httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r..@covalent.net
Subject Re: [PATCH] security - run mod_cgid's daemon under same user as Apache
Date Wed, 07 Jun 2000 16:51:58 GMT

> > One concern I have is with the permissions of the log directory (which
> > is where the Unix socket lives).  With this patch, the configured user
> > must have write access to that directory because we've already
> > switched to that user before creating the socket.  On my setup, at
> > least, I had to change the permissions of the log directory, because
> > the files which were created there all along were created while Apache
> > was running with euid zero.

Why not create the socket as root and then switch euid/egid?  This would
seem to me to be the most secure way of doing this.

Ryan

_______________________________________________________________________________
Ryan Bloom                        	rbb@apache.org
406 29th St.
San Francisco, CA 94131
-------------------------------------------------------------------------------


Mime
View raw message