Proper test installation?
jake at bugzilla.org
Wed Dec 15 01:19:16 UTC 2004
David Miller wrote:
> Since the scripts to do it need to be setuid root for fairly obvious
> reasons (chowning files to an arbitrary user), all that stuff is
> hard-coded in the script for security, so the scripts need a little
> more love than just adding a line to a config file. :)
Actually, for this demo purpose the scripts could run as 'apache'. It's
not quite as secure for the individual install to have the files owned
by the webserver user, but it would be functional... and in my mind it
would be better than running a script from the web that is suid root.
The actual demo files can be owned by, fe, bugzilla:apache but the
clones for a specific user can be owned by apache:apache.
More information about the developers