Upon further review, the problem is not as severe as I originally thought. Everything is set umask 002 only if a group is specified on the fp_install command line (i.e. you don't want everything owned by group root). And they're world-readable because the web server (presumably running as nobody) has to be able to read them to do HTTP authentication. The permissions _can_ be succesfully changed. In my case, I used a Solaris ACL to give the httpd user read permission and set the password files to 0600, and changed the umask in the fp_install script to be a little less trusting. YMMV - changing the permissions made it bomb the first time around, but its working for me now. Sorry for the false alarm. There are still some very strange things going on with the default installation scripts' use of permissions and I intend to review this more thoroughly over the weekend. -- Dave Pifke, daveat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:38:35 PDT