--- Oden Eriksson <[EMAIL PROTECTED]> wrote: > > Probably yet another security non-issue. Mandrake > is > > officially useless as a webserver. Great :D > > Well, actually you need to know how to use it ;)
Right, which is quite unfortunate. Not so much a big deal to me personally now, but for people less comfortable with Linux I'm sure it is. I remember the first time I used Apache on RH5.2, I installed it and it worked, and I don't think I was quite prepared for anything other than that at the time, even though I was already very comfortable with Linux (I'd even managed to figure out mgetty by that point!). What I'd like to see for Mandrake is it as quick and easy as possible for anybody to get it to do what they want it to do (obviously while being very sensitive to security issues). > > > Without having to buy the O'Reilly Apache books, > you > > > have the clues you need > > > above. > > > > What I'm guessing you're telling me is, I can get > the > > CGIs to run if I use suexec (or reconfigure it > > somehow), but they're not going to out of the box. > > Why shouldn't they out of the box though? > > Regarding your specific case with the apache2 > packages, there's a possible > conflict where the apache UID/GUID is lower than the > lowest acceptable for > the suexec (UID=500 GUID=500). If I understand what's been going on recently correctly, now the apache (1) package is responsible for adding that user/group, so should it maybe be giving it a higher UID/GID? __________________________________________________ Do You Yahoo!? Yahoo! Health - Feel better, live better http://health.yahoo.com
