* On 2001-09-08 at 08:34,
William A. Rowe, Jr. <[EMAIL PROTECTED]> excited the electrons to say:
>
> I've seen similar requests for require group. While you are cautiously
> modifing the 1.3 code base, would you please consider both?
As I said in the preface, the actual patch does both 'require file-owner'
and 'require file-group'.
> Other than that, coolness, but please document that this is not a SECURE
> method from a multi-user system, since anyone can create an .htpasswd file
> that might cause the user to appear as a root or admin user, but is not.
How do you mean? Linux does not let you chgrp a file to any group
of which you are not a member; neither does T64U, nor FreeBSD, nor
any other Unixish system with which I am familiar.. Can you spell
out the scenario you have in mind?
> This must be documented as a convience facility, not a security facility.
I will wait for your explanation before I commit to this, since I
do not see the hole.
--
#ken P-)}
Ken Coar, Sanagendamgagwedweinini http://Golux.Com/coar/
Author, developer, opinionist http://Apache-Server.Com/
"All right everyone! Step away from the glowing hamburger!"
