global /etc/passwd file for the system, which is
what suEXEC checks.  From http://httpd.apache.org/docs/suexec.html,
a condition for success in suEXEC is:
    5. Is the target user name valid?
        Does the target user exist? 

I would like to know how to disable this check.  Do I have to comment
out the lines implementing it in the suEXEC source and recompile?  What
kind of problems do I open myself up to if I do?  (I can't think of any,
as long as the other checks are all in place, and I'm a reasonably
security-minded guy)

-- 
Bob Bell <bobbell@zk3.dec.com>
-------------------------------------------------------------------------
 "Software gets slower faster than hardware gets faster!"
   -- "Wirth's Law" - Niklaus Wirth, famous computer scientist

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message