From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.50) id 1EZyYI-0006Rx-MS for garchives@archives.gentoo.org; Wed, 09 Nov 2005 22:36:23 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.5/8.13.5) with SMTP id jA9MY8US028742; Wed, 9 Nov 2005 22:34:08 GMT Received: from indigorobot.com (rrcs-24-73-229-216.se.biz.rr.com [24.73.229.216]) by robin.gentoo.org (8.13.5/8.13.5) with ESMTP id jA9MUSp2020996 for ; Wed, 9 Nov 2005 22:30:29 GMT Subject: Re: [gentoo-security] Advice about security solution From: xyon To: gentoo-security@lists.gentoo.org In-Reply-To: <20051109211014.GM14230@elmer.skumleren.net> Content-Type: text/plain Date: Wed, 09 Nov 2005 17:30:28 -0500 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-security@gentoo.org Reply-to: gentoo-security@lists.gentoo.org Mime-Version: 1.0 X-Mailer: Evolution 2.2.3 Content-Transfer-Encoding: 7bit X-Spam-Score: -2.3 (--) X-Spam-Report: Spam detection software, running on the system "www-dev1.indigorobot.com", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: just curious, by why not use 'net-www/mod_auth_mysql' and store your users in a MySQL DB? On Wed, 2005-11-09 at 22:10 +0100, Anders Bruun Olsen wrote: > On Wed, Nov 09, 2005 at 09:19:38PM +0200, unaos wrote: > > > Hmm.. any good guides or pointers to get Apache, MySQL, Postfix, > > > Courier-imap, rsyncd, ventrilo, cs-server, zope and so on to run in > > recommends mod_chroot for Apache. > > I have tried using mod_chroot just earlier today, but ran into trouble > because I use mod_auth_pam, which of course does not work correctly > inside a chrooted env. I am thinking about going all out and putting my > users in an LDAP directory, which would make it possible to put Apache > and other services in chroots since auth etc. would consist of > connecting to the LDAP daemon and not of asking PAM to look into > /etc/shadow. > > -- > Anders > -----BEGIN GEEK CODE BLOCK----- > Version: 3.12 > GCS/O d--@ s:+ a-- C++ UL+++$ P++ L+++ E- W+ N(+) o K? w O-- M- V > PS+ PE@ Y+ PGP+ t 5 X R+ tv+ b++ DI+++ D+ G e- h !r y? > ------END GEEK CODE BLOCK------ > PGPKey: http://random.sks.keyserver.penguin.de:11371/pks/lookup?op=get&search=0xD4DEFED0 [...] Content analysis details: (-2.3 points, 3.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -2.8 ALL_TRUSTED Did not pass through any untrusted hosts 0.5 WEIRD_PORT URI: Uses non-standard port number for HTTP Message-Id: X-Archives-Salt: 1bbd90c3-9146-4d24-8a43-e433dd14f668 X-Archives-Hash: e0224656168bd094c8f745811ed945c9 just curious, by why not use 'net-www/mod_auth_mysql' and store your users in a MySQL DB? On Wed, 2005-11-09 at 22:10 +0100, Anders Bruun Olsen wrote: > On Wed, Nov 09, 2005 at 09:19:38PM +0200, unaos wrote: > > > Hmm.. any good guides or pointers to get Apache, MySQL, Postfix, > > > Courier-imap, rsyncd, ventrilo, cs-server, zope and so on to run in > > recommends mod_chroot for Apache. > > I have tried using mod_chroot just earlier today, but ran into trouble > because I use mod_auth_pam, which of course does not work correctly > inside a chrooted env. I am thinking about going all out and putting my > users in an LDAP directory, which would make it possible to put Apache > and other services in chroots since auth etc. would consist of > connecting to the LDAP daemon and not of asking PAM to look into > /etc/shadow. > > -- > Anders > -----BEGIN GEEK CODE BLOCK----- > Version: 3.12 > GCS/O d--@ s:+ a-- C++ UL+++$ P++ L+++ E- W+ N(+) o K? w O-- M- V > PS+ PE@ Y+ PGP+ t 5 X R+ tv+ b++ DI+++ D+ G e- h !r y? > ------END GEEK CODE BLOCK------ > PGPKey: http://random.sks.keyserver.penguin.de:11371/pks/lookup?op=get&search=0xD4DEFED0 -- gentoo-security@gentoo.org mailing list