At 13:47 03.09.2000 -0400, [EMAIL PROTECTED] wrote:
>Newbie-question, I really would like to execute vpop-api functions
>from PHP. If I changed apache to run as user
>vpopmail it would work to drop systemcalls to all executables in the run
>directory.
>
>My question is therefore: would it be a security risk to run apache
>as vpopmail instead of nobody? ((concerning vpopmail, not apache))
If the basic apache is running under that UID, yes.
Use feature "user" and "group" for a virtual server and take the advantage
of "suEXEC". See apache manual for more details.
Peter
