Re: ALPHA release of apache-1.0.0-1 now available
On Mon, 18 Dec 1995, Chris Fearnley wrote:
> >* Should we create a new user and/or group to control access to the
> >hierarchy of html files? If so, why don't we make it "official" and get
> >Bruce to include in the base /etc/group and /etc/passwd files.
> User nobody and group nogroup is either already in there or is it set
> up by some other package? I suppose user wwwadmin might be better?
Well, I was actually thinking of group ownership of the files themselves,
that way you could restrict w access to those in, say, group html. The
files would of course have to be world readable so the server running as
nobody/nogroup would still be able to get to them.
> /usr/lib/apache is my choice for serverroot. Where the documents go
> is site-specific. I'd like to also include an option to chroot httpd
> to /usr/local/http or somesuch. Can dpkg install a package under some
> arbitrary directory? If so then the preinst script might be able to get
> everything into /usr/local/http and run httpd under chroot (for the
> security paranoid).
Uh, why would you want to chroot the httpd? Wouldn't that cause mondo
problems, especially if we try and get it to do stuff like dynaloading
> apache-httpd provides httpd (as does cern-httpd) so dpkg won't install
> one until the other is removed.
"I'm a dinosaur. Somebody's digging my bones."