[rt-devel] observations about the 1.3 install script
Martin Pool
mbp at linuxcare.com.au
Thu Jun 1 23:18:34 EDT 2000
On Mon, 29 May 2000, Tobias Brox wrote:
> > Also, I don't think these lines are really right:
> >
> > chown -R $(RTUSER) $(RT_PATH)
> > chgrp -R $(RTGROUP) $(RT_PATH)
>
> Hm. Better suggestions?
Only chown files or directories which must be writable by rt. I guess
this means only the password file, since everything else is in the db?
> > Secondly, if RT is going to run as user rt.rt then it's probably more
> > secure *not* to have that user own those scripts and configuration files,
> > if that's possible. Rather the webmaster or root should own them. Would
> > this fit into the design of RT?
>
> For RT2 it really shouldn't matter. The only thing that matters is that
> it should be able to read the DB password ... I think it's stored in
> config.pm as for now. That means config.pm must be readable only for the
> RT scripts. I think Jesse has some thoughts about this, anyway?
I agree that it's not critical, but if there is nothing gained then it
should not be done. Since some people run RT on internet-accessible
machine security is not unimportant.
>
> > Also, could the rtmux.pl script perhaps
> > be setgid rather than setuid?
>
> I guess that's the plan.
>
>
--
Martin Pool, Linuxcare, Inc.
+61 2 6262 8990
mbp at linuxcare.com, http://www.linuxcare.com/
Linuxcare. Support for the revolution.
More information about the Rt-devel
mailing list