Summary: | [PATCH] let enewuser use a UID suitable for apache suexec | ||
---|---|---|---|
Product: | Portage Development | Reporter: | 0g <ft01> |
Component: | Core - Ebuild Support | Assignee: | Portage team <dev-portage> |
Status: | RESOLVED DUPLICATE | ||
Severity: | normal | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: | eutils patch |
Description
0g
2005-09-28 07:53:14 UTC
Created attachment 69419 [details, diff]
eutils patch
That wasn't exactly the response I expected. It is impossible to install a web application and guarantee its security without being able to create the user account and then run chown during installation. The patch is trivial and tested. To reject it implies to me that enewuser is deliberately crippled. But why? And why is that situation the better of the two evils? because enewuser creates system accounts, not user accounts I guess that leaves a couple of possibilities: - this is a duplicate of http://bugs.gentoo.org/show_bug.cgi?id=55603 (somehow lower MIN_UID) - use useradd instead of enewuser, which is a source of bugzilla entries in itself... *** This bug has been marked as a duplicate of 55603 *** |