Re: apache + .htpasswd - bypass pwd check
From: Jedi/Sector One (j@pureftpd.org)Date: 04/26/02
- Previous message: Jedi/Sector One: "Re: apache + .htpasswd - bypass pwd check"
- Maybe in reply to: Hallberg Tom: "apache + .htpasswd - bypass pwd check"
- Next in thread: Sten: "Re: apache + .htpasswd - bypass pwd check"
- Reply: Sten: "Re: apache + .htpasswd - bypass pwd check"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 26 Apr 2002 23:15:52 +0159 From: Jedi/Sector One <j@pureftpd.org> To: RSnake <rsnake@shocking.com>
On Fri, Apr 26, 2002 at 02:07:05PM -0700, RSnake wrote:
> cd ~john
> I don't have to know where it is.
Unless your users have shell access, there's no reason to have anything
but a 'nobody' account in your /etc/passwd & co files.
If you need entries for suexec to work, have fake ones, with no password,
no shell and /dev/null as a home directory. The only thing Apache+suexec
needs is to map uids to some user name.
The real path to web pages of every virtual host is located in httpd.conf's
DocumentRoot directives. System accounts don't have to match.
> Chrooted jails are the only way to go.
Indeed. Zeus has an handy feature to do this out of the box.
-- __ /*- Frank DENIS (Jedi/Sector One) <j@42-Networks.Com> -*\ __ \ '/ Secure FTP Server \' / \/ Misc. free software \/
- Previous message: Jedi/Sector One: "Re: apache + .htpasswd - bypass pwd check"
- Maybe in reply to: Hallberg Tom: "apache + .htpasswd - bypass pwd check"
- Next in thread: Sten: "Re: apache + .htpasswd - bypass pwd check"
- Reply: Sten: "Re: apache + .htpasswd - bypass pwd check"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
