httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew <and...@aaaaaaaa.demon.co.uk>
Subject Re: 09_log_setgrpprivs
Date Sat, 16 Sep 1995 13:52:12 GMT
> 
> And I also notice that 09_log_setgrpprivs will have the side effect of
> changing the group of the log files. Is this a good idea? I suspect it is,
> in that what you'll get is the group of the user who ran Apache, instead of
> the "safe" group.

09_log_setgrpprivs merely allows the standalone_main() function to do
what inetd's been doing all along, that is, open the logfiles (which
might be owned by root) and then down into a safer mode for day-to-day
operation.  It's an interesting observation that file ownership is
therefore slightly different (before this patch) depending on wheather
you run inetd or standalone.  This 'correction' might end up tickling
any long-standing log-rotation scripts that people might have running,
though I don't consider such a side-effect to be sufficient reason
for vetoing such a useful corrective measure. ;)

Incidentally the way to test this patch is to mess with your httpd.conf file:

	User unonexistent
	Group gnonexistent

and then start up a server.  Prior to this patch (0.8.13) Apache would
fail silently when invoked as:

	% ./httpd

or whatever.  It would *look* like it was happy, but would have tried
to complain that unonexistent:gnonexistent didn't exist.  The complaint
is raised in setgrpprivs() [sic] itself which was being called before
there were any open logfiles to write to.  So the message was going to
/dev/hell.

With the patch applied the server will still fail, but now your error_log
contains a useful clue about what happened.

> Ben Laurie                  Phone: +44 (181) 994 6435

Ay.


Mime
View raw message