[TriLUG] .htaccess and /etc/passwd

Rick DeNatale rick.denatale at gmail.com
Mon Feb 27 17:04:16 EST 2006


On 2/27/06, Tarus Balog <tarus at opennms.org> wrote:
>
> On Feb 27, 2006, at 3:53 PM, Rick DeNatale wrote:
>
> > I haven't used it myself, but I'd recommend pondering this advice from
> > the folks who bring you mod_auth_pam
> > http://pam.sourceforge.net/mod_auth_pam/shadow.html
>
> Came across that link getting it to work. (grin)
>
> On Debian there is already a "shadow" group, so you just have to add
> www-data to it. No need to change the group that apache uses to run.

Right, but then keep in mind that anything which runs as www-user has
access to /etc/shadow which can be arbitrary cgi code.

--
Rick DeNatale

Visit the Project Mercury Wiki Site
http://www.mercuryspacecraft.com/



More information about the TriLUG mailing list