Received: (from majordom@localhost) by hyperreal.org (8.8.5/8.8.5) id JAA07862; Fri, 25 Jul 1997 09:12:11 -0700 (PDT) Received: (from marc@localhost) by hyperreal.org (8.8.5/8.8.5) id JAA07614; Fri, 25 Jul 1997 09:11:52 -0700 (PDT) Date: Fri, 25 Jul 1997 09:11:52 -0700 (PDT) From: Marc Slemko Message-Id: <199707251611.JAA07614@hyperreal.org> To: apache-bugdb@apache.org, gander@netcomi.com, marc@apache.org Subject: Re: config/916: When using an NFS appliance (like Net Appl. Toaster) File Ownership issues before the switch to the final UID Sender: apache-bugdb-owner@apache.org Precedence: bulk Synopsis: When using an NFS appliance (like Net Appl. Toaster) File Ownership issues before the switch to the final UID State-Changed-From-To: open-closed State-Changed-By: marc State-Changed-When: Fri Jul 25 09:11:50 PDT 1997 State-Changed-Why: This is probably an issue with a "feature" in the way Linux does NFS writes. On any sane system, if you open a descriptor as root then change uids to another uid, you should still be able to write to the open descriptor. The log files are purposely created as the user that starts the server (ie. normally root) for security purposes; otherwise anyone who could run something as the user the server runs as could mess with them. Note that if the user the server runs as has write permissions to the logs directory (not just the files in it), then anyone who compromises that ID can get root easily. Also note that when logging via NFS you are not necessarily guaranteed that writes to files opened with O_APPEND will be atomic, so you may get intermingled entries. Something similar is reported in PR#452. Unfortunately, there is really nothing Apache can do.