On Thu, Nov 24, 2011 at 3:53 PM, silviu andrica
<
silviu.andrica@xxxxxxxxx> wrote:
Hi,
I noticed that in Apache/2.2.20 (Ubuntu), the ErrorLog is opened as root,
although the User is set to ${APACHE_RUN_USER}.
My concern is that if I make a mistake in ErrorLog, then I can damage any
file on my system because of a stupid copy-paste error.
I was wondering what is the reason Apache doesn't drop root privileges
before opening the ErrorLog file (to make sure that the user Apache will end
up running as can access and modify that file) and then get back the root
privileges, for the remaining operations that need be done as root?
This is by design to do the exact opposite of what you are suggesting.
If it waited until it gave up it's root privileges, then the file
would be owned/modifiable by the less privileged apache user, and
could be removed or truncated by any web script or exploit. In
general, it's a good idea that your log files are owned by root, just
like your html content should only be readable, not modifiable, by the
apache user.
Apache opens the file before forking, so non-root children will
already have a file handle to the error log and will not have to open
it again.
The trade off is against an admin accidentally writing something like
'ErrorLog /etc/master.passwd'.
Cheers
Tom
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail:
users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest:
users-digest-unsubscribe@xxxxxxxxxxxxxxxxFor additional commands, e-mail:
users-help@xxxxxxxxxxxxxxxx