[prev in list] [next in list] [prev in thread] [next in thread]
List: slashcode-general
Subject: Re: [Slashcode-general] Gentoo installation - general slash security questions
From: Shane <shane () lottadot ! com>
Date: 2004-11-07 14:07:55
Message-ID: 6BBB6AE6-30C6-11D9-B41D-000A95DBD7A6 () lottadot ! com
[Download RAW message or body]
Does gentoo have a 'valid shells file' ie /etc/shells?
As for security if the user that apache is running under has a shell, I
doubt it's a problem. If I recall back a few years ago redhat was
putting /bin/false or /dev/null into the shell for the nobody account.
Which was a slight problem with slash/slashd.
I'd google on it if I were you, but that's about it.
Shane
disclaimer: I've never used Gentoo.
On Nov 6, 2004, at 8:52 PM, George Clark wrote:
> -4.9 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
> [score: 0.0000]
> -0.2 AWL AWL: Auto-whitelist adjustment
> X-Scan-Signature: 2a53a7fc9a909a50ee1db7d84892058a
>
>
> Hi all,
>
> On Gentoo, apache runs under as user:group apache:apache instead of
> nobody:nogroup. The shell for apache in /etc/passwd is set to
> /bin/false. The
> 'su" command on gentoo does not include the ability to override the
> "shell", so
> the shell in the passwd file has to be valid.
>
> I built slash using USER=apache GROUP=apache on the make statement,
> and
> u=apache g=apache on the install-slashsite command. In order to get
> slashd to
> start I had to put a shell on the apache entry in passwd and remove the
> --shell="/bin/sh" from the Linux su statement in init.d/slash.
>
> Any thought on if there could be a security exposure by providing a
> valid shell
> to apache? Would it be preferable to create a new "slash" uid:gid and
> add the
> apache uid to the slash group so that apache has access to the slash
> files?
>
> Any suggestions on how I should set up the file and task ownership?
>
> Thanks,
> George
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by:
> Sybase ASE Linux Express Edition - download now for FREE
> LinuxWorld Reader's Choice Award Winner for best database on Linux.
> http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click
> _______________________________________________
> Slashcode-general mailing list
> Slashcode-general@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/slashcode-general
>
-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click
_______________________________________________
Slashcode-general mailing list
Slashcode-general@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/slashcode-general
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic