httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From (Rodent of Unusual Size)
Subject Re: opening of log files and following links
Date Wed, 01 Jan 1997 00:50:39 GMT
>From the fingers of Jim Jagielski flowed the following:
>The trick is that the logfiles should be written to a place that
>_only_ root has write access to. Even the Apache user should not
>have that permission.

     I strongly disagree.  That means you can only run Apache if you
     have root authority on your system.  It should be perfectly
     possible and reasonable to run Apache as a normal user, on a
     non-privileged port (e.g., Port > 1024).  [I haven't tried this,
     but I assume it can be done.  It *should* bo doable if it isn't.]
     Not everyone has their own UNIX system (poor sods.. ;-).

>I'm surprised this never popped up before... if misconfigured, it
>does allow for some major damage.

    True, but "give 'em rope" is a very good maxim to my mind.  Document
    the dickens out of security issues, but don't Big Brother your
    customers - that assumes you *know* how they *all* do things, which I
    submit is unlikely. ;->

    #ken    :-)}

View raw message