[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ALPHA release of apache-1.0.0-1 now available

On Mon, 18 Dec 1995, Chris Fearnley wrote:
> >* Should we create a new user and/or group to control access to the 
> >hierarchy of html files?  If so, why don't we make it "official" and get 
> >Bruce to include in the base /etc/group and /etc/passwd files.
> User nobody and group nogroup is either already in there or is it set
> up by some other package?  I suppose user wwwadmin might be better?

Well, I was actually thinking of group ownership of the files themselves, 
that way you could restrict w access to those in, say, group html.  The 
files would of course have to be world readable so the server running as 
nobody/nogroup would still be able to get to them.

> /usr/lib/apache is my choice for serverroot.  Where the documents go
> is site-specific.  I'd like to also include an option to chroot httpd
> to /usr/local/http or somesuch.  Can dpkg install a package under some
> arbitrary directory?  If so then the preinst script might be able to get
> everything into /usr/local/http and run httpd under chroot (for the
> security paranoid).

Uh, why would you want to chroot the httpd?  Wouldn't that cause mondo 
problems, especially if we try and get it to do stuff like dynaloading 
modules, etc.?

> apache-httpd provides httpd (as does cern-httpd) so dpkg won't install
> one until the other is removed.


"I'm a dinosaur.  Somebody's digging my bones."

Reply to: