Bug#458085: apache2.2-common: wrong permissions on /var/lock/apache2
Package: apache2.2-common
Version: 2.2.3-4+etch3
Severity: important
Hi,
/etc/init.d/apache2 contains an unconditional
install -d -o www-data /var/lock/apache2
If apache is configured to run under a different user than www-data (and
thus /var/lock/apache2 owned by this user), then this
- overrides permissions set by the administrator, which is IMHO
a policy violation
- makes /var/lock/apache2 unwritable by apache
The init script must parse /etc/apache2/apache.conf and use the "User"
setting from there.
Gabor
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable'), (101, 'unstable')
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-2-amd64
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages apache2.2-common depends on:
ii apache2-utils 2.2.3-4+etch3 utility programs for webservers
ii libmagic1 4.17-5etch3 File type determination library us
ii lsb-base 3.1-23.2etch1 Linux Standard Base 3.1 init scrip
ii mime-support 3.39-1 MIME files 'mime.types' & 'mailcap
ii net-tools 1.60-17 The NET-3 networking toolkit
ii procps 1:3.2.7-3 /proc file system utilities
apache2.2-common recommends no packages.
-- no debconf information
Reply to: