This file is indexed.

/usr/share/doc/gosa/README.Debian is in gosa 2.7.4+reloaded3-3.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
GOsa 2.7 for debian
-------------------

* Configure GOsa

By default you can point your favorite browser to the GOsa setup by
using this URL:

http://you.server.address/gosa

Follow the instructions on the screen.


* Security related information

GOsa is running as the www-data user. This makes it possible for other
web applications (well, this is the rule for almost every web application
that stores information somewhere around) to read the gosa.conf file, which
may contain vital information about your LDAP service.

To make it harder to extract these passwords, they get encrypted by a
master password only readable by the GOsa location.

You can simply migrate old existing passwords by typing:

# a2enmod headers
# gosa-encrypt-passwords
# /etc/init.d/apache2 reload

If this is not enough for you (exploitable PHP code may make it possible to
read the webservers memory), you can simply create another webserver instance
running as a different user on different port for GOsa exclusively. Or use
apache2-mpm-itk and assign a different user to a virtual host.


* Generic information

Getting GOsa running itself is not very complicated. Problems normally
arise when integrating it in various services.

To play nice with your LDAP, you need to include the gosa schema files
into your LDAP configuration. For Debian, you should install the
gosa-schema package and take a look at the sample slapd.conf provided
in /usr/share/doc/gosa/contrib/openldap.

 -- Cajus Pollmeier <cajus@debian.org>  Mon, 07 Apr 2008 11:18:53 +0200