>Number: 1347 >Category: config >Synopsis: Serving pages as root. >Confidential: no >Severity: critical >Priority: medium >Responsible: apache >State: open >Class: support >Submitter-Id: apache >Arrival-Date: Sat Nov 1 07:40:00 PST 1997 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.2.4 >Environment: Linux 2.0.28
Apache 1.2.4 just downloaded from your site. >Description: I have some protected pages that are used by sales person's to add new users on-line. The pages need to serve as root. The pages run a CGI to modify the passwd file and add the new customer, then send an email to me. I changed User to server, with group #0 and tried #-1 in the httpd.conf In the passwd file I created server:passwd:0:0:/root:/bin/bash tried different euid numbers etc.. but it will work everything else except the secured pages. I don't want to open a Security Hole but would like to get the new release to work. It does not give this error with the release I now have 1.2b7 Received that apache was not designed to serv pages as root. I tried different changes to the passwd config but then the server user does not have permission to access. Any help would be great. Thank you Bob Ross >How-To-Repeat: >Fix: >Audit-Trail: >Unformatted:
