httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jos...@slive.ca>
Subject RE: [users@httpd] Virtual hosting user problem
Date Thu, 15 Apr 2004 23:38:34 GMT

On Thu, 15 Apr 2004, Gary Smith wrote:

> The logs for the base web server are secured but each of the users logs
> are dropped in a directory under /home/client/website/logs.  This way
> then can read them as much as they want.  The logs are still owned by
> root.root but it allows me to let the client do as they will with the
> data.  It makes sense that the service wouldn't start because of a log
> issue.  I remember a problem that I had when I deleted the /var/logs/www
> directory in dev some time ago.

Logs in a non-root writable directory is a *bad* idea, as the security
docs say.  Any user who controls such a directory can likely take over
root.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message