Bug#458085: apache2.2-common: wrong permissions on /var/lock/apache2
In testing/unstable the install -d -o www-data /var/lock/apache2 moved to apache2ctl, which is not a config file. Something needs to be done that the admin can change this without the change being overwritten on updates. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#458085: apache2.2-common: wrong permissions on /var/lock/apache2
On Saturday 29 December 2007, Gabor Gombas wrote: On Sat, Dec 29, 2007 at 02:41:03AM +0100, Stefan Fritsch wrote: It was a bit unfortunate that the line had to be introduced in a stable point release and caused a behaviour change, but it was necessary to fix a different bug. You could at least test for the existence of /var/lock/apache2 and create it only if it's missing. If /var/lock/apache2 already exists just leave it alone and do not change its ownership. It was necessary to chown an existing /var/lock/apache2 to fix broken installations. It would have been possible to only do the chown if the owner was root, but I did not think of that when I prepared 2.2.3-4+etch3. But since the next update of etch (r3) will only be released in two months at the earliest, it does not make sense to change this in etch. People who are upgrading to 2.2.3-4+etch3 and are affected by this problem will need to change their init script _now_. People who do a new install won't experience a behaviour change, so there is no problem in this case. OTOH it could be nice to have an apachectl dump command that dumps the parsed apache configuration so scripting would be easier... Yes, but I don't think this would be easy to implement. Stefan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#458085: apache2.2-common: wrong permissions on /var/lock/apache2
Hi, On Sat, Dec 29, 2007 at 02:41:03AM +0100, Stefan Fritsch wrote: It was a bit unfortunate that the line had to be introduced in a stable point release and caused a behaviour change, but it was necessary to fix a different bug. You could at least test for the existence of /var/lock/apache2 and create it only if it's missing. If /var/lock/apache2 already exists just leave it alone and do not change its ownership. This is quite fragile (because of includes, etc.) and we don't want to do that. But it would make sense to either add a comment in apache.conf that /etc/init.d/apache2 needs to be changed as well, or to set the user via an envvar that can be used in both apache2.conf and the init script. If the initscript does not unconditionally change the permissions on /var/lock/apache2 then I'm fine with a comment in apache.conf. OTOH it could be nice to have an apachectl dump command that dumps the parsed apache configuration so scripting would be easier... Gabor -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#458085: apache2.2-common: wrong permissions on /var/lock/apache2
Package: apache2.2-common Version: 2.2.3-4+etch3 Severity: important Hi, /etc/init.d/apache2 contains an unconditional install -d -o www-data /var/lock/apache2 If apache is configured to run under a different user than www-data (and thus /var/lock/apache2 owned by this user), then this - overrides permissions set by the administrator, which is IMHO a policy violation - makes /var/lock/apache2 unwritable by apache The init script must parse /etc/apache2/apache.conf and use the User setting from there. Gabor -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable'), (101, 'unstable') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-2-amd64 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages apache2.2-common depends on: ii apache2-utils 2.2.3-4+etch3 utility programs for webservers ii libmagic1 4.17-5etch3 File type determination library us ii lsb-base 3.1-23.2etch1 Linux Standard Base 3.1 init scrip ii mime-support 3.39-1MIME files 'mime.types' 'mailcap ii net-tools 1.60-17 The NET-3 networking toolkit ii procps 1:3.2.7-3 /proc file system utilities apache2.2-common recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#458085: apache2.2-common: wrong permissions on /var/lock/apache2
Hi, On Friday 28 December 2007, Gabor Gombas wrote: /etc/init.d/apache2 contains an unconditional install -d -o www-data /var/lock/apache2 If apache is configured to run under a different user than www-data (and thus /var/lock/apache2 owned by this user), then this the simple solution is to change the user in /etc/init.d/apache2, too. This is a config file and local changes will not be overwritten. It was a bit unfortunate that the line had to be introduced in a stable point release and caused a behaviour change, but it was necessary to fix a different bug. - overrides permissions set by the administrator, which is IMHO a policy violation I don't think policy says anything about this particular case (directory automatically created and not owned by any package). The init script must parse /etc/apache2/apache.conf and use the User setting from there. This is quite fragile (because of includes, etc.) and we don't want to do that. But it would make sense to either add a comment in apache.conf that /etc/init.d/apache2 needs to be changed as well, or to set the user via an envvar that can be used in both apache2.conf and the init script. Cheers, Stefan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]