[LON-CAPA-admin] 64 bit
Michael W Edwards
mwedward at uiuc.edu
Tue Oct 26 14:37:00 EDT 2004
Gerd,
>-----Original Message-----
>From: lon-capa-admin-admin at mail.lon-capa.org
[mailto:lon-capa-admin-admin at mail.lon-capa.org] On Behalf Of Gerd
Kortemeyer
>Sent: Tuesday, October 26, 2004 12:59
>To: lon-capa-admin at mail.lon-capa.org
>Subject: Re: [LON-CAPA-admin] 64 bit
>
>On Oct 26, 2004, at 1:41 PM, Martin Siegert wrote:
>
>> On Tue, Oct 26, 2004 at 11:13:18AM -0500, Michael W Edwards wrote:
>>
>>> - Blessed /usr/bin/suidperl as setuid.
>>
>> Interesting. I have not done this (because I tend to find this on the
>> scary side). Which things will break, if suidperl is not suid?
>
>Among other things, you would not be able create author accounts.
>
That was the gotcha for me.
Here's a question, if we're using our own authentication scheme (via
localauth.pm) and not creating filesystem authorized accounts (just
relying upon lchtmldir to create the public_html once an author role is
granted) would we even need to have setuid scripts if we allow www to
have write perms in a special home directory area? Would this create
any problems with users being able to access each other's resources?
Does Lon-Capa police this or does it rely upon filesystem permissions
(and therefore the reason why lcuseradd adds www to the group named
after the account)?
There's a whole mess of changes which need to be made to lcuseradd,
because the syntax and defaults for RH/Fedora are different from SuSE.
Mike Edwards
ATLAS
University of Illinois Urbana Champaign
More information about the LON-CAPA-admin
mailing list