You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2002/07/08 11:04:50 UTC
DO NOT REPLY [Bug 10547] New: -
1.3.26 service requires read permission on directory above docroot
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10547>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10547
1.3.26 service requires read permission on directory above docroot
Summary: 1.3.26 service requires read permission on directory
above docroot
Product: Apache httpd-1.3
Version: HEAD
Platform: PC
URL: N/A
OS/Version: Windows XP
Status: NEW
Severity: Normal
Priority: Other
Component: core
AssignedTo: bugs@httpd.apache.org
ReportedBy: grstarrett@cox.net
I have build 1.3.26 on a XP Pro, I don't get a default document in the root
only when I #1 set the service to log in as a regular user and #2 do NOT
assign permissions to the apache_user account BELOW the new docroot. Here are
steps to reproduce:
--Assume contents of docroot has index.htm and a directory subdir\index.htm.
--Create Apache_User user account on the local machine as a restricted (on
other words, regular not power) user.
--Set the DocumentRoot (and <Directory ...>) to something like "C:/Documents
and Settings/gstarrett/My Documents/My Website/Apache8080"
--Set permissions on "C:/Documents and Settings/gstarrett/My Documents/My
Website/Apache8080" so that Apache_User has full permissions on the Apache8080
directory.
-->Try to access http://MyServer:8080/ and get "Not found. The requested
URL / was not found on this server." However, if you check for
http://MyServer:8080/index.htm or http://MyServer:8080/blah/ then it shows
both those perfectly.
Note that this doesn't show up if you either set Apache back to system account
OR assign at least read-only permissions to the directory above the docroot.
I chose the latter.
As a general note, isn't it generally a bad idea to have the service log in as
system account? If someone got control of the service, then they would have
system acct privledges. I'm fairly new to Apache still so forgive me I missed
something basic about functioning.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org