httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject RE: [STATUS] (apache-1.3) Thu Feb 17 07:45:04 EST 2000
Date Sun, 12 Nov 2000 03:17:22 GMT
We are considering that patch...

while it will not be implemented in 1.3.15 (the stable tree), I will
look at committing this for 2.0a8 next Monday or Tuesday.  As I noted
when you submitted it, it's a great idea, it's also useful to allow
the installer to choose between auto and manual startup.  We also have
to revisit dependencies, seeing as the dns resolver isn't starting
completely prior to booting (a number of users are reporting automatic
vhost identification problems at boot time.)

You can also expect an apache -k reconfig option to allow you to 
effectively 'reinstall' a service without the -k uninstall/-k install
sequence, and this will allow a user to quickly change the user or the
config file from the command line.

The only exception I took from your patch was the password arg... this
will not be added, since it would then be cached in the command history
(and this is a very bad thing, IMHO.)  We will be calling out to the
console window with a prompt to 'Enter password for user foo:' as you
install the service as user foo.

Again, thanks for the patch, look forward to it in the next 2.0 beta.

Bill

> -----Original Message-----
> From: Mike Gray [mailto:mikeg@avantgo.com]
> Sent: Thursday, February 17, 2000 10:54 AM
> To: Ken.Coar@Golux.Com
> Subject: Re: [STATUS] (apache-1.3) Thu Feb 17 07:45:04 EST 2000
> 
> 
> Please consider the patch I provided in PR5713 for future 
> consideration.  I didn't see it
> mentioned, but then again I didn't send it to the mailing 
> list - I only entered it into the
> problem report.
> 
> mikeg
> 
> Rodent of Unusual Size wrote:
> 
> > Open issues:
> > Win32 specific issues:
> >     * who should run the service?  Who exactly is the 
> "system account"?
> >
> >       docs say:
> >
> >       Localsystem is a very privileged account locally, so 
> you shouldn't run
> >       any shareware applications there. However, it has no 
> network privileges
> >       and cannot leave the machine via any NT-secured 
> mechanism, including
> >       file system, named pipes, DCOM, or secure RPC.
> >
> >       and:
> >
> >       A service that runs in the context of the LocalSystem account
> >       inherits the security context of the SCM. It is not 
> associated with
> >       any logged-on user account and does not have 
> credentials (domain
> >       name, user name, and password) to be used for 
> verification. This
> >       has several implications: [... removed ...]
> >
> >       That _really_ sucks.  Can we recommend running Apache as some
> >       other user?
> 
> 

Mime
View raw message