This is part of The Pile, a partial archive of some open source mailing lists and newsgroups.
From: Drew Bertola <drew@drewb.com>
Date: Mon, 20 Nov 2000 02:27:40 +0000 ()
To: svlug@svlug.org
Subject: [svlug] user nobody and gpg...
I would like to set up my webserver to mail encrypted data to me.
Because the server could be compromised, it is essential that the
encryption scheme use a public / private pair, with the public key
only stored on the webserver.
I have always set up the server to run apache as user "nobody" with no
home_dir or shell. Apache is running with mod_php, so that also runs
as "nobody". Using php, I can grab the information, but how do I get
it to gpg encrypt it before mailing it out? I.E. Where do I put the
public key if there's no home_dir for "nobody"?
--
Drew Bertola | Send a text message to my pager or cell ...
| http://jpager.com/Drew
===
From: kmself@ix.netcom.com
Date: Sun, 19 Nov 2000 18:57:19 -0800
To: svlug@svlug.org
Subject: Re: [svlug] user nobody and gpg...
--tqI+Z3u+9OQ7kwn0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
on Mon, Nov 20, 2000 at 02:27:40AM +0000, Drew Bertola (drew@drewb.com) wro=
te:
> I would like to set up my webserver to mail encrypted data to me.
> Because the server could be compromised, it is essential that the
> encryption scheme use a public / private pair, with the public key
> only stored on the webserver.
>=20
> I have always set up the server to run apache as user "nobody" with no
> home_dir or shell. Apache is running with mod_php, so that also runs
> as "nobody". Using php, I can grab the information, but how do I get
> it to gpg encrypt it before mailing it out? I.E. Where do I put the
> public key if there's no home_dir for "nobody"?
$ man gpg | less
/--homedir
--=20
Karsten M. Self <kmself@ix.netcom.com> http://www.netcom.com/~kmself
Evangelist, Zelerate, Inc. http://www.zelerate.org
What part of "Gestalt" don't you understand? There is no K5 cabal
http://gestalt-system.sourceforge.net/ http://www.kuro5hin.org
--tqI+Z3u+9OQ7kwn0
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.2 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE6GJMPOEeIn1XyubARAnjaAJ9Z6uyLvGk46jHAeIjUv0+UYeMDHwCfcKNl
210pjvBCC4OGZSULJd32H2Y=
=gs/W
-----END PGP SIGNATURE-----
--tqI+Z3u+9OQ7kwn0--
===
Date: Sun, 19 Nov 2000 19:26:05 -0800
From: Aaron Lehmann <aaronl@vitelus.com>
To: Drew Bertola <drew@drewb.com>
Cc: svlug@svlug.org
Subject: Re: [svlug] user nobody and gpg...
--DocE+STaALJfprDB
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
On Mon, Nov 20, 2000 at 02:27:40AM +0000, Drew Bertola wrote:
> I have always set up the server to run apache as user "nobody" with no
> home_dir or shell. Apache is running with mod_php, so that also runs
> as "nobody". Using php, I can grab the information, but how do I get
> it to gpg encrypt it before mailing it out? I.E. Where do I put the
> public key if there's no home_dir for "nobody"?
If you want a place to store persistant data, you probably want a home
directory. Creating a home directory for "nobody" would be a simple
solution, but it would be much cleaner to make a seperate user for the
web server. Debian has a www-data user for this purpose.
Of course, if gpg does not require a home directory you could simply
make a directory in /var or /home containing the key and chown -R it to
nobody....
--DocE+STaALJfprDB
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE6GJnNdtqQf66JWJkRAp/kAJ0TctWJwSeMRn+3NSXBSs6HvZ+YGQCfX7Ts
QFnBlI/otkeEgZ9bMHbG8KQ=
=bvcr
-----END PGP SIGNATURE-----
--DocE+STaALJfprDB--
===
Date: Mon, 20 Nov 2000 00:28:33 -0500
From: Bill Jonas <bill@billjonas.com>
To: svlug@svlug.org
Subject: Re: [svlug] user nobody and gpg...
On Sun, Nov 19, 2000 at 07:26:05PM -0800, Aaron Lehmann wrote:
> Of course, if gpg does not require a home directory you could simply
> make a directory in /var or /home containing the key and chown -R it to
> nobody....
Correct me if I'm wrong, but isn't the entire point of nobody is that that
user owns no files?
===