Return-Path: Delivered-To: apache-bugdb-archive@hyperreal.org Received: (qmail 27906 invoked by uid 6000); 1 Nov 1997 15:40:11 -0000 Received: (qmail 27854 invoked by uid 2001); 1 Nov 1997 15:40:00 -0000 Received: (qmail 27336 invoked by uid 2012); 1 Nov 1997 15:36:27 -0000 Message-Id: <19971101153627.27335.qmail@hyperreal.org> Date: 1 Nov 1997 15:36:27 -0000 From: Bob Ross Reply-To: bross@kingman.com To: apbugs@hyperreal.org X-Send-Pr-Version: 3.2 Subject: config/1347: Serving pages as root. Sender: apache-bugdb-owner@apache.org Precedence: bulk >Number: 1347 >Category: config >Synopsis: Serving pages as root. >Confidential: no >Severity: critical >Priority: medium >Responsible: apache >State: open >Class: support >Submitter-Id: apache >Arrival-Date: Sat Nov 1 07:40:00 PST 1997 >Last-Modified: >Originator: bross@kingman.com >Organization: apache >Release: 1.2.4 >Environment: Linux 2.0.28 Apache 1.2.4 just downloaded from your site. >Description: I have some protected pages that are used by sales person's to add new users on-line. The pages need to serve as root. The pages run a CGI to modify the passwd file and add the new customer, then send an email to me. I changed User to server, with group #0 and tried #-1 in the httpd.conf In the passwd file I created server:passwd:0:0:/root:/bin/bash tried different euid numbers etc.. but it will work everything else except the secured pages. I don't want to open a Security Hole but would like to get the new release to work. It does not give this error with the release I now have 1.2b7 Received that apache was not designed to serv pages as root. I tried different changes to the passwd config but then the server user does not have permission to access. Any help would be great. Thank you Bob Ross >How-To-Repeat: >Fix: >Audit-Trail: >Unformatted: