On Tue, Jan 09, 2001 at 09:38:59AM +0100, Sven Burgener wrote: > Hello Nate > > you could i bet if you made apachectl setuid root but if security is > > an issue i wouldn't reccomend it. to do this do chmod u+s apachectl > > Tried it. Doesn't work; Linux seems to silently drop suid root privilges > on shell scripts.
Either that's a kernel option or it only applies to world-executable scripts. On my development system, I've got -rwsr-xr-- 1 root staff 7043 Aug 2 13:07 /usr/sbin/apachectl and members of the 'staff' group can mostly use apachectl. The pidfile seems to remember who actually created it, so if user bob starts apache, both he and root can stop/graceful it, but if root starts apache, bob's attempts to stop/graceful it cause apachectl to complain that apache isn't running (even though the pid is detected correctly). It seems that parts of the script honor suid and others don't, but I haven't dug into it. Anyhow, it's not a complete solution, but it's a start and (as long as you're careful about who starts apache initially) it might be enough to get things working for you. -- SGI products are used to create the 'Bugs' that entertain us in theatres and at home. - SGI job posting Geek Code 3.1: GCS d? s+: a- C++ UL++$ P++>+++ L+++>++++ E- W--(++) N+ o+ !K w---$ O M- V? PS+ PE Y+ PGP t 5++ X+ R++ tv b+ DI++++ D G e* h+ r y+