httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Reindl Harald <h.rei...@thelounge.net>
Subject Re: Linux: CAP_DAC_OVERRIDE needed - why?
Date Mon, 22 Jul 2013 18:08:08 GMT


Am 22.07.2013 17:01, schrieb William A. Rowe Jr.:
> On Sun, 21 Jul 2013 00:15:45 +0200
> Reindl Harald <h.reindl@thelounge.net> wrote:
>>
>> but why does httpd need CAP_DAC_OVERRIDE while starting initially as
>> root?
>>
>> CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_BIND_SERVICE CAP_SETGID
>> CAP_SETUID Jul 21 00:04:01 srv-rhsoft httpd[8813]: AH00112: Warning:
>> DocumentRoot [/mnt/data/www/www] does not exist Jul 21 00:04:01
>> srv-rhsoft httpd[8813]: AH00112: Warning: DocumentRoot
>> [/mnt/data/www/private] does not exist
> 
> Could one of the parents /mnt .../data .../www offer no other-traverse
> (x) access? If so, these need to be both root and switch-to-user
> traversable and perhaps readable

*bingo*

not that way - some had 770 while owner/group apache:apache
so at least questionable why the warning happens anyways
but after change to 775 it is gone




Mime
View raw message