httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mikkel Christensen <mik...@talkactive.net>
Subject Re: [users@httpd] Apache refuses to start when it's user is member of to many groups
Date Fri, 07 May 2004 10:16:26 GMT
On Friday 07 May 2004 09:27, Dave Floyd wrote:
> Hi Mikkel,
> 	The solaris parameter is NGROUPS_UMAX. I avoided the problem 
> by running the script as root and su to each individual user, so I 
> don't think this is a relevant work-around to your problem. Why does 
> www need to be a member of all the groups? Couldn't you work the 
> other way and make all your users part of the group www (making sure 
> the permissions are suitably secure)?
> 

Then all users would have access to the apache user (www) and it's files which is not preferable.
Also www is a system account.
Maybe a workaround would be creating another user without rights and then make all users member
of that users group.
Then finally add www to that inprevileged users group.
The user nobody could be used for that. Any user would then have access to nobodys files but
nobody doen't own any files. Nobody would have access to all users files and so would www
being a member of the nobody group.
Then a specific user could lock out any other users by setting permissions xx0 (this should
be standart permissions). And Apache could be locked out with x00 (some users have sensitive
files that should not be readable from the internet).
I'll test it and return with the result:)

- Mikkel

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message