gfsd-hackers
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[gfsd]Re: conf file for ht://Dig search engine in /etc


From: Mark H. Weaver
Subject: [gfsd]Re: conf file for ht://Dig search engine in /etc
Date: 31 Jan 2001 13:01:06 -0500
User-agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7

Soam Vasani <address@hidden> writes:

> I'm trying to setup the ht://Dig search engine for the free
> software directory.  The htsearch cgi program will only look
> in /etc for the configuration file, and I can't put it there, so
> please make this symlink on gnudist
> /etc/htdig-gfsd.conf -> ~www/html/gnulist/htdig.conf 

I'm reluctant to make this symlink.  I really don't like the idea of
the config file being in the publically accessible web directory.  I
don't know the details of ht://Dig, but configuration files in /etc
are often powerful enough to create a security hole if they can be
modified arbitrarily.  Do you happen to know what userid ht://Dig runs
as?

For now, I've created an empty /etc/htdig-gfsd.conf and made you the
owner.  If at some point it seems that the configuration will rarely
need to be changed, perhaps we'll change the owner to root.  If
multiple people need to modify it on an ongoing basis (which I highly
doubt) we could make a group which has write access to it.  Is that
acceptable?

        Mark



reply via email to

[Prev in Thread] Current Thread [Next in Thread]