----- Original Message ----- > Hi Tom, > > > thanks for the answer. It makes perfect sense. > > > The solution I thought about is a bit more complex. I did not go > through the Apache code, so below is just a sketch. > > > seteuid(${APACHE_RUN_USER}); //drop privileges > open(${ErrorLog}); //open file > seteuid(0); // get back root privileges
That doesn't work. Once you drop privileges you cannot get them back. > chown(${ErrorLog}, root, …); // change owner to root > > > In this case, the ErrorLog will be opened and accessible as > ${APACHE_RUN_USER} for only a brief moment of time, and after that > it becomes owned by root. AFAIK, this solves the issue I raised. If > I miss any point, please let me know. > > > Best regards, > Silviu > > > > > > On Nov 24, 2011, at 17:52 , Tom Evans wrote: > > > > On Thu, Nov 24, 2011 at 3:53 PM, silviu andrica > < silviu.andr...@gmail.com > wrote: > > > Hi, > > > > > > I noticed that in Apache/2.2.20 (Ubuntu), the ErrorLog is opened as > root, > > > although the User is set to ${APACHE_RUN_USER}. > > > My concern is that if I make a mistake in ErrorLog, then I can damage > any > > > file on my system because of a stupid copy-paste error. > > > > > > I was wondering what is the reason Apache doesn't drop root > privileges > > > before opening the ErrorLog file (to make sure that the user Apache > will end > > > up running as can access and modify that file) and then get back the > root > > > privileges, for the remaining operations that need be done as root? > > > > > This is by design to do the exact opposite of what you are > suggesting. > If it waited until it gave up it's root privileges, then the file > would be owned/modifiable by the less privileged apache user, and > could be removed or truncated by any web script or exploit. In > general, it's a good idea that your log files are owned by root, just > like your html content should only be readable, not modifiable, by > the > apache user. > > Apache opens the file before forking, so non-root children will > already have a file handle to the error log and will not have to open > it again. > > The trade off is against an admin accidentally writing something like > 'ErrorLog /etc/master.passwd'. > > Cheers > > Tom > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server > Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > > -- Igor Galić Tel: +43 (0) 664 886 22 883 Mail: i.ga...@brainsware.org URL: http://brainsware.org/ GPG: 6880 4155 74BD FD7C B515 2EA5 4B1D 9E08 A097 C9AE --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org