Hello, I tried the question below first on debian-mentors but harvested silence. Hopefully it is more on topic here.
I am not on the list, CC appreciated but I will read the archive. Many thanks, Remco Seesink On Sun, 23 May 2004 18:48:24 +0200 Remco Seesink <[EMAIL PROTECTED]> wrote: > Hello, > > I am packaging ibwebadmin, a web administration tool for firebird > and interbase databases. > > I ran into a problem with users and groups and wonder how to resolve it. > > The program runs some tools from the firebird packages (eg gbak, isql etc.) > These tools work locally on database files. All the database related files > are owned by the firebird user and group. > > The firebird tools run as the www-data user as they are invoked from the > apache process. > > Adding www-data to the firebird groups seems a security risk for the database > when it would be hit by a worm. New databases would still be created as the > www-data users instead of the firebird user. > > Must I do something with suid? Make the firebird tools suid firebird? I am not > experienced with ins and outs of suid but I understand they are often a source > of security hazards. > > How could I set it up secure so ibwebadmin is still able to process the > database > files? > > If this questions are not basic and more appropriate for debian-security tell > me > and I'll take them there. > > I have been playing around with the firebird packages and have a version with > some > minor bugs fixes sitting on my harddrive. If it needs a firebird fix I could > do > that. (It's orphaned) > > Cheers, > Remco. > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] >
