>Number: 1552 >Category: general >Synopsis: Server exiting >Confidential: no >Severity: serious >Priority: medium >Responsible: apache >State: open >Class: change-request >Submitter-Id: apache >Arrival-Date: Mon Dec 15 06:30:01 PST 1997 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: all that support VirtualHost >Environment: Yields all OS's. >Description: I work for the biggest Norwegian ISP. 2 of our servers have 150+ virtual hosts on each (and still groving). We have now decided to run the 2 servers with suexec and apply a different User (same group) to each of the virtual hosts (running cgi-scripts would be safer with that). When applying an unknown user or group, the server does an exit telling us it was a bad user/group name.
The database that holds usernames and groups are updated by the Customer Service dep. /etc/password is updated form that database. Imagine what will happen when we rotate the web-server logs at 11:55 pm and one of the customers have terminated it's contract and the username is gone from /etc/password? Yes, the server would not start... An ignore of the virtual host(s) with bad user name/group would be much safer than an exit of the whole server... >How-To-Repeat: Just specify an unknown user or group in the VirtualHost >Fix: How about an ignore of the VirtualHost (printing that to STDERR) instead of an exit of the whole server... Best regards Jan Arild Lindstr� >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ]
