Joshua Slive wrote:
> Those messages are generated within suexec and since suexec is not
> run-time configurable (for security reasons) they are not
> configurable. You would need to edit the source code and recompile
> (being careful to heed the warnings about not messing with suexec
> unless you know what you are doing).
>
> Joshua.
Ok, that's what I did. Inside suexec.c, I just commented the following code:
log_no_err("uid: (%s/%s) gid: (%s/%s) cmd: %s\n",
target_uname, actual_uname,
target_gname, actual_gname,
cmd);
and:
if ((~AP_SUEXEC_UMASK) & 0022) {
log_err("notice: AP_SUEXEC_UMASK of %03o allows "
"write permission to group and/or other\n", AP_SUEXEC_UMASK);
}
While the second one can be safe to delete (it's just a notice about the
umask, since I use the umask setting I don't want to be noticed in
regard of that), the first one may possibly cause some problems, since
the comment above it states:
/*
* Log the transaction here to be sure we have an open log
* before we setuid().
*/
What it concerns me is: if I delete the logging of the transactions,
will suEXEC be able to open the log file if any other error happens?
Regards,
--
Fabio Corazza - Engineering
NewBay Software, Ltd.
Wilson House, Fenian Street, Dublin 2, Ireland
Phone: +353 1 634 5490 - e-mail: fabio@xxxxxxxxxx
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|