Sam Morris <[EMAIL PROTECTED]> writes: >> For that system, we run in only one single UID/GID in the system: we >> use nobody:nogroup for all the hosted files. That includes: ftp access, >> mail system (delivered in user mailbox as nobody), and web. The control >> panel does the change of the User and Group directive in Apache so it >> doesn't use www-data anymore.
> Editing other package's configuration files is proscribed by Policy, > however such is the entire point of control-panel-like software, so I > guess this isn't such a big issue. I think you have to distinguish between control-panel software performing edits at the request of a user, in which case they're just a form of editor, and control-panel software modifying configuration files for its own purposes. The latter I think should still be forbidden. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
