[Koha-devel] [Bug 49] Z39.50 module makes too many connections to the dat...
COURYHOUSE at aol.com
COURYHOUSE at aol.com
Sun Jun 30 22:53:02 CEST 2002
"Running as root just to bypass a
file security problem is a bad idea in my opinion."
yes a totally evil idea!
ed sharpe!
> Subj:[Koha-devel] [Bug 49] Z39.50 module makes too many connections to the
> database
> Date:6/30/2002 10:46:29 PM US Mountain Standard Time
> From:<A HREF="mailto:bugzilla-daemon at wilbur.katipo.co.nz">bugzilla-daemon at wilbur.katipo.co.nz</A>
> To:<A HREF="mailto:koha-devel at lists.sourceforge.net">koha-devel at lists.sourceforge.net</A>
> Sent from the Internet
>
>
>
> http://bugs.koha.org/cgi-bin/bugzilla/show_bug.cgi?id=49
>
>
>
>
>
> ------- Additional Comments From am12 at bolis.com 2002-07-01 17:45 -------
> It seems to me that running as root then changing user ID's has potential
> for
> creating unnecessary bugs or security holes. Running as root just to
> bypass a
> file security problem is a bad idea in my opinion. The script doesn't even
> need
> to write to /var/run. It only needs access to /var/run/koha, which can be
> owned
> by apache.
>
> I don't know the various tradeoffs, but potentially the script could be run
> as
> something other than root or apache, such as daemon.
>
> And just to reiterate, the whole issue of /var/log or /var/run is
> Linux-specific, and doesn't apply directly to other Unix flavors. Leave
> the
> OS-specific items, including file ownership issues, in the shell scripts.
>
> The processz3950queue script itself should be as simple as possible.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/koha-devel/attachments/20020630/f2e1e205/attachment-0002.htm>
More information about the Koha-devel
mailing list