Shell script containing passwords.
peter at circlesquared.com
Tue Feb 10 07:55:38 PST 2004
Lewis Thompson wrote:
>I'm trying to write a script to use with the Apache auth plugin
>mod_auth_any. I have the whole setup working, bar the script that does
> I am worried that because the script must be read/writeable by the
>Apache user (www) that anybody that can write a PHP script on my machine
>can read the auth script and read the passwords that would be contained
>within -- those to my MySQL server.
All you can do really is store the passwords themselves in an include
file that you put in the most secure place possible, preferably not in
webspace. But I imagine you have this covered.
> Is there any way I can have a script that is not readable by a user,
>while still allowing that user to execute it? Maybe through using a
>wrapper of some sort? I do not have UFS2 so I cannot use ACLs.
Not that I know of, but have you considered compiling apache with
suexec? Assuming your other users have seperate logins, this might work.
You can have apache execute scripts as the appropriate user, not www.
That way, a 700 permission should prevent other users from reading your
More information about the freebsd-questions