[NTLUG:Discuss] apache problem

Jeremy Blosser jblosser at firinn.org
Thu Jun 15 03:01:34 CDT 2000


Jay Urish [j at dalwan.net] wrote:
> I am going to move the web directorys under thier owners home directory. I 
> think I have a rights problem with this. I am working on dfwplants.com 
> right now. The content is at /home/macdade/www/dfwplants
> 
> I keep getting 403's
> 
> I know it's a rights problem.
> 
> Are the risks to running apache suid root?

There are risks to running anything suid root, especially daemons.  If
someone would happen to find an exploit in Apache, they'd possibly be able
to use it to gain root access to your system.  As long as it runs as
nobody, they can only get nobody access.  It's also relevant in case you
screw up perms.  If it runs as root they can read anything on the system if
they can get a successful attack going, such as your password files.  If
you run as nobody, they can only read what nobody can.

Anyway as someone already noted, just make sure /home and /home/macdade are
at least 711 and /home/macdade/www and below are 755.

-- 
Jeremy Blosser   |   jblosser at firinn.org   |   http://jblosser.firinn.org/
-----------------+-------------------------+------------------------------
the crises posed a question / just beneath the skin
the virtue in my veins replied / that quitters never win
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 366 bytes
Desc: not available
Url : http://ntlug.org/pipermail/discuss/attachments/20000615/e7359b71/attachment.bin


More information about the Discuss mailing list