From owner-freebsd-questions@FreeBSD.ORG Tue Feb 10 08:35:52 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 962FC16A4CE for ; Tue, 10 Feb 2004 08:35:52 -0800 (PST) Received: from munk.nu (mail.munk.nu [213.152.51.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5404943D1D for ; Tue, 10 Feb 2004 08:35:52 -0800 (PST) (envelope-from munk@munk.nu) Received: from munk by munk.nu with local (Exim 4.30; FreeBSD) id 1AqarV-0008Iv-5G; Tue, 10 Feb 2004 16:35:49 +0000 Date: Tue, 10 Feb 2004 16:35:49 +0000 From: Jez Hancock To: Lewis Thompson Message-ID: <20040210163549.GA25922@users.munk.nu> Mail-Followup-To: Lewis Thompson , FreeBSD-questions References: <20040209233743.GA58010@lewiz.org> <4028FF18.6090302@circlesquared.com> <20040210160635.GA7479@lewiz.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040210160635.GA7479@lewiz.org> User-Agent: Mutt/1.4.1i Sender: Jez Hancock cc: FreeBSD-questions Subject: Re: Shell script containing passwords. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Feb 2004 16:35:52 -0000 On Tue, Feb 10, 2004 at 04:06:37PM +0000, Lewis Thompson wrote: > On Tue, Feb 10, 2004 at 03:56:08PM +0000, Peter Risdon wrote: > > Not that I know of, but have you considered compiling apache with > > suexec? Assuming your other users have seperate logins, this might work. > > You can have apache execute scripts as the appropriate user, not www. > > That way, a 700 permission should prevent other users from reading your > > scripts. > > I read some stuff about this. I got the impression it required using > PHP as a CGI, instead of mod_php. Am I wrong in thinking this? The > overhead of using PHP as CGI is a little too high because the server is > already pretty stretched... Have a look at /usr/ports/www/suphp - be warned though, last time I looked at it the checks it uses to ensure UID 0 scripts aren't executed did not work correctly on FreeBSD. One slightly more complicated option is to rearrange your user/group permissions on a server-wide basis - there's a detailed description in this post: http://lists.freebsd.org/pipermail/freebsd-questions/2003-August/014731.html HTH -- Jez Hancock - System Administrator / PHP Developer http://munk.nu/ http://jez.hancock-family.com/ - Another FreeBSD Diary http://ipfwstats.sf.net/ - ipfw peruser traffic logging