Date: Mon, 16 Apr 2001 20:17:08 +0400 From: "Andrey A. Chernov" <ache@nagual.pp.ru> To: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net> Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: ports/www/mnoGoSearch-current Makefile Message-ID: <20010416201707.B2726@nagual.pp.ru> In-Reply-To: <200104161606.JAA52818@gndrsh.dnsmgr.net>; from freebsd@gndrsh.dnsmgr.net on Mon, Apr 16, 2001 at 09:06:23AM -0700 References: <20010416195744.A2726@nagual.pp.ru> <200104161606.JAA52818@gndrsh.dnsmgr.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Apr 16, 2001 at 09:06:23 -0700, Rodney W. Grimes wrote: > The whole reason of running apache as nobody.nogroup is so that it can > not access a file of any type unless it is world accessable. The mistake Many others will disagree with you. Consider f.e. guestbook which needs _write_ access from Apache-running CGIs. I.e. "can not access any file which is not belongs to processing using Apache or its CGIs". > Does apache need write access to this hierarchy? If not a simple Yes, of course. Not Apache, but its CGI's, i.e. search engine which is the port (running as nobody.nogroup too, because CGI). > Also it seems as if -YOU- are the maintainer of apache, so please can > you go fix it's abuse of nobody:nogroup. (Hint: running as nobody:nogroup > is _NOT_ the bug.) It breaks setups for too many peoples, so require testing in many variants and setups I don't have access to, nearly all write access CGIs will be broken, so at least all such ports needs be fixed by someone who will introduce this change. BTW, I am open to review patches from such hero. -- Andrey A. Chernov http://ache.pp.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010416201707.B2726>