On Thu, Nov 24, 2011 at 3:53 PM, silviu andrica <silviu.andr...@gmail.com> wrote: > Hi, > > I noticed that in Apache/2.2.20 (Ubuntu), the ErrorLog is opened as root, > although the User is set to ${APACHE_RUN_USER}. > My concern is that if I make a mistake in ErrorLog, then I can damage any > file on my system because of a stupid copy-paste error. > > I was wondering what is the reason Apache doesn't drop root privileges > before opening the ErrorLog file (to make sure that the user Apache will end > up running as can access and modify that file) and then get back the root > privileges, for the remaining operations that need be done as root? >
This is by design to do the exact opposite of what you are suggesting. If it waited until it gave up it's root privileges, then the file would be owned/modifiable by the less privileged apache user, and could be removed or truncated by any web script or exploit. In general, it's a good idea that your log files are owned by root, just like your html content should only be readable, not modifiable, by the apache user. Apache opens the file before forking, so non-root children will already have a file handle to the error log and will not have to open it again. The trade off is against an admin accidentally writing something like 'ErrorLog /etc/master.passwd'. Cheers Tom --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org