On Mon, 18 Dec 1995, Chris Fearnley wrote: > >* Should we create a new user and/or group to control access to the > >hierarchy of html files? If so, why don't we make it "official" and get > >Bruce to include in the base /etc/group and /etc/passwd files. > User nobody and group nogroup is either already in there or is it set > up by some other package? I suppose user wwwadmin might be better?
Well, I was actually thinking of group ownership of the files themselves, that way you could restrict w access to those in, say, group html. The files would of course have to be world readable so the server running as nobody/nogroup would still be able to get to them. > /usr/lib/apache is my choice for serverroot. Where the documents go > is site-specific. I'd like to also include an option to chroot httpd > to /usr/local/http or somesuch. Can dpkg install a package under some > arbitrary directory? If so then the preinst script might be able to get > everything into /usr/local/http and run httpd under chroot (for the > security paranoid). Uh, why would you want to chroot the httpd? Wouldn't that cause mondo problems, especially if we try and get it to do stuff like dynaloading modules, etc.? > apache-httpd provides httpd (as does cern-httpd) so dpkg won't install > one until the other is removed. Ah. Mike. -- "I'm a dinosaur. Somebody's digging my bones."