Philip J Dicke wrote: > I currently have httpd running as a windows service, logging on as a restricted > user called "webserver". That account is very restricted in the folders that > it can read/execute. In order to follow the security policy, the webserver > account needs to be configured so that it cannot access cmd.exe. When httpd > runs on windows and uses piped output to a log file, it creates a named piped > and launches a "shell (cmd.exe)" to run the executable. FAIL! Ok; please explain how the process initially has rights to invoke cmd.exe and how these were subtracted after initialization? > Windows does not seem to have the "apachectl graceful" command that unix does. That's right; every service control command 128 is a graceful today, which is what the ApacheMonitor taskbar-utility issues when you choose 'restart'. So does httpd.exe -k restart. But Windows OS only knows a hard restart, stop and then restart the parent. However the child process lives only one iteration, just as in unix. The new feature I have worked up uses "||realpipe args" if you want to absolutely invoke realpipe without a command shell (on win or unix). The syntax "|$pipecmd args" works as today, sending the pipecmd args to the command shell. In 2.3 forward, realpipe will be the default. In 2.2, pipecmd stays the default as to not disrupt so many people. So offering both syntaxes should help you with an httpd.conf that will make the transition. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|