SocketPerms
Specify the Interchange UNIX-domain socket file permission mode.
Synopsis
This directive expects a positive octal integer parameter.
The default is "0600".
Scope
This directive is only available for use in the global
(interchange.cfg) configuration file,
and will affect all websites running under the Interchange installation.
It will not work in a website's local (catalog.cfg)
configuration file.
Description
The permissions that should be set on the UNIX-domain socket
used in communication with the Apache/Interchange "link programs".
The default is 0600, which only grants access to the socket to programs
running with the same user ID as the Interchange daemon.
The 0666 permission would grant everyone on the server access to the
Apache/Interchange "link program" UNIX-domain socket.
|
Warning
Some people might consider 0666 to be insecure.
0666 would allow anyone on the server access to the socket,
but that shouldn't allow the user to request that Interchange does anything
in an insecure fashion.
The directory that contains the SocketFile should be
set up to only allow the Interchange user the ability to delete the file.
The only insecurity I can think of is the possibility of a local "denial of
service" attack, where the local socket could get flooded with requests
from a user with a server login account.
|
See also
