Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 23 Oct 1997 20:38:10 -0600 (MDT)
From:      Marc Slemko <marcs@znep.com>
To:        Bernie Doehner <bad@uhf.wireless.net>
Cc:        "Scot W. Hetzel" <hetzels@aol.com>, FreeBSD Ports <ports@FreeBSD.ORG>
Subject:   Re: Apache w/FrontPage Module Port
Message-ID:  <Pine.BSF.3.95.971023203532.11617G-100000@alive.znep.com>
In-Reply-To: <Pine.BSF.3.96.971023170822.1535A-100000@uhf.wireless.net>

next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 23 Oct 1997, Bernie Doehner wrote:

> Since Jordan is probably listening and he doesn't like crossposting to
> multiple mailing lists, I removed the isp mailing list from the Cc: line..
> 
> What user is your apache running as? /usr/local/etc/apache  and httpd.conf
> should be of the ownership the apache server runs as. Check your apache
> config files.

Please do not give completely incorrect advice.

Those directories should NEVER EVER EVER (unless you are an uber-guru and
know what you are doing and what the risks are and how to avoid them) be
owned by the user Apache runs as. Neither should the Apache binary. 
Neither should the directory logs are in.  If you do not heed these
warnings, you loose all guru points and risk a root compromise. 

Again, these files should not be writable or owned by the user Apache runs
as.  Nothing should, with the possible exception of data files that some
CGIs want to manipulate.

The frontpage extensions have wanted many things to be true with your
Apache setup; if this is one of them, then don't be silly enough to listen
to Microsoft.




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.971023203532.11617G-100000>