diff options
author | cvs2git <cvs2git> | 2008-03-16 19:58:34 +0000 |
---|---|---|
committer | cvs2git <cvs2git> | 2008-03-16 19:58:34 +0000 |
commit | eb061f5119325e666f0dff40d4089e5c1df58e17 (patch) | |
tree | d55e8fef5aca62eb13bbc8ad20dbdf941c3bd266 /rt/docs/Security | |
parent | 3a17b276638200475d54201fa62566b7440e819a (diff) |
This commit was manufactured by cvs2svn to create tag 'TRIXBOX_2_6'.TRIXBOX_2_6
Diffstat (limited to 'rt/docs/Security')
-rw-r--r-- | rt/docs/Security | 25 |
1 files changed, 0 insertions, 25 deletions
diff --git a/rt/docs/Security b/rt/docs/Security deleted file mode 100644 index c9787ac..0000000 --- a/rt/docs/Security +++ /dev/null @@ -1,25 +0,0 @@ -RT2 runs setgid to some group (it defaults to 'rt'). - -rt's configuration file, 'config.pm', is not world readable because it -contains rt's database password. If a user gets access to this file, he -can arbitrarily manipulate the RT database. This is bad. You don't want -this to happen. config.pm is mode 550. No users should be members of -the 'rt' group unless you want them to be able to obtain your rt password. - -If you're running the web interface, you'll need to make sure your webserver -has access to config.pm. You could do this by letting your webserver's user -be a member of the 'rt' group. This has the disadvantage of letting -any mod_perl code on your web server have access to your RT password. - -Alternatively, you can run RT2 on its own apache instance bound to a high -port on 127.0.0.1 -which runs as a non-priviledged user which is a member of the group 'rt'. - -Configure your webserver to proxy requests to RT's -virtual directory to the apache instance you just set up. - -TODO: doc the apache configs needed to do this. - -The same technique can be used to run multiple RT2 instances on the same host. - - |