In misc/security_tips.xml:
The usual stuff with the User directive being broken since 2.4.

Patch included for trunk.

With regards,
Daniel.
Index: security_tips.xml
===================================================================
--- security_tips.xml   (revision 1300620)
+++ security_tips.xml   (working copy)
@@ -143,7 +143,7 @@
 
     <p>In typical operation, Apache is started by the root user, and it
     switches to the user defined by the <directive
-    module="mpm_common">User</directive> directive to serve hits. As is the
+    module="mod_unixd">User</directive> directive to serve hits. As is the
     case with any command that root executes, you must take care that it is
     protected from modification by non-root users. Not only must the files
     themselves be writeable only by root, but so must the directories, and
@@ -291,7 +291,7 @@
   <p>Embedded scripting options which run as part of the server itself,
   such as <code>mod_php</code>, <code>mod_perl</code>, <code>mod_tcl</code>,
   and <code>mod_python</code>, run under the identity of the server itself
-  (see the <directive module="mpm_common">User</directive> directive), and
+  (see the <directive module="mod_unixd">User</directive> directive), and
   therefore scripts executed by these engines potentially can access anything
   the server user can. Some scripting engines may provide restrictions, but
   it is better to be safe and assume not.</p>
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org
For additional commands, e-mail: docs-h...@httpd.apache.org

Reply via email to