You are viewing a plain text version of this content. The canonical link for it is here.

Posted to apache-bugdb@apache.org by Bob Ross <br...@kingman.com> on 1997/11/01 16:36:27 UTC

config/1347: Serving pages as root.

>Number:         1347
>Category:       config
>Synopsis:       Serving pages as root.
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          support
>Submitter-Id:   apache
>Arrival-Date:   Sat Nov  1 07:40:00 PST 1997
>Last-Modified:
>Originator:     bross@kingman.com
>Organization:
apache
>Release:        1.2.4
>Environment:
Linux 2.0.28

Apache 1.2.4 just downloaded from your site.
>Description:
I have some protected pages that are used by sales person's to add new users on-line. The pages need to serve as root.

The pages run a CGI to modify the passwd file and add the new customer, then send an email to me.

I changed User to server, with group #0 and tried #-1 in the httpd.conf

In the passwd file I created server:passwd:0:0:/root:/bin/bash

tried different euid numbers etc.. but it will work everything else except the  secured pages. I don't want to open a Security Hole but would like to get the new release to work. It does not give this error with the release I now have 1.2b7

Received that apache was not designed to serv pages as root. I tried different changes to the passwd config but then the server user does not have permission to access.

Any help would be great.

Thank you
Bob Ross
>How-To-Repeat:

>Fix:

>Audit-Trail:
>Unformatted: