[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gfsd]Re: conf file for ht://Dig search engine in /etc
|
From: |
Mark H. Weaver |
|
Subject: |
[gfsd]Re: conf file for ht://Dig search engine in /etc |
|
Date: |
31 Jan 2001 13:01:06 -0500 |
|
User-agent: |
Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7 |
Soam Vasani <address@hidden> writes:
> I'm trying to setup the ht://Dig search engine for the free
> software directory. The htsearch cgi program will only look
> in /etc for the configuration file, and I can't put it there, so
> please make this symlink on gnudist
> /etc/htdig-gfsd.conf -> ~www/html/gnulist/htdig.conf
I'm reluctant to make this symlink. I really don't like the idea of
the config file being in the publically accessible web directory. I
don't know the details of ht://Dig, but configuration files in /etc
are often powerful enough to create a security hole if they can be
modified arbitrarily. Do you happen to know what userid ht://Dig runs
as?
For now, I've created an empty /etc/htdig-gfsd.conf and made you the
owner. If at some point it seems that the configuration will rarely
need to be changed, perhaps we'll change the owner to root. If
multiple people need to modify it on an ongoing basis (which I highly
doubt) we could make a group which has write access to it. Is that
acceptable?
Mark