On 23 Jun 1997 [EMAIL PROTECTED] wrote: <SNIP> > first off, running httpd as root is not a good idea. it is bad enough > that it has to be started as root in order to bind() to a low port > number and then switch to a different userid.
ok.. ok... logically I must yield on this one... you are right.. I guess I am too trusting at times and would rather see something up and working before fool-proofing[1] it. > it should run as a different user than root AND a different user than > the httpd it is supposed to configure. if it runs as root it's just a > question of time before someone severely compromises the machine. (I > know, I have cleaned up after several disasters of that flavor.) > > the configuration server should under no circumstances run as root. ok.. I agree.. > the tasks you need to perform as root should be contained within > separate programs suid that do _nothing_ else than, start, stop, or > restart the server. ahh.... sounds simple and easy enough.. > right now I am under the impression that we are still brainstorming, > trying to come up with ideas of what might be a good solution or a > good set of solutions. I don't think we should dismiss every idea > that doesn't "fit the bill". > > on one hand we have my wishes, which are a tad baroque, and on the > other hand we have something that can be crufted together in a couple > of days. > > let's hear some more ideas first before we decide on anything. I guess I am still very angry at PC mag for making apache configuration look like it practially requires knowledge of X86 assembly code, just because it doesnt have a GUI.. the fast we get a gui out there, the less the media can Dis apache. -Matt
