Kaare Rasmussen wrote:
Temporarily set permissions at restart: interchange -r SocketPerms=666This is more unsecure than should be necessary. I'd like it to be only the specific user and group that are allowed access to the socket.
In interchange.cfg: SocketPerms 0660 Create a specific group for your web server / httpd (for example, 'wwwsrv').Place the Interchange socket in a directory with group ownership = httpd group.
(In Linux, chown interch.wwwsrv directoryname)
Set the group ID bit on the directory.
(In Linux, chmod 2770 directoryname (Solaris requires chmod g+s
directoryname))
Now, whenever Interchange is started, it will create a socket owned by your Interchange user, but with a group ownership that httpd can read/write: srw-rw---- 1 interch wwwsrv 0 Sep 24 01:04 socket If your httpd group is exclusive enough, that should solve your problem. I would not allow the httpd user and/or group to read other Interchange files, though. John Young _______________________________________________ interchange-users mailing list suppressed http://www.icdevgroup.org/mailman/listinfo/interchange-users
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.