From owner-freebsd-ports  Thu Oct 23 19:35:25 1997
Return-Path: <owner-freebsd-ports>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id TAA14760
          for ports-outgoing; Thu, 23 Oct 1997 19:35:25 -0700 (PDT)
          (envelope-from owner-freebsd-ports)
Received: from scanner.worldgate.com (scanner.worldgate.com [198.161.84.3])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id TAA14749
          for <ports@FreeBSD.ORG>; Thu, 23 Oct 1997 19:35:15 -0700 (PDT)
          (envelope-from marcs@znep.com)
Received: from znep.com (uucp@localhost)
	by scanner.worldgate.com (8.8.7/8.8.7) with UUCP id UAA09255;
	Thu, 23 Oct 1997 20:33:30 -0600 (MDT)
Received: from localhost (marcs@localhost) by alive.znep.com (8.7.5/8.7.3) with SMTP id UAA13989; Thu, 23 Oct 1997 20:38:10 -0600 (MDT)
Date: Thu, 23 Oct 1997 20:38:10 -0600 (MDT)
From: Marc Slemko <marcs@znep.com>
To: Bernie Doehner <bad@uhf.wireless.net>
cc: "Scot W. Hetzel" <hetzels@aol.com>, FreeBSD Ports <ports@FreeBSD.ORG>
Subject: Re: Apache w/FrontPage Module Port
In-Reply-To: <Pine.BSF.3.96.971023170822.1535A-100000@uhf.wireless.net>
Message-ID: <Pine.BSF.3.95.971023203532.11617G-100000@alive.znep.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-ports@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Thu, 23 Oct 1997, Bernie Doehner wrote:

> Since Jordan is probably listening and he doesn't like crossposting to
> multiple mailing lists, I removed the isp mailing list from the Cc: line..
> 
> What user is your apache running as? /usr/local/etc/apache  and httpd.conf
> should be of the ownership the apache server runs as. Check your apache
> config files.

Please do not give completely incorrect advice.

Those directories should NEVER EVER EVER (unless you are an uber-guru and
know what you are doing and what the risks are and how to avoid them) be
owned by the user Apache runs as. Neither should the Apache binary. 
Neither should the directory logs are in.  If you do not heed these
warnings, you loose all guru points and risk a root compromise. 

Again, these files should not be writable or owned by the user Apache runs
as.  Nothing should, with the possible exception of data files that some
CGIs want to manipulate.

The frontpage extensions have wanted many things to be true with your
Apache setup; if this is one of them, then don't be silly enough to listen
to Microsoft.