The usual way is to add the user the apache process runs as to a special group which you give permission to read the file.
So, for instance, create the group shadow, set the owner of /etc/shadow to root.shadow, and mode to 740.
Do remember to ensure that only those sites that *must* have access to the file are run in the apache process running as that user.
I'm not sure how I'd set a per-site run-as-user. Probably not immediately critical as I'm not running multiple sites on this server right now, but it would be useful to know how to set that up if needed. Do you have a suggestion for a Google expression for that?
_______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
