Re: apache question

2000-05-28 Thread Ethan Benson
On Sat, May 27, 2000 at 06:51:58PM -0500, Nathan E Norman wrote: > On Thu, May 25, 2000 at 08:07:10PM -0800, Ethan Benson wrote: > [ snip ] > > all keeping the logs owned by the unpriviledged user seems to buy you > > is a security hole. > > That's why on new debian installations the log are owned

Re: apache question

2000-05-27 Thread Nathan E Norman
On Thu, May 25, 2000 at 08:07:10PM -0800, Ethan Benson wrote: [ snip ] > all keeping the logs owned by the unpriviledged user seems to buy you > is a security hole. That's why on new debian installations the log are owned by root.root. However, if the logs were already owned by www-data.www-data t

Re: apache question

2000-05-26 Thread Ernest Johanson
Seminary On Thu, 25 May 2000, Ethan Benson wrote: > Date: Thu, 25 May 2000 20:07:10 -0800 > From: Ethan Benson <[EMAIL PROTECTED]> > To: Ian Zimmerman <[EMAIL PROTECTED]> > Cc: debian-user@lists.debian.org > Subject: Re: apache question > > --sGwo475CiIwWEjLI >

Re: apache question

2000-05-25 Thread Ethan Benson
On Thu, May 25, 2000 at 08:25:08PM -0700, Ian Zimmerman wrote: > > Ethan> however one thing you should do on a debian system is chown > Ethan> /var/www to root and make sure its not group writable. also > Ethan> chown /var/log/apache/* to root.adm and make sure the > Ethan> permissions are 640 or

Re: apache question

2000-05-25 Thread Ian Zimmerman
Ethan> however one thing you should do on a debian system is chown Ethan> /var/www to root and make sure its not group writable. also Ethan> chown /var/log/apache/* to root.adm and make sure the Ethan> permissions are 640 or 644. (you have to fix the apache cron Ethan> jobs to not undo this chan

Re: apache question

2000-05-22 Thread Ethan Benson
On Mon, May 22, 2000 at 09:54:29AM +0100, Dominic Blythe wrote: > i don't use inetd to start apache, i start it from a script > which i can only run as root. if i chmod the script and try > being any other user, it won't start. it needs root privileges (or more presisly a capability to bind to pri

Re: Apache Question

1998-04-16 Thread Tim Metz
> Why are you trying to set this via apache confs?? Isn't all cgi info set in config files in one way or another (i.e. ScriptAlias, AddHandler, or mod_rewrite) ? > Just make the directory in the users home directory. Take away read access > so no one can go in. Give everyone rights to execu

Re: Apache Question

1998-04-16 Thread Shaleh
Why are you trying to set this via apache confs?? Just make the directory in the users home directory. Take away read access so no one can go in. Give everyone rights to execute cgi's and off you go. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contac

Re: Apache question..

1997-11-07 Thread m*
Ian Keith Setford wrote: > > I have Apache running but I am missing an important piece of information. > I *think* I have read all the documentation but I do not know where to > locate the "home" page for my server. > Thanks in advance! > look in your /etc/apache/httpd.conf file for the SeverRo