On Thu, 28 Feb 2013 13:04:21 +1100 Igor Cicimov <icicimov@xxxxxxxxx> wrote: > > I have recently upgraded to Apache 2.4, suExec and dbd > > authentication with PostgreSQL. This is on a system with multiple > > users. Here is an example virtual host entry: > > > > <VirtualHost 98.158.134.24:80> > > ServerName admin.occ4u.org > > DocumentRoot /u/WEB/Misc/OCC_Admin > > ServerAdmin webmaster@xxxxxxx > > SuexecUserGroup darcy vex > > > > DBDriver pgsql > > DBDParams "host=localhost dbname=occ user=occ" > > > > I think the password for the user that connects to the DB should also > be declared here like: I have two problems with that. I don't know all of my user's passwords and I don't want to store clear text passwords in the configs. > > Currently my solution is to either make the database trust any > > connections from itself > > You can make this "trust the local connections for SOME users > including apache user". And additionally you can grant apache user > select permissions only to the person table of the occ database. And every other database that I need to authenticate to. It doesn't sound like it scales very well. This is my current solution although I did take it a step farther and created a view on the person tables with just the data I needed. The view is what I give public access to. > > Database connections from the web site are fine since suExec runs > > the scripts as occ. Is there any way to make the dbd connection > > run as occ as well? > > > You can run apache as occ user. That doesn't help me authenticate the other users. I know that I can make this work if I have one client but I am trying to make it work for hundreds of different users. -- D'Arcy J.M. Cain System Administrator, Vex.Net http://www.Vex.Net/ IM:darcy@xxxxxxx Voip: sip:darcy@xxxxxxx --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|