httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruslan Sivak <>
Subject Re: [users@httpd] Apache 2.2.6 weird security issue
Date Tue, 06 Nov 2007 18:50:22 GMT
William A. Rowe, Jr. wrote:
> Ruslan Sivak wrote:
>> I just upgraded from Apache 2.2.0 to 2.2.6 using the binaries from 
>>  After I put in the new binaries (keeping my 
>> config), it refused to start up due to a security failure (no futher 
>> information was in the logs).  After running Process Monitor, it 
>> looks like it was failing at the following place:
>> Desired Access:    Read Data/List Directory, Execute/Traverse, Read 
>> Desired Access:    Execute/Traverse, Synchronize
>> Apache runs under the limited user "apache" and has read only access 
>> to the bin directory.  Why is it trying to CreateFile there?  (after 
>> giving it full access to that directory, things now work, but I would 
>> prefer to not give it access it doesn't need).
> Ignore "CreateFile, that means different things.  Apache needs to be able
> to /see/ it's own files, and your permissions don't allow it.  It 
> needs to
> load .dll's - so it needs execute access to the contents of bin/ and 
> /modules
> and traverse/read directory access throughout the filesystem to the 
> program
> and to the files that you will serve.
> E.g. your parent directory can't be traverse/no read, because if it can't
> see the attributes or files, it can't decide if you had really intended
> to serve Progra~1/... or Program Files/...
Actually ignore this post.  What had happened was that I had the proper 
permissions on the folder, but when I dragged the files over from the 
rar archive, I guess it extracted them to the temp folder, and then 
moved them to the current folder, which didn't set the proper 
permissions.  Once I told it to reapply the permissions, setting just 
read/execute on that folder for that user worked.


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message