This is part of The Pile, a partial archive of some open source mailing lists and newsgroups.
From: Drew Bertola <drew@drewb.com> Date: Mon, 20 Nov 2000 02:27:40 +0000 () To: svlug@svlug.org Subject: [svlug] user nobody and gpg... I would like to set up my webserver to mail encrypted data to me. Because the server could be compromised, it is essential that the encryption scheme use a public / private pair, with the public key only stored on the webserver. I have always set up the server to run apache as user "nobody" with no home_dir or shell. Apache is running with mod_php, so that also runs as "nobody". Using php, I can grab the information, but how do I get it to gpg encrypt it before mailing it out? I.E. Where do I put the public key if there's no home_dir for "nobody"? -- Drew Bertola | Send a text message to my pager or cell ... | http://jpager.com/Drew === From: kmself@ix.netcom.com Date: Sun, 19 Nov 2000 18:57:19 -0800 To: svlug@svlug.org Subject: Re: [svlug] user nobody and gpg... --tqI+Z3u+9OQ7kwn0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable on Mon, Nov 20, 2000 at 02:27:40AM +0000, Drew Bertola (drew@drewb.com) wro= te: > I would like to set up my webserver to mail encrypted data to me. > Because the server could be compromised, it is essential that the > encryption scheme use a public / private pair, with the public key > only stored on the webserver. >=20 > I have always set up the server to run apache as user "nobody" with no > home_dir or shell. Apache is running with mod_php, so that also runs > as "nobody". Using php, I can grab the information, but how do I get > it to gpg encrypt it before mailing it out? I.E. Where do I put the > public key if there's no home_dir for "nobody"? $ man gpg | less /--homedir --=20 Karsten M. Self <kmself@ix.netcom.com> http://www.netcom.com/~kmself Evangelist, Zelerate, Inc. http://www.zelerate.org What part of "Gestalt" don't you understand? There is no K5 cabal http://gestalt-system.sourceforge.net/ http://www.kuro5hin.org --tqI+Z3u+9OQ7kwn0 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.2 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6GJMPOEeIn1XyubARAnjaAJ9Z6uyLvGk46jHAeIjUv0+UYeMDHwCfcKNl 210pjvBCC4OGZSULJd32H2Y= =gs/W -----END PGP SIGNATURE----- --tqI+Z3u+9OQ7kwn0-- === Date: Sun, 19 Nov 2000 19:26:05 -0800 From: Aaron Lehmann <aaronl@vitelus.com> To: Drew Bertola <drew@drewb.com> Cc: svlug@svlug.org Subject: Re: [svlug] user nobody and gpg... --DocE+STaALJfprDB Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Mon, Nov 20, 2000 at 02:27:40AM +0000, Drew Bertola wrote: > I have always set up the server to run apache as user "nobody" with no > home_dir or shell. Apache is running with mod_php, so that also runs > as "nobody". Using php, I can grab the information, but how do I get > it to gpg encrypt it before mailing it out? I.E. Where do I put the > public key if there's no home_dir for "nobody"? If you want a place to store persistant data, you probably want a home directory. Creating a home directory for "nobody" would be a simple solution, but it would be much cleaner to make a seperate user for the web server. Debian has a www-data user for this purpose. Of course, if gpg does not require a home directory you could simply make a directory in /var or /home containing the key and chown -R it to nobody.... --DocE+STaALJfprDB Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6GJnNdtqQf66JWJkRAp/kAJ0TctWJwSeMRn+3NSXBSs6HvZ+YGQCfX7Ts QFnBlI/otkeEgZ9bMHbG8KQ= =bvcr -----END PGP SIGNATURE----- --DocE+STaALJfprDB-- === Date: Mon, 20 Nov 2000 00:28:33 -0500 From: Bill Jonas <bill@billjonas.com> To: svlug@svlug.org Subject: Re: [svlug] user nobody and gpg... On Sun, Nov 19, 2000 at 07:26:05PM -0800, Aaron Lehmann wrote: > Of course, if gpg does not require a home directory you could simply > make a directory in /var or /home containing the key and chown -R it to > nobody.... Correct me if I'm wrong, but isn't the entire point of nobody is that that user owns no files? ===