[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Installation Ideas





On Mon, Jul 16, 2012 at 10:50 PM, Jason Thomas <..hidden..> wrote:
Hi Chris,

You can sort the security issue by require the user to delete the install script after they complete the install. and making it so the application can't be accessed until this is done.

So perhaps a setuid script which also changes the perms and ensures the web server cannot write to itself?  I.e. something like:

system('tools/secure_installation.pl'); where secure_installation.pl is setuid to root?  that could tighten up file permissions, etc.  The installation script could also just refuse to run if the ledgersmb.conf is present.

Best Wishes,
Chris Travers