Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Oden Eriksson (oden.erikssonkvikkjokk.net)
Date: Sun Dec 02 2001 - 10:53:08 CST
On Sundayen den 2 December 2001 17.24, Randy Kramer wrote:
> Vincent Danen wrote:
> > On Sat Dec 01, 2001 at 11:20:55PM +0200, Tzafrir Cohen wrote:
> > > Actually, the whole /var/www tree (including the wwwroot) is writable
> > > by apache.
> > >
> > > Is this a problem on my system? Or is this on purpose (and what might
> > > be the logic behind such decision?)
> > Ummm... good question. Since I didn't really design the apache
> > package, I'm not sure of the reasoning behind this. I suppose it
> > would make sense to have everything owned by root and readable by all,
> > but I think the rational is to have it owned by apache because it's
> > apache's "stuff".
> AIUI (I'm still a newbie), it's a security issue. The idea is to run
> Apache as a user other than root and other than any other "real" user so
> that any exploit through Apache can only damage things owned by the
> Apache user ("apache" in this case, "nobody" on many systems, something
> like "www-<something>" on some others).
Yes, but to my knowledge it isn't even chrooted yet, I wonder why not?
-- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | Oden Eriksson, Deserve-IT Networks, Jokkmokk, Sweden. | Mandrake Linux release 8.2 (Cooker) for i586 | Current uptime with kernel 2.4.13-12mdksmp: 2 days 51 minutes | cpu0 814.28 bm, fan 4411 rpm, temp +31°C | cpu1 815.92 bm, fan 4218 rpm, temp +31.0°C