Date: Thu, 23 Oct 1997 20:38:10 -0600 (MDT) From: Marc Slemko <marcs@znep.com> To: Bernie Doehner <bad@uhf.wireless.net> Cc: "Scot W. Hetzel" <hetzels@aol.com>, FreeBSD Ports <ports@FreeBSD.ORG> Subject: Re: Apache w/FrontPage Module Port Message-ID: <Pine.BSF.3.95.971023203532.11617G-100000@alive.znep.com> In-Reply-To: <Pine.BSF.3.96.971023170822.1535A-100000@uhf.wireless.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 23 Oct 1997, Bernie Doehner wrote: > Since Jordan is probably listening and he doesn't like crossposting to > multiple mailing lists, I removed the isp mailing list from the Cc: line.. > > What user is your apache running as? /usr/local/etc/apache and httpd.conf > should be of the ownership the apache server runs as. Check your apache > config files. Please do not give completely incorrect advice. Those directories should NEVER EVER EVER (unless you are an uber-guru and know what you are doing and what the risks are and how to avoid them) be owned by the user Apache runs as. Neither should the Apache binary. Neither should the directory logs are in. If you do not heed these warnings, you loose all guru points and risk a root compromise. Again, these files should not be writable or owned by the user Apache runs as. Nothing should, with the possible exception of data files that some CGIs want to manipulate. The frontpage extensions have wanted many things to be true with your Apache setup; if this is one of them, then don't be silly enough to listen to Microsoft.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.971023203532.11617G-100000>