[99447] in RedHat Linux List
RE: UID for CGI program
daemon@ATHENA.MIT.EDU (Charles Galpin)
Sat Nov 14 10:55:42 1998
Date: Sat, 14 Nov 1998 10:52:44 -0500
From: Charles Galpin <cgalpin@lighthouse-software.com>
To: Joel Arriaza <redhat-list@redhat.com>
Resent-From: redhat-list@redhat.com
Reply-To: redhat-list@redhat.com
But files in /tmp may get removed at some point by a utility ( I forget the
name ) that cleans up time periodcally.
I agree with Joel, that running the web server as root is a very bad idea.
If you explain what you are up to, I'm sure we can suggest better
alternatives. Even running a particular CGI suid root would be better.
charles
===== Original Message from Joel Arriaza <redhat-list@redhat.com> at
11/14/98 10:37 am
>>
>> I want to write to any directory i want. What user can i use (I'm the
>> root).
>
>This is "not" correct, your are opening a gate, so anybody will be able
>to gain root access.
>
>But if you want to...
>Edit the file /etc/httpd/conf/httpd.conf
>and find the User/Group lines and replace the
>user "nobody" for "root"
>restart your httpd daemon and your done!!!
>
>
>> Will files in the /tmp be deleted once Linux is shutdown.
>
>No, thet won't
-- Charles Galpin <cgalpin@lighthouse-software.com>
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com http://archive.redhat.com
To unsubscribe: mail redhat-list-request@redhat.com with
"unsubscribe" as the Subject.
