www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bob Ross <br...@kingman.com>
Subject config/1347: Serving pages as root.
Date Sat, 01 Nov 1997 15:36:27 GMT

>Number:         1347
>Category:       config
>Synopsis:       Serving pages as root.
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          support
>Submitter-Id:   apache
>Arrival-Date:   Sat Nov  1 07:40:00 PST 1997
>Originator:     bross@kingman.com
>Release:        1.2.4
Linux 2.0.28

Apache 1.2.4 just downloaded from your site.
I have some protected pages that are used by sales person's to add new users on-line. The
pages need to serve as root.

The pages run a CGI to modify the passwd file and add the new customer, then send an email
to me.

I changed User to server, with group #0 and tried #-1 in the httpd.conf

In the passwd file I created server:passwd:0:0:/root:/bin/bash

tried different euid numbers etc.. but it will work everything else except the  secured pages.
I don't want to open a Security Hole but would like to get the new release to work. It does
not give this error with the release I now have 1.2b7

Received that apache was not designed to serv pages as root. I tried different changes to
the passwd config but then the server user does not have permission to access.

Any help would be great.

Thank you
Bob Ross



View raw message