[PLUG]apache 1.3.12

Top Page
This message is part of the following thread:
M+\the complete thread tree sorted by date
MMMgnomeboy at <-
MMgnomeboy at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Eric Richardson
Date:  
Subject: [PLUG]apache 1.3.12
slr wrote:
>
> no apache is run as root. and for some reason the user for logrotate is
> trying to access the root profile, and this may be happening because root
> starts apache.

If this is true, then it is really bad to run httpd as root. This gives
a CGI full access to the system.

On Debian in my /etc/apache/httpd.conf

# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.

# User/Group: The name (or #number) of the user/group to run httpd as.
# On SCO (ODT 3) use User nouser and Group nogroup
# On HPUX you may not be able to use shared memory as nobody, and the
# suggested workaround is to create a user www and use that user.

User www-data
Group www-data

Hope this helps,
Eric

This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-dial up helpinternet terrorism (A preview of whats to come if windows XP makes it to the home market)->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)