You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by Bob Ross <br...@kingman.com> on 1997/11/01 16:36:27 UTC
config/1347: Serving pages as root.
>Number: 1347
>Category: config
>Synopsis: Serving pages as root.
>Confidential: no
>Severity: critical
>Priority: medium
>Responsible: apache
>State: open
>Class: support
>Submitter-Id: apache
>Arrival-Date: Sat Nov 1 07:40:00 PST 1997
>Last-Modified:
>Originator: bross@kingman.com
>Organization:
apache
>Release: 1.2.4
>Environment:
Linux 2.0.28
Apache 1.2.4 just downloaded from your site.
>Description:
I have some protected pages that are used by sales person's to add new users on-line. The pages need to serve as root.
The pages run a CGI to modify the passwd file and add the new customer, then send an email to me.
I changed User to server, with group #0 and tried #-1 in the httpd.conf
In the passwd file I created server:passwd:0:0:/root:/bin/bash
tried different euid numbers etc.. but it will work everything else except the secured pages. I don't want to open a Security Hole but would like to get the new release to work. It does not give this error with the release I now have 1.2b7
Received that apache was not designed to serv pages as root. I tried different changes to the passwd config but then the server user does not have permission to access.
Any help would be great.
Thank you
Bob Ross
>How-To-Repeat:
>Fix:
>Audit-Trail:
>Unformatted: