Package: apache2.2-common Version: 2.2.3-4+etch3 Severity: important
Hi, /etc/init.d/apache2 contains an unconditional install -d -o www-data /var/lock/apache2 If apache is configured to run under a different user than www-data (and thus /var/lock/apache2 owned by this user), then this - overrides permissions set by the administrator, which is IMHO a policy violation - makes /var/lock/apache2 unwritable by apache The init script must parse /etc/apache2/apache.conf and use the "User" setting from there. Gabor -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable'), (101, 'unstable') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-2-amd64 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages apache2.2-common depends on: ii apache2-utils 2.2.3-4+etch3 utility programs for webservers ii libmagic1 4.17-5etch3 File type determination library us ii lsb-base 3.1-23.2etch1 Linux Standard Base 3.1 init scrip ii mime-support 3.39-1 MIME files 'mime.types' & 'mailcap ii net-tools 1.60-17 The NET-3 networking toolkit ii procps 1:3.2.7-3 /proc file system utilities apache2.2-common recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]