[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#458085: apache2.2-common: wrong permissions on /var/lock/apache2

Package: apache2.2-common
Version: 2.2.3-4+etch3
Severity: important


Hi,

/etc/init.d/apache2 contains an unconditional

	install -d -o www-data /var/lock/apache2

If apache is configured to run under a different user than www-data (and
thus /var/lock/apache2 owned by this user), then this

- overrides permissions set by the administrator, which is IMHO
  a policy violation

- makes /var/lock/apache2 unwritable by apache

The init script must parse /etc/apache2/apache.conf and use the "User"
setting from there.

Gabor

-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable'), (101, 'unstable')
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-2-amd64
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)

Versions of packages apache2.2-common depends on:
ii  apache2-utils              2.2.3-4+etch3 utility programs for webservers
ii  libmagic1                  4.17-5etch3   File type determination library us
ii  lsb-base                   3.1-23.2etch1 Linux Standard Base 3.1 init scrip
ii  mime-support               3.39-1        MIME files 'mime.types' & 'mailcap
ii  net-tools                  1.60-17       The NET-3 networking toolkit
ii  procps                     1:3.2.7-3     /proc file system utilities

apache2.2-common recommends no packages.

-- no debconf information
Reply to: