Greetings, Brian S. Wilson! >> I'm a Linux teacher at a school for vocational education in the Netherlands. >> I use Cyqwin to help my students overcome their fear of the command line by >> showing them their Windows systems through the eyes of Linux. > ... >> After a chgrp and chmod on the entire Apache folder, the "conf" directory >> looks like this: >> >> drwxrwx---+ 1 SYSTEM apache 0 28 okt 20:43 . >> drwxrwx---+ 1 SYSTEM apache 0 2 nov 13:10 .. >> -rwxrwx---+ 1 SYSTEM apache 35142 26 okt 18:07 httpd.conf >> -rwxrwx---+ 1 SYSTEM apache 34770 7 okt 23:29 httpd.default.conf >> -rwxrwx---+ 1 SYSTEM apache 13340 3 okt 07:59 magic >> -rwxrwx---+ 1 SYSTEM apache 13340 21 nov 2004 magic.default >> -rwxrwx---+ 1 SYSTEM apache 54599 3 okt 07:59 mime.types >> -rwxrwx---+ 1 SYSTEM apache 54599 17 mrt 2012 mime.types.default >> -rwxrwx---+ 1 SYSTEM apache 9390 5 feb 2013 openssl.cnf >> -rwxrwx---+ 1 SYSTEM apache 11050 3 okt 07:59 ssl.conf >> -rwxrwx---+ 1 SYSTEM apache 11030 7 okt 23:29 ssl.default.conf >> >>My students can now administer Apache without running Cygwin "As > administrator".
> Your statement may not be quite accurate. The Cygwin Apache instance > appears to be running as the "SYSTEM" user since that is the file owner, but > your students can administer the files because they are members of the > "apache" group. I can't really tell which user id is running your Apache > process because I don't know how you are actually starting the Apache > process. Most production Apache instances do not run as the "root" user > since this is a security risk. > If my guess about the Apache process owner is correct, please make your > students aware that if someone hacks their Cygwin Apache servers, the hacker > may gain the same user access rights as the user id actually running the > Apache process. The Apache process owner would normally be a unique user > account with no login or access privileges to protect the server from > successful attacks (just because your Apache files are owned by "SYSTEM", > Apache could be started under another, less privileged, user id for better > protection; but it is common practice to have the file owner also be the > user id that normally executes the file). It is common to see a "nobody" > user as the owner of Apache in production systems. > I've spent some time over several years trying to figure out how to get > Apache working as a "nobody" user under Cygwin. I've never succeeded in > getting it to work properly, and my comments to this board have not yielded > an answered. I don't think it is possible to make Apache work this way > under Cygwin, but your students should be made aware of this difference. > If anyone is aware of how to get Apache working using a restricted "nobody" > user id under Cygwin, please respond (or start a new thread). I can't imagine alot of reasons to not use native Windows Apache server, which is much better adapted for running in Windows security environment. -- WBR, Andrey Repin (anrdae...@yandex.ru) 02.11.2013, <21:44> Sorry for my terrible english... -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple