httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Felt <mamf...@gmail.com>
Subject Re: patches for the build/aix area - httpd-2.2.x
Date Thu, 05 Dec 2013 22:45:05 GMT
Why should it be daemon/daemon? Better than root/system - imho. Or
nobody/nobody. Those are default accounts, default accounts should never
really own anything.

By choosing an owner I can prepare a separate fileset to setup RBAC, get
the files into the trusted database (tsd).

There are advantages - but is Apache feels it is more secure to have them
owned by root/system and daemon/daemon running everything - I wont argue.
simple enough to undo.

Bu actually, I thought I read years ago that ASF did not really have a
position on who "owned" the files. If I am wrong on that, my apologies.
Ignore patch and I'll send a new one with the ownership removed.

regards,
Michael


On Thu, Dec 5, 2013 at 7:04 PM, Eric Covener <covener@gmail.com> wrote:

> The User/Group shouldn't own any of the files. Is there a particular
> failure this works around?
>
> On Thu, Dec 5, 2013 at 12:44 PM, Michael Felt <mamfelt@gmail.com> wrote:
> > Now includes:
> > the LICENSE in the packaging
> > also adds a dependency for the libc in use by the building system (to
> > prevent issues when trying to load a package on AIX 5.3 when it was
> packaged
> > on AIX 6.1 (or higher)
> > uses httpd/httpd as User/Group - and changed in httpd.conf before
> packaging
> > sets file owner/group to httpd:httpd at install (creates user/group in
> local
> > files
> > (i.e. not in LDAP) if needed.
> > rpm for libz is no longer needed
> >
> > "apr" and "apr-util" are external packages, rather than built in src -
> same
> > as httpd comes from svn.
> >
> > Happy "Sinterklas",
> >
> > Michael
> >
> > p.s. will redo the same for httpd-2.4.x asap
>
>
>
> --
> Eric Covener
> covener@gmail.com
>

Mime
View raw message