Re: Web servers bug ?
Le Wed, May 05, 1999 at 06:15:52PM +0200, Samuel Tardieu écrivait:
> On 5/05, Daniel Podlejski wrote:
> | 1. Apache work as www-data ...
> | 2. I don't try other WWW serwers
> | 3. Try add www-data user to postgres ...
>
> Change /etc/apache/httpd.conf to contain "nobody" instead of "www-data",
> and report a bug against the apache package.
NO ! Apache should not be run under nobody. Why ? Because there are
several programs that run under nobody (shell scripts, distributed-net,...) and
and users could kill those via CGIs. Apache uses a dedicated id and that's
good. You'd better patch postregsql so that it supports '-' in a username.
Cheers,
--
Raphaël Hertzog >> 0C4CABF1 >> http://prope.insa-lyon.fr/~rhertzog/
Reply to: