On Thu, Nov 24, 2011 at 5:03 PM, Silviu Andrica <silviu.andr...@gmail.com> wrote: > Hi Tom, > thanks for the answer. It makes perfect sense. > The solution I thought about is a bit more complex. I did not go through the > Apache code, so below is just a sketch. > seteuid(${APACHE_RUN_USER}); //drop privileges > open(${ErrorLog}); //open file > seteuid(0); // get back root privileges > chown(${ErrorLog}, root, …); // change owner to root > In this case, the ErrorLog will be opened and accessible > as ${APACHE_RUN_USER} for only a brief moment of time, and after that it > becomes owned by root. AFAIK, this solves the issue I raised. If I miss any > point, please let me know.
<DevilsAdvocate> What would it do when the file already exists and is owned by root? :) </DevilsAdvocate> It is hard to distinguish between "file owned by root, but we should append to it" and "file owned by root and the admin made a mistake in the conf file". The former is the usual case when starting a server with pre-existing log files, the latter is the case you are trying to avoid. Cheers Tom --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org