On Fri, 9 Jan 1998, hostmaster wrote:
>
> Sorry for the false alarm. There are still some very strange things going
> on with the default installation scripts' use of permissions and I intend
> to review this more thoroughly over the weekend.
>
>
Well the alarm is not totally false, frontpage IS bogus as HELL, but there
is a way to circumvent the cretinous way this is set up.
You can set up all of your frontpage users as group web and set the users'
permissions as 715 , that is effect disallows other "web" users from
accessing other individuals accounts, while retaining "nobody" as your
main http daemon user. Then you can use apache's suexec wrapper to do the
suing for the frontpage extensions provided that you have httpd.conf set
up correctly i.e. with User and Group statements.
We know that this is a far from perfect solution but at least it
somwhat works on a production system.
____________________________________________
http://www.incredible.com
E-mail:infoat_private
Απίστευτα Δίκτυα Incredible Networks
τηλ: (1) 92 12 312 tel +30 1 921 2312
fax: (1) 92 12 314 fax:+30 1 921 2314
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:38:38 PDT