Hello BSDers,
I'm running Apache in a chroot jail with suPHP. It needs an /etc/
passwd in the chroot so that suPHP can setuid to the owner of the PHP
script, but there's nothing that requires the passwords to be valid.
Does anyone have a script strips passwords out of master.passwd, sets
all shells to nologin, etc and writes it to the chroot etc dir? I've
looked around but not found anything. If it strips out certain UID
ranges, and watches the master file's modification time so it can be
run out of cron as well, even better!
If no such thing exists, I'll write one and share it with the group
if there's interest.
Thanks,
Skye
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
