Re: apache + .htpasswd - bypass pwd check

[Sten <sten () blinkenlights nl>]

On Fri, 26 Apr 2002, Jedi/Sector One wrote:

> On Fri, Apr 26, 2002 at 02:07:05PM -0700, RSnake wrote:
> >     cd ~john
> >     I don't have to know where it is.
>
>   Unless your users have shell access, there's no reason to have anything
> but a 'nobody' account in your /etc/passwd & co files.
>
>   If you need entries for suexec to work, have fake ones, with no password,
> no shell and /dev/null as a home directory. The only thing Apache+suexec
> needs is to map uids to some user name.

or use this patch :
www.localhost.nl/patches/apache-nouidresolving

which enables 'User "#1000"' in the httpd.conf,
always nicer to have uids only where you want them.
You do need a seperate ftp/shell box for ppl to upload
though ( or uid tricks for those ) , but shouldn't be
a problem for mass vhosting providers.

-- 
Sten Spans

  "What does one do with ones money,
   when there is no more empty rackspace ?"