[Paul Sutton] | On 20 Jun 1997 [EMAIL PROTECTED] wrote: | > [Paul Sutton] | > | - Decide how the backend can write to the config files and signal the | > | server (does this have to be a separate server with setuid scripts - | > | yuck - or can we get something like a Unix-socket interface to | > | Apache?) | > | > the only thing you need to be root in order to do is to kick (SIGHUP) | > the server in order to restart it. that can be accomplished in a few | > lines of C code. you may want to add some security stuff to it (like | > how often we can kick the server and who gets to kick it). | | The admin server also needs to write to the configuration files, which | will probably be owned by a different user that the one that the main | server runs as.
the server should generally not be able to write its configuration files directly since this enables malicious users to edit the files at will (using CGI, SSI whatever). the configuration system should have a different uid than the server. -Bj�rn
