[gentoo-user] Way OT - Can user apache become other users?

[gentoo-user] Way OT - Can user apache become other users?

[Michael Sullivan]

If the shell assigned to user 'apache' is "/bin/false", can user apache
become other users via su or sudo?  What I want to do is create a
web-based website editor, similar to the one geocities.com offers.  I
need a way to store the website editor in a central location where it
will be available to all users, but the users need to be able to save
the files they create/edit in their own web space (in this case under
~/webspace/html).  I want the users to be able to log in with their
Linux usernames and passwords.  I"ve written to a couple of PHP lists
about this, but none of them have answered me.  Is there anything in
portage that will do this, so I don't have to write it myself?  I've
waded through a lot of descriptions of scripts other people have
written, but none of them seemed to allow authenticating against the
users and passwords already established on the system...

-- 
gentoo-user@gentoo.org mailing list

[gentoo-user] Re: Way OT - Can user apache become other users?

[Michael Sullivan]

On Thu, 2006-04-13 at 22:29 -0500, Michael Sullivan wrote:
> If the shell assigned to user 'apache' is "/bin/false", can user apache
> become other users via su or sudo?  What I want to do is create a
> web-based website editor, similar to the one geocities.com offers.  I
> need a way to store the website editor in a central location where it
> will be available to all users, but the users need to be able to save
> the files they create/edit in their own web space (in this case under
> ~/webspace/html).  I want the users to be able to log in with their
> Linux usernames and passwords.  I"ve written to a couple of PHP lists
> about this, but none of them have answered me.  Is there anything in
> portage that will do this, so I don't have to write it myself?  I've
> waded through a lot of descriptions of scripts other people have
> written, but none of them seemed to allow authenticating against the
> users and passwords already established on the system...

Someone on one of my PHP lists wrote back and told me that I needed to
make php with phpsuexec, but I don't see that as one of the USE flags.
Is it called something else in Gentoo?

-- 
gentoo-user@gentoo.org mailing list

[gentoo-user] Re: Way OT - Can user apache become other users?

[Michael Sullivan]

On Fri, 2006-04-14 at 08:27 -0500, Michael Sullivan wrote:
> On Thu, 2006-04-13 at 22:29 -0500, Michael Sullivan wrote:
> > If the shell assigned to user 'apache' is "/bin/false", can user apache
> > become other users via su or sudo?  What I want to do is create a
> > web-based website editor, similar to the one geocities.com offers.  I
> > need a way to store the website editor in a central location where it
> > will be available to all users, but the users need to be able to save
> > the files they create/edit in their own web space (in this case under
> > ~/webspace/html).  I want the users to be able to log in with their
> > Linux usernames and passwords.  I"ve written to a couple of PHP lists
> > about this, but none of them have answered me.  Is there anything in
> > portage that will do this, so I don't have to write it myself?  I've
> > waded through a lot of descriptions of scripts other people have
> > written, but none of them seemed to allow authenticating against the
> > users and passwords already established on the system...
> 
> Someone on one of my PHP lists wrote back and told me that I needed to
> make php with phpsuexec, but I don't see that as one of the USE flags.
> Is it called something else in Gentoo?

I take it from the fact that no one has responded to this question that
suexec is not possible in PHP on Gentoo.  Is there some other language I
can do this project in, such as perl or ruby, or anything freely
available on Gentoo for that matter that would allow my users to use a
web-based website editor and save the files to their own webspace?

-- 
gentoo-user@gentoo.org mailing list

[gentoo-user] OT - unusual USE flag possibilities [WAS: Re: Way OT - Can user apache become other users?]

[Michael Sullivan]

On Fri, 2006-04-21 at 13:19 -0500, Michael Sullivan wrote:
> On Fri, 2006-04-14 at 08:27 -0500, Michael Sullivan wrote:
> > On Thu, 2006-04-13 at 22:29 -0500, Michael Sullivan wrote:
> > > If the shell assigned to user 'apache' is "/bin/false", can user apache
> > > become other users via su or sudo?  What I want to do is create a
> > > web-based website editor, similar to the one geocities.com offers.  I
> > > need a way to store the website editor in a central location where it
> > > will be available to all users, but the users need to be able to save
> > > the files they create/edit in their own web space (in this case under
> > > ~/webspace/html).  I want the users to be able to log in with their
> > > Linux usernames and passwords.  I"ve written to a couple of PHP lists
> > > about this, but none of them have answered me.  Is there anything in
> > > portage that will do this, so I don't have to write it myself?  I've
> > > waded through a lot of descriptions of scripts other people have
> > > written, but none of them seemed to allow authenticating against the
> > > users and passwords already established on the system...
> > 
> > Someone on one of my PHP lists wrote back and told me that I needed to
> > make php with phpsuexec, but I don't see that as one of the USE flags.
> > Is it called something else in Gentoo?
> 
> I take it from the fact that no one has responded to this question that
> suexec is not possible in PHP on Gentoo.  Is there some other language I
> can do this project in, such as perl or ruby, or anything freely
> available on Gentoo for that matter that would allow my users to use a
> web-based website editor and save the files to their own webspace?

I found www-apache/mod_suphp, which seems to be what I need. It has
several USE flags which I am unfamiliar with, such as mode-force,
mode-owner, mode-paranoid, etc.  Is there a way that I could find out
what these flags mean?  They are not
in /usr/portage/profiles/use.desc...

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] OT - unusual USE flag possibilities [WAS: Re: Way OT - Can user apache become other users?]

[Neil Bothwick]

[-- Attachment #1: Type: text/plain, Size: 461 bytes --]

On Fri, 21 Apr 2006 15:11:16 -0500, Michael Sullivan wrote:

>  Is there a way that I could find out
> what these flags mean?  They are not
> in /usr/portage/profiles/use.desc...

Are they in /usr/portage/profiles/use.local.desc?

Either way, reading the ebuild will show you which configure options these
flags control.

-- 
Neil Bothwick

If the pen is mightier than the sword, and a picture is worth a thousand
words, how dangerous is a fax?

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 191 bytes --]