On Sun, 21 Jul 2013 00:15:45 +0200 Reindl Harald <[email protected]> wrote: > > but why does httpd need CAP_DAC_OVERRIDE while starting initially as > root? > > CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_BIND_SERVICE CAP_SETGID > CAP_SETUID Jul 21 00:04:01 srv-rhsoft httpd[8813]: AH00112: Warning: > DocumentRoot [/mnt/data/www/www] does not exist Jul 21 00:04:01 > srv-rhsoft httpd[8813]: AH00112: Warning: DocumentRoot > [/mnt/data/www/private] does not exist
Could one of the parents /mnt .../data .../www offer no other-traverse (x) access? If so, these need to be both root and switch-to-user traversable and perhaps readable.
