httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <dgau...@arctic.org>
Subject Re: User Root Frontpage Fun
Date Sat, 12 Jul 1997 07:28:19 GMT
Tee hee.  Er, 1.2.1 won't allow "User root" either.

I seem to recall Cliff and I coming up with a solution for front page...
but I forget what it was because I forget what the heck front page wants
root for.

Dean

On Fri, 11 Jul 1997, Mark J Cox wrote:

> I was digging around trying to find some reasons why Frontpage is a bad
> idea and I came across this message sent to www-security about a year ago. 
> 
> I wonder how many web admins took the first option and added "User Root" 
> to their config files?  I guess we'll find out when 1.3 is released and
> it stops working :)
> 
> Mark
> 
> > Cc: www-security@ns2.rutgers.edu
> > Subject: Re: Security aspects of Microsoft FrontPage server extensions? 
> > Date: Thu, 08 Aug 1996 12:40:06 -0500
> ...
> >7. Here's a quote straight from the version 1.1 installation
> >instructions under the section "Restarting the Server":
> >
> >    2. The FrontPage Server Extensions run under the server as a CGI
> >    program.  In order for the FrontPage Server Extensions to send the
> >    restart signal to the HTTP server, the server's CGI programs must run
> >    under the same user account as the HTTP server itself.  Your choices
> >    are:
> >     
> >    - Run both HTTP server and CGI scripts as root.  In this case, the
> >      UserId (if CERN) or User (if NCSA or Apache) field in your httpd.conf
> >      file should be set to root, and you should launch the server as root.
> >      This scheme is not necessarily a good idea however; for maximum UNIX
> >      security, as few things as possible should run as root.  See "Security
> >      Issues" below for more details.
> >     
> >    - Run both HTTP server and CGI scripts as the FrontPage user.  In this
> >      case, the UserId and User fields are ignored.  This is the best
> >      scheme, but it will not work if your server runs on a protected port.
>      
> 
> 
> 
> 
> 


Mime
View raw message