LISTSERV - HP3000-L Archives

HP3000-L Archives

October 2001, Week 2

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L October 2001, Week 2

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Problems with Apache after applying patch APCFDX6B 6.5 Apache 1. 3.9 with DSO capability
From:	Mark Bixby <[log in to unmask]>
Reply To:	Mark Bixby <[log in to unmask]>
Date:	Tue, 9 Oct 2001 13:14:57 -0700
Content-Type:	text/plain
Parts/Attachments:	text/plain (27 lines)

Peter Osborne wrote:
>
> The problem is on the user & group line of the config file. I thing you need
> to set the user to MGR.APACHE & the group to APACHE. It's probably set to
> nobody & nogroup which, for some reason, up & stopped working one day (I'm
> sure Mark has the gory details to why this happened).

The truth is that prior to Apache 1.3.9, User & Group were ignored unless you
were running the web server JHTTPD job as MANAGER.SYS.

The change with 1.3.9 is that User & Group now apply no matter who JHTTPD runs
as.  I made this Apache change while working on creating the WebWise Secure Web
Server product.  WebWise begins execution as the user JHTTPD runs as, and reads
the private server key as that user.  It then does a POSIX setuid()/setgid() to
the identity specified by User and Group, and runs with that identity for the
remainder of its life.

All of this was done to prevent CGI processes or any other normal web server
content type from being able to gain access to sensitive things like the server
private key.
--
[log in to unmask]
Remainder of .sig suppressed to conserve scarce California electrons...

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2

RAVEN.UTC.EDU