search

gpaterno / otpd

Automatically exported from code.google.com/p/otpd
GNU General Public License v2.0
0 stars 0 forks source link

otpd file permissions too restrictive? #10

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
I am using PHP/Apache and would like to be able to populate web pages using the 
information in otppasswd and otpstate/ and would also like to be able to allow 
the user to press buttons etc to execute server side scripts that will then 
manipulate those files.

However, attempting to use Apache (user apache) to read and or modify otppasswd 
file and otpstate directory files fails due to restrictive permissions that 
when relaxed cause otpd to fail (file_get: /etc/otppasswd: loose permissions).

In order to use file manipulation via a web front end, will it be necessary to 
modify otpd to allow slightly less restrictive permissions? Or what other 
mechanism for manipulation would you recommend?

Original issue reported on code.google.com by patrioti...@gmail.com on 13 Aug 2010 at 7:10

GoogleCodeExporter commented 9 years ago 
Make otppasswd owned by the PHP/Apache user.  I'd be wary of locking issues 
with otppasswd.  otpd does not implement any locking on otppasswd access so if 
you modify it in-place it could read corrupt/incorrect data.

Original comment by fr...@gmail.com on 14 Aug 2010 at 1:43