[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: chrooted apache and passwd / master.passwd access
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: chrooted apache and passwd / master.passwd access
- From: abonnement_(_at_)_kobol_(_dot_)_simplesecure_(_dot_)_at
- Date: Mon, 12 Apr 2004 14:29:47 +0200 (CEST)
> Do I understand correctly? You want your public *httpd* to be able to
> /etc/master.passwd? And you're not concerned about the security of that,
> but you're concerned with the security of copying it into the chroot?
> Perhaps I'm just a little thick this morning, but I do not see any way
> to grant a web server the ability to read /etc/master.passwd and call it
> If I absolutely had to use system users, and couldn't set up LDAP or
> something to do so, I think I'd build a module for apache that used ssh
> or pop3 or some other service you were already offering that auths
> system users. mod_auth_any should give you a start on how to do it, but
> I'd recommend auditing that code very carefully before using it.
> That said, this is more of a generic "how do I run my webserver" kind of
> problem than an OpenBSD problem. You should have similar difficulty on
> any well-configured UNIX box. Try asking in an apache forum how others
> approach this.
Yes, you are right. It really doesn't make much sense to try and make
chrooted httpd access master.passwd.
I am setting up a webhosting service. I want my users to be able to log in
via SSH/SFTP, POP3, and some other protocols and I want them to be able to
change their passwords using a web frontend. And that is my problem right
now. How do I change user passwords from httpd without being able to
access password files. Maybe suexec would help, but I've tried it and did
not succeed. And that's why I wanted to know how other admins using
chrooted httpd under OpenBSD work around this problem...
Thank you for your help!
Visit your host, monkey.org