httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Jagielski <>
Subject Re: opening of log files and following links
Date Thu, 30 Jan 1997 00:30:47 GMT
Marc Slemko wrote:
> It is a safer solution, and I thought about it, but I think you
> will find that things are done the current way on purpose.  It
> allows:

The trick is that the logfiles should be written to a place that
_only_ root has write access to. Even the Apache user should not
have that permission.

I'm surprised this never popped up before... if misconfigured, it
does allow for some major damage.

      Jim Jagielski            |       jaguNET Access Services           |
                  "Not the Craw... the CRAW!"

View raw message