[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Web servers bug ?

Le Wed, May 05, 1999 at 06:15:52PM +0200, Samuel Tardieu écrivait:
> On  5/05, Daniel Podlejski wrote:
> | 1. Apache work as www-data ...
> | 2. I don't try other WWW serwers
> | 3. Try add www-data user to postgres ...
> Change /etc/apache/httpd.conf to contain "nobody" instead of "www-data",
> and report a bug against the apache package.

NO ! Apache should not be run under nobody. Why ? Because there are
several programs that run under nobody (shell scripts, distributed-net,...) and
and users could kill those via CGIs. Apache uses a dedicated id and that's
good. You'd better patch postregsql so that it supports '-' in a username.

Raphaël Hertzog >> 0C4CABF1 >> http://prope.insa-lyon.fr/~rhertzog/

Reply to: