--
Jeff Schoby
Unix/Network Admin
City of Columbia, Missouri
573.874.6320
>>> [EMAIL PROTECTED] 05/17/05 8:22 PM >>>
Hi,
This is a response for question #2
>Coldfusion, when you install it asks for the user
that http runs as.
Jeff, not sure if you intended to say "coldfusion
(when you intall) askes you for a runtime user for
coldfusion."
To my knowledge on the cfmx7 linux install, there was
no screen that asked me to "specify the user that http
runs as"...only one that asked me to "specify the user
that coldfusion will run as"
------------------------------------------------------------------
Sorry, Yes, you're correct, when I install coldfusion, I made it run as
the same user as apache. I figured that since Apache was going to be
talking with and loading some stuff out of the Coldfusion directory that
it'd be easier to make it them run as the same user.
------------------------------------------------------------------
>Quick fix for this is:
>chown -R http.http /opt/coldfusionmx7
>format: (user).(group)
Tried that, got a bunch of errors (permission
related).
Tried lots of combinations of http.cfmx, cfmxuser.http
-------------------------------------------------------------------------------
That's because you didn't do what I did...set them up to use run as the
same user. The only way apache and or coldfusion can play nicely as far
as permissions is to make them at least run as the same group, if not
the same user (and group)
-------------------------------------------------------------------------------
Ended up putting ownership of /opt/coldfusionmx7 back
to cfmxuer/cfmx, then I chmod all directories 777
along this path...
/cfroot/runtime/lib/wsconfig/1/
Restart Apache/CF. Error message gone!
------------------------------------------------------------------
I should hope so, you just made that entire directory readable and
writeable to anyone on the system. Apache can now take advangate of the
fact that
------------------------------------------------------------------
PS: Am I opening myself up to any security
vulnerabilies on my system by enabling various world
access permissions to these directories?
--------------------------------------------------------------------
You betcha. Any user on your system can now poke through and even alter
any file in your coldfusion directory.
As I mentioned above, you should make it so CF runs as the same group
and/or user as Apache does, make the directory group readable and
definitely NOT give write access to all.
Actually, even less work than that would be to chmod 776 which would
give read access to the world. If you trust your users on the system
that much or don't care if they can see everything in there. At least
they wouldn't be able to overwrite anything. That way, the apache user
could still read the file. I don't think he needs to be able to write
to anything there. I still think it makes more sense to have
coldfusion and apache run as the same user/group tho.
IMHO anyway. Your mileage may vary. No guarantees. Yadda, Yadda,
Yadda.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Find out how CFTicket can increase your company's customer support
efficiency by 100%
http://www.houseoffusion.com/banners/view.cfm?bannerid=49
Message: http://www.houseoffusion.com/lists.cfm/link=i:14:3935
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/14
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:14
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.14
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
