[TriLUG] .htaccess and /etc/passwd
rick.denatale at gmail.com
Mon Feb 27 17:04:16 EST 2006
On 2/27/06, Tarus Balog <tarus at opennms.org> wrote:
> On Feb 27, 2006, at 3:53 PM, Rick DeNatale wrote:
> > I haven't used it myself, but I'd recommend pondering this advice from
> > the folks who bring you mod_auth_pam
> > http://pam.sourceforge.net/mod_auth_pam/shadow.html
> Came across that link getting it to work. (grin)
> On Debian there is already a "shadow" group, so you just have to add
> www-data to it. No need to change the group that apache uses to run.
Right, but then keep in mind that anything which runs as www-user has
access to /etc/shadow which can be arbitrary cgi code.
Visit the Project Mercury Wiki Site
More information about the TriLUG