[thelist] Root and .htaccess
Steve Lewis
nepolon at worlddomination.net
Mon Jul 21 19:29:46 CDT 2003
Elias Griffin wrote:
>*Now*... as the system stands which is
>the best practice A or B?
>
>
Doesn't give us too much choice, but it seems clear to me what the
answer is.
You want as few people to have root access as possible.
To go a tiny bit further, you probably could invest a small amount of
time/money to get a SuExec'ed CGI script put together that can add a new
user to the password file. Then add a new <directory> to apache that
only allows connections from specitic workstations by IP and still
requires yet another username and password lookup to reach. Put
'authorized account managers' in that password file.
Now you won't need to give root access to anyone, Apache will not need
to run as root, and you have a trusted method (SuExec) for executing a
single specific command as root that is protected both by htaccess and
by host IP.
--Steve
More information about the thelist
mailing list