httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jos...@slive.ca>
Subject RE: [users@httpd] access_logs not writing!
Date Wed, 24 Mar 2004 20:11:25 GMT

On Wed, 24 Mar 2004, Aaron Wolski wrote:

> > The problem is not the ownership of the file.  The problem is that the
> > process writing to the file has root permissions, which can be taken
> over
> > if you control the file.  So simply changing the ownership won't help.
>
> Alright. I hear what you are saying.
>
> The question is.. how do I NOT make it so that the process writing the
> file has root permissions?

I don't think it can be done.  As I said, I suggest dealing with it by
giving up permissions on the file as part of your log rotation process.

> Do you have a link or reference text I can go to other than what you
> posted earlier?

Sorry, no.  And I'm really not an expert on unix security myself.  But not
allowing non-root users to control a file being written to by root is a
pretty standard unix security restriction, I believe.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message