On Mon, Feb 28, 2005 at 09:02:54AM +0100, Michael Bell wrote: > Date: Mon, 28 Feb 2005 09:02:54 +0100 > From: Michael Bell <[EMAIL PROTECTED]> > To: [email protected] > Reply-To: [email protected] > Subject: Re: [OpenCA-Devel] httpd-user vs openca-user > > Alexei Chetroi wrote: > > > Just wanted to clear one issue to me. Do cgi-scripts access any files > >on filesystem, for example files in /var/lib/openca? I see it must > >access files under /etc/openca/servers/*.conf. Do cgi-scripts need write > >access to some of directories or these operations are performed by > >openca daemon? > > cgi-scripts does not need write access to any directories. All write > actions are performed by the openca daemon. The scripts only need access > to etc/ because they need some configuration parameters. I assume you > found some erroneous rights, correct? Actually not. Current Debian packaging runs openca server with the same uid as web server, and I didn't like idea that web-server can access openca's data. Running them at different uids seems more appropiate to me.
Best wishes -- Alexei Chetroi Smile... Tomorrow will be worse. (c) Murphy's Law ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ OpenCA-Devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-devel
