On Mon, 2002-09-23 at 14:33, Michael Stauber wrote: > > Turning off suid privileges on /usr/lib/authenticate means apache won't be > > able to authenticate users anymore. > > So, you won't be able to access admin console. > > That's not correct. > > I have removed the SUID bit on /usr/lib/authenticate on all my RaQs and and > still everything except Frontpage works. I don't use Frontpage, so I'm still > a happy camper.
That admin console still works is apparently a side effect of admserv running with root uid. Under "regular" apache you will be unable to use PAM authentication because /etc/shadow will become unreadable. E.g. you won't be able to access /stats/ directories of individual virtual servers. Eugene _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
