httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Richards <>
Subject Re: Number of Virtual Servers
Date Fri, 22 Dec 1995 10:28:27 GMT
In reply to Robert S. Thau who said
>   Given that any server that would run into these problems has to be admined
>   by someone with a clue, we could get around this by suggesting the server
>   run in a group that has write access to the logs.
> ... thus, in effect, giving the server (and, implicitly, potential rogue
> CGI scripts) permission to open the logs as well.  (This is why permission
> to open the log files is an issue).

On a separate thread, I've had a number of cases where a single owner
for all these admin tasks is a problem, specifically, if you have cgi scripts
that need to touch the access files because they manage subscriber information
and so forth.

It would be an interesting project to have the server change uid's depending
on what it needs to do, e.g. check access permissions, run cgi scripts, write
to the logs and so forth.

To avoid a performance hit, maybe a separate process for writing logs could
be forked with one uid and another to check access etc and have them
communicate using IPC.

Just some fodder for discussion.

  Paul Richards. Originative Solutions Ltd.
  Phone: 0370 462071 (Mobile), +44 1225 447500 (work)

View raw message