Return-Path: Delivered-To: apmail-httpd-docs-archive@httpd.apache.org Received: (qmail 47253 invoked by uid 500); 23 Sep 2002 07:25:34 -0000 Mailing-List: contact docs-help@httpd.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: list-post: Reply-To: docs@httpd.apache.org Delivered-To: mailing list docs@httpd.apache.org Received: (qmail 47136 invoked from network); 23 Sep 2002 07:25:32 -0000 Content-Type: text/plain; charset="iso-8859-1" From: Thomas =?iso-8859-1?q?Sj=F6gren?= Reply-To: thomas@northernsecurity.net To: docs@httpd.apache.org Subject: Re: Security Date: Mon, 23 Sep 2002 09:08:34 -0700 User-Agent: KMail/1.4.2 References: <3D8DE9C6.3020206@slive.ca> In-Reply-To: <3D8DE9C6.3020206@slive.ca> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-Id: <200209230908.34693.thomas@northernsecurity.net> X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N On Sunday 22 September 2002 09:03, Joshua Slive wrote: > Your permissions keep ordinary users entirely out of the Apache > directories. =20 <--- snip ---> > Now, it could be argued that under some circumstances, an > adminstrator would not want ordinary users to do those things.=20 Correct, but this could be fixed by creating a user only for apache=20 (user apache, group apache) that has the permissions to running=20 log-analysis programs and reading the error log among other things. This would eliminate the use of root/administrator. /Thomas --=20 thomas@northernsecurity.net | www.northernsecurity.net thomas@se.linux.org | www.se.linux.org --------------------------------------------------------------------- To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org For additional commands, e-mail: docs-help@httpd.apache.org