* Joshua Slive wrote: > The DavLockDB is written as the httpd User/Group, correct?
yep. (resp. the process uid/gid, think of perchild) > Is it safe to > write it to a publicly writable directory like /tmp? hmm. I think no. > If so, we should > change the example in the DavLockDB directivesynopsis to recommend that, > since it now points to logs/DavLock. If not, we should change the other > examples to logs/DavLock, and we should document the necessity to > touch/chown the file before starting apache. The problem is: "normal" logfiles are usually opened as root, so in fact *nobody* needs write access to the logs directory. Actually one should create a separate directory for runtime lo[g|ck]s, like DavLock, RewriteLog, ScriptLog (?). Or is this too paranoid? (of course, this doesn't affect the win32 'user concept'...) nd -- s s^saaaaaoaaaoaaaaooooaaoaaaomaaaa a alataa aaoat a a a maoaa a laoata a oia a o a m a o alaoooat aaool aaoaa matooololaaatoto aaa o a o ms;s;\s;s;g;y;s;:;s;y#mailto: # \51/\134\137| http://www.perlig.de #;print;# > [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
