On Nov 8, 2007 4:48 PM, Axel-Stephane SMORGRAV
<[EMAIL PROTECTED]> wrote:
> Somebody trusted you enough to give YOU the root password.
>
> Why should you not in turn entrust others with the privileges that will allow
> them to do their job?
I'm not against giving people the privileges needed to
The system I use keeps administrators at arms length by requiring they
interact with servers through a service that lets them do the desired
admin tasks such as working with users and groups, configuring services,
starting/stopping services, etc. All functions can be individually
allowed or den
I understand that everything is black or white to you, and there are no shades
of grey. Good for you.
-ascs
-Message d'origine-
De : Michael McGlothlin [mailto:[EMAIL PROTECTED]
Envoyé : jeudi 8 novembre 2007 17:17
À : users@httpd.apache.org
Objet : Re: [EMAIL PROTECTED] apac
I plan to give everyone root access. Security is a silly concept anyway
because obviously everyone can be trusted.
Somebody trusted you enough to give YOU the root password.
Why should you not in turn entrust others with the privileges that will allow
them to do their job?
--
users@httpd.apache.org
Objet : Re: [EMAIL PROTECTED] apache as non-root
On Nov 8, 2007 3:50 PM, Axel-Stephane SMORGRAV <[EMAIL PROTECTED]> wrote:
> -Message d'origine-
> De : Krist van Besien [mailto:[EMAIL PROTECTED]
> Envoyé : jeudi 8 novembre 2007 15:14
> À : users@h
On Nov 8, 2007 3:50 PM, Axel-Stephane SMORGRAV
<[EMAIL PROTECTED]> wrote:
> -Message d'origine-
> De : Krist van Besien [mailto:[EMAIL PROTECTED]
> Envoyé : jeudi 8 novembre 2007 15:14
> À : users@httpd.apache.org
> Objet : Re: [EMAIL PROTECTED] apache as non-
-Message d'origine-
De : Krist van Besien [mailto:[EMAIL PROTECTED]
Envoyé : jeudi 8 novembre 2007 15:14
À : users@httpd.apache.org
Objet : Re: [EMAIL PROTECTED] apache as non-root
> You could use a wrapper script (as I do) that the user can't change.
You could, but AF
On Nov 8, 2007 9:12 AM, Axel-Stephane SMORGRAV
<[EMAIL PROTECTED]> wrote:
> -Message d'origine-
> >De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Joshua Slive
> >Envoyé : jeudi 8 novembre 2007 14:56
> >À : users@httpd.apache.org
> >O
On Nov 8, 2007 2:55 PM, Joshua Slive <[EMAIL PROTECTED]> wrote:
> On Nov 8, 2007 7:11 AM, Axel-Stephane SMORGRAV
> <[EMAIL PROTECTED]> wrote:
> > I think you would need to elaborate on that statement. Frankly I can see a
> > few differences, but I am not sure whether those are what you were think
-Message d'origine-
>De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Joshua Slive
>Envoyé : jeudi 8 novembre 2007 14:56
>À : users@httpd.apache.org
>Objet : Re: [EMAIL PROTECTED] apache as non-root
>
>On Nov 8, 2007 7:11 AM, Axel-Stephane SMORGRAV &l
On Nov 8, 2007 7:11 AM, Axel-Stephane SMORGRAV
<[EMAIL PROTECTED]> wrote:
> I think you would need to elaborate on that statement. Frankly I can see a
> few differences, but I am not sure whether those are what you were thinking
> about. Apache also does a chuid/chgid effectively changing the UI
olini [mailto:[EMAIL PROTECTED]
Envoyé : jeudi 8 novembre 2007 11:10
À : users@httpd.apache.org
Objet : Re: [EMAIL PROTECTED] apache as non-root
On Thu, Nov 08, 2007 at 11:00:10AM +0100, Krist van Besien wrote:
> > Sounds like a task for "sudo".
>
> Another option is makin
On Thu, Nov 08, 2007 at 11:00:10AM +0100, Krist van Besien wrote:
> > Sounds like a task for "sudo".
>
> Another option is making the httpd executable suid root.
Ouch.
Starting a webserver on port 80 as a normal user is not
a good thing. Sudo helps to limit the security breach somewhat
if you re
On Nov 6, 2007 4:59 PM, Christian Folini <[EMAIL PROTECTED]> wrote:
> On Tue, Nov 06, 2007 at 02:29:03PM +, Melanie Pfefer wrote:
> > hi
> >
> > I modified user in httpd.conf but as long as the port
> > number is 80, only root can start apache. subsequent
> > process will be run as non-root.
>
On Tue, Nov 06, 2007 at 02:29:03PM +, Melanie Pfefer wrote:
> hi
>
> I modified user in httpd.conf but as long as the port
> number is 80, only root can start apache. subsequent
> process will be run as non-root.
>
> any idea how to allow this user to start apache?
Sounds like a task for "su
> -Original Message-
> From: chris [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, November 06, 2007 4:20 PM
> To: users@httpd.apache.org
> Subject: Re: [EMAIL PROTECTED] apache as non-root
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> A work around,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
A work around, sort of:
If you are using an OS with the ability to port forward (iptables on
linux for example) you can create rules to forward the port 80
connection to a high port (say 8080) that the non-root-user apache
instance is listening on.
Y
Melanie Pfefer wrote:
thanks. But any workaround?
No, not that I know of.
smime.p7s
Description: S/MIME Cryptographic Signature
thanks. But any workaround?
thanks.
--- Tony Stevenson <[EMAIL PROTECTED]> wrote:
>
> Melanie Pfefer wrote:
> > hi
> >
> > I modified user in httpd.conf but as long as the
> port
> > number is 80, only root can start apache.
> subsequent
> > process will be run as non-root.
>
> This is expected
Melanie Pfefer wrote:
hi
I modified user in httpd.conf but as long as the port
number is 80, only root can start apache. subsequent
process will be run as non-root.
This is expected behaviour.
any idea how to allow this user to start apache?
To start Apache on port 80, you need root leve
hi
I modified user in httpd.conf but as long as the port
number is 80, only root can start apache. subsequent
process will be run as non-root.
any idea how to allow this user to start apache?
thanks
___
Want ideas for reducing your
21 matches
Mail list logo
