On 17/12/99 Shao Zhang wrote:
I have configured apache to run as root(Both User and Group).
very bad
Now, I have a cgi perl script which calls pgps to sign a
message. It works fine if I run it locally, but when I run it
from the web, I got the following error from pgps:
Cannot open configuration file pgp.cfg
Cannot open secret keyring "secring.skr"
Cannot open public keyring "pubring.pkr"
Cannot find a private key for signing: [EMAIL PROTECTED]
This is how I called pgps from the script:
$output = `/usr/bin/pgps -at -f mutt.$$ -o mutt.header.out.$$
-z \"my keys\" -u [EMAIL PROTECTED] 2>&1`;
I have tried to use SetEnv PGPPATH /root/.pgp with no luck.
sounds like environment problems, should that PGPPATH not be called
PGPPATH=/whatever/.pgp/ ? maybe you should try setting a $HOME
variable instead. pgp 5.0 was very buggy. have you tried using gpg
instead?
Do I have to use suEXEC from apache? I thought I configured
apache to run as root for both User and Group, then all the cgi
scripts will be run as root as well...
don't run apache as root, you are asking/begging for your system to be cracked.
you would be much better off either just using the existing www-data
user or creating your own special account (adduser --system) with its
own home directory and have apache run as that.
--
Ethan Benson
To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/
