Please see the message I sent a few minutes ago re: "Unable to open
logs" if you need more information about my system than I have included
here.
I have recently upgraded to Apache 2.4, suExec and dbd authentication
with PostgreSQL. This is on a system with multiple users. Here is an
example virtual host entry:
<VirtualHost 98.158.134.24:80>
ServerName admin.occ4u.org
DocumentRoot /u/WEB/Misc/OCC_Admin
ServerAdmin webmaster@xxxxxxx
SuexecUserGroup darcy vex
DBDriver pgsql
DBDParams "host=localhost dbname=occ user=occ"
DBDPersist off
<Directory /u/WEB/Misc/OCC_Admin>
AuthType Basic
AuthName "OCC database Administration"
Require valid-user
AuthBasicProvider dbd
AuthDBDUserPWQuery "SELECT raw(person_pass) FROM person \
WHERE person_login = %s AND \
person_active = 't'"
</Directory>
</VirtualHost>
This fails because the connection is made as nobody, the user that the
server itself runs as. The database makes an ident call for occ and
fails of course.
Currently my solution is to either make the database trust any
connections from itself or make the password files world readable.
Neither of these seems very secure. I tried adding a User directive in
the virtual host but that just crashed Apache with a config error
sending me on a five minute reboot (Unable to open logs - see previous
message.)
Database connections from the web site are fine since suExec runs the
scripts as occ. Is there any way to make the dbd connection run as occ
as well?
Thanks for any help.
--
D'Arcy J.M. Cain
System Administrator, Vex.Net
http://www.Vex.Net/ IM:darcy@xxxxxxx
Voip: sip:darcy@xxxxxxx
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|