From: Jason Hildebrand <jason@pe...> - 2004-03-27 16:23:04
On Sat, 2004-03-27 at 08:11, Gavin wrote:
> I have a context which is symlinked to a users directory. The
> in the context want to access sections in a config file, yet are
> to do so, due to the permissions. App server runs as a non-root user
> The only possible way this would work is either to run an app server
> each user, or to allow the config file readable by all. Yet this is a
> security issue, the config file contains passwords.
> Can anyone suggest ideas?
What kind of config file is it? One idea would be to split it up --
put each user-specific, sensitive passwords in a config file somewhere
in that users' directory (you probably don't want it in the context
itself for security reasons). All the rest of the configuration (which
it sounds like the users only need read-access to), can be in a global
config file with read access.
Jason D. Hildebrand
From: Jason Hildebrand <jason@pe...> - 2004-03-28 20:00:49
On Sat, 2004-03-27 at 18:17, Gavin wrote:
> I currently don't have the config file split up, but it is in a
> non-context directory. Explain to me how a non-root user is going to
> able to read from a users file?
Not sure what you're asking -- are you asking why I said putting the config
file in a context directory might be a security concern? Putting it in a
context means that it could be possible for someone to request the file
using their browser (if they know or can guess the name), and the app server
would send it to them. It's the same reason you wouldn't want to put any
sensitive files in a public web-accessible directory.