Bug#458085: apache2.2-common: wrong permissions on /var/lock/apache2

[Stefan Fritsch <sf@sfritsch.de>]

Hi,

On Friday 28 December 2007, Gabor Gombas wrote:
> /etc/init.d/apache2 contains an unconditional
>
> 	install -d -o www-data /var/lock/apache2
>
> If apache is configured to run under a different user than www-data
> (and thus /var/lock/apache2 owned by this user), then this

the simple solution is to change the user in /etc/init.d/apache2, too. 
This is a config file and local changes will not be overwritten.

It was a bit unfortunate that the line had to be introduced in a 
stable point release and caused a behaviour change, but it was 
necessary to fix a different bug.


> - overrides permissions set by the administrator, which is IMHO
>   a policy violation

I don't think policy says anything about this particular case 
(directory automatically created and not owned by any package).


> The init script must parse /etc/apache2/apache.conf and use the
> "User" setting from there.

This is quite fragile (because of includes, etc.) and we don't want to 
do that. But it would make sense to either add a comment in 
apache.conf that /etc/init.d/apache2 needs to be changed as well, or 
to set the user via an envvar that can be used in both apache2.conf 
and the init script.

Cheers,
Stefan