From owner-freebsd-questions Tue Feb 8 6:50:24 2000 Delivered-To: freebsd-questions@freebsd.org Received: from boris.netgate.net (boris2.netgate.net [204.145.147.155]) by builder.freebsd.org (Postfix) with ESMTP id 209C34216 for ; Tue, 8 Feb 2000 06:50:21 -0800 (PST) Received: from localhost (wellsian@localhost) by boris.netgate.net (8.9.3/8.9.3) with ESMTP id GAA61166; Tue, 8 Feb 2000 06:49:08 -0800 (PST) (envelope-from wellsian@caffeine.com) Date: Tue, 8 Feb 2000 06:49:08 -0800 (PST) From: wellsian X-Sender: wellsian@boris.netgate.net To: Fredrik Carlen Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Two Apache questions In-Reply-To: <00020809391400.00302@localhost> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG 1) A deamon doesn't necessarily keep itself alive when an axe cleaves it's cranium. :) You want the apachectl script or equivalent. Check this: http://www.apache.org/docs/stopping.html Try /bin/apachectl -h 2) They need to run as someone, and the simplest someone is the web server which implies leaving things somewhat open (okay for a single-site box). Just set your cgi-bin and everything inside to be readable and executable by your httpd owner. Anything more should be unnecessary. But you can enforce additional control. See: http://www.apache.org/docs/misc/security_tips.html The docs include lots of info, and they're installed by default when you install apache. /manual/index.html> GL, -Dave On Tue, 8 Feb 2000, Fredrik Carlen wrote: > Hello! I've got two questions concerning Apache: > > 1: Why isn't my httpd run as a daemon? When I send the root process the kill > signal (like so: kill PID), it doesn't restart itself. It just plain old dies. > The command I use to start it up at boot time is: > > /usr/local/sbin/httpd > > This line is in my /etc/rc.local , as you might have already guessed. No flags, > no nothing... > > 2. Why is it that my CGI-script must have system-wide permissions to be > executed? The same applies to all the files in the web document root. I tried > changing groups to "nobody", the group for most of my httpd's, and setting > system-wide right to null and nothing, which only meant they weren't read at > all. Here's what I mean: > > drwxr-xr-x 2 root wheel 512 7 Feb 17:24 cgi-bin > drwxr-xr-x 4 root staff 512 8 Feb 00:17 data > drwxr-xr-x 3 root staff 2048 7 Feb 17:00 icons > drwxr-xr-x 2 root wheel 512 7 Feb 17:00 proxy > > This way, no problem. Should I change the system wide permissions, the web > server complains when I surf to it : the old 404 access denied pops up. > I have a sneaking suspicion I have completely misunderstood some important > concept. > > I would be grateful for some assistance. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message