On Wed, 13 Nov 2002, Andr� Malo wrote: > The problem is: "normal" logfiles are usually opened as root, so in fact > *nobody* needs write access to the logs directory. Actually one should > create a separate directory for runtime lo[g|ck]s, like DavLock, > RewriteLog, ScriptLog (?). Or is this too paranoid? >
Yes, making the logs directory writable by non-root is NOT an option. That is why I suggested the touch/chown technique. But I guess creating a separate directory is a better idea. There is some discussion of this here: http://www.webdav.org/mod_dav/install.html What other apache things needs need write access under the httpd user? There is CacheRoot and ScriptLog; are there others? Perhaps we should, at least in the documentation, start talking about a /usr/local/apache2/var/ directory that is httpd writable. We could then refer to this directory under DavLock and CacheRoot docs and in the security docs. Joshua. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
