[debian-edu-commits] [Git][debian-edu/debian-edu-config][bullseye-security] 2 commits: README.public_html_with_PHP-CGI+suExec.md: Some fine-tuning of the wording.

Mike Gabriel (@sunweaver) gitlab at salsa.debian.org
Wed Jan 19 20:39:12 GMT 2022



Mike Gabriel pushed to branch bullseye-security at Debian Edu / debian-edu-config


Commits:
668538e0 by Mike Gabriel at 2022-01-19T21:36:13+01:00
README.public_html_with_PHP-CGI+suExec.md: Some fine-tuning of the wording.

- - - - -
77ceb4a3 by Mike Gabriel at 2022-01-19T21:38:55+01:00
debian/changelog: update from Git history

- - - - -


2 changed files:

- README.public_html_with_PHP-CGI+suExec.md
- debian/changelog


Changes:

=====================================
README.public_html_with_PHP-CGI+suExec.md
=====================================
@@ -27,8 +27,8 @@ performance wasting mode (libapach2-mod-phpX -> phpX-cgi).
 
 ## Test built-in PHP
 
-Here is a simply PHP script for testing proper interpretation and
-checking that the suExec'ing really works
+Here is a simple PHP script for testing PHP interpretation privileges and
+checking later on that the suExec'ing really works:
 
 ```
 <?php
@@ -58,7 +58,7 @@ set ``php_admin_flag engine on``.
 When opening the URL ``http://www.intern/~<user>/id.php`` it should show this simple web page:
 
 ```
-hello, this script runs as user 'www-data '
+hello, this script runs as user 'www-data'
 ```
 
 As enabling the built-in PHP engine (running as user www-data) is
@@ -135,3 +135,10 @@ drwx-----x 20 <user> <primgroup> 4096 19. Jan 20:35 ..
 -rwx------  1 <user> <primgroup>   90 19. Jan 20:35 id.php
 
 ```
+
+When opening the URL ``http://www.intern/~<user>/id.php`` now, it should
+show the owning user as account this script has been run under:
+
+```
+hello, this script runs as user '<user>'
+```


=====================================
debian/changelog
=====================================
@@ -1,3 +1,16 @@
+debian-edu-config (2.11.56+deb11u3) UNRELEASED; urgency=medium
+
+  * etc/apache2/mods-available/debian-edu-userdir.conf:
+    - White-space cleanup (tabs and spaces mixed).
+    - Disable built-in PHP engine.
+    - Add warning to not re-enable PHP interpretation in user dirs (with
+      reference to our README).
+  * README.public_html_with_PHP-CGI+suExec.md:
+    - Provide documentation on how to enable suExec support in https userdirs
+      (i.e. ~/public_html).
+
+ -- Mike Gabriel <sunweaver at debian.org>  Wed, 19 Jan 2022 21:38:17 +0100
+
 debian-edu-config (2.11.56+deb11u2) bullseye; urgency=medium
 
   [ Mike Gabriel ]



View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/compare/2ac9a24166d959b87d143ca179e3dac2473becfb...77ceb4a356177cea78392696cf3950965262c723

-- 
View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/compare/2ac9a24166d959b87d143ca179e3dac2473becfb...77ceb4a356177cea78392696cf3950965262c723
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-edu-commits/attachments/20220119/74fdd7bc/attachment-0001.htm>


More information about the debian-edu-commits mailing list