You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "Boyle, PJ" <PJ...@agriculture.gov.ie> on 2003/06/06 15:09:40 UTC
[users@httpd] Building Apache 2.0.46 with MPM=WORKER on Compaq Tru64 with Compaq CC
Hi,
I was wondering if anybody out there has successfully
compiled 2.0.46 with the mpm type == worker instead of
prefork on HP Tru64 5.1A. I have just downloaded and
attempted to compile with the following:
./configure --with-mpm=worker --prefix=/u01/apps/apache-httpd-2.0.46
When building I can see the following message:
checking for times... yes
checking which MPM to use... worker
The currently selected MPM requires threads which your system seems to lack
checking checking for replacement... prefork selected
Tru64 does have pthread support so does anybody know how to enable
it for this build?
Any help greatly appreciated
**********************************************************************
The information contained in this email and in any
attachments is confidential and is designated solely
for the attention and use of the intended recipient(s).
This information may be subject to legal and professional
privilege. If you are not an intended recipient of
this email, you must not use, disclose, copy,
distribute or retain this message or any part of it.
If you have received this email in error, please
notify the sender immediately and delete all copies of
this email from your computer system(s).
**********************************************************************
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Folder Permissions
Posted by Joshua Slive <jo...@slive.ca>.
On Fri, 6 Jun 2003, Mario Antonio wrote:
> Sorry if this a stupid question.
> If a file is owned by the Apache user (www), can that file somehow be
> modified by a internet visitor ( let's say: a hacker) since that user is
> using Apache to make that connection?
In a properly configured system with no "unsafe" cgi/php/perl scripts, it
is not possible for a hacker to modify anything on the server, regardless
of ownership. It is true, however, that any flaw in apache or one of its
scripts will compromise the apache user first.
So yes, it is somewhat risky to have anything on the server owned by the
apache user. But it is usually a reasonable risk in a tightly controlled
system. It is probably not a reasonable risk if you have untrusted people
writing cgi/php/perl scripts.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Folder Permissions
Posted by Mario Antonio <di...@webjogger.net>.
Joshua,
Thanks for your promt reply. That is what I admire of the Apache Community!
Sorry if this a stupid question.
If a file is owned by the Apache user (www), can that file somehow be
modified by a internet visitor ( let's say: a hacker) since that user is
using Apache to make that connection?
Mario Antonio
----- Original Message -----
From: "Joshua Slive" <jo...@slive.ca>
To: <us...@httpd.apache.org>
Sent: Friday, June 06, 2003 9:53 AM
Subject: Re: [users@httpd] Folder Permissions
>
> On Fri, 6 Jun 2003, Mario Antonio wrote:
> > I got a security concern.
> > When using a php script that uploads files to the server, I need to give
> > write permissions to everybody in that specific folder (within the
> > public_html folder)
> >
> > When a file is uploaded, That file is now owned by "WWW" (apache user)
and
> > its group remains the same (the user's group that owns that folder)
> >
> > These are the permissions of that specific folder:
> > drwxrwxrwx 2 myuser myuser 512 Jun 5 15:24 myfolder_to_upload
>
> This folder should be owned by www and should have write permissions only
> for the owner.
>
> >
> > And these are the permissions of the file that is uploaded:
> > -rw-r--r-- 1 www myuser 58880 Jun 5 14:11 my_uploaded_file.doc
> >
> > is this Ok? or is it something that I should stay away from?
> > If it is such a security threat, How to provide a safe environment to
> > upload files through web scripts?
>
> This is "relatively" safe if:
>
> 1. You restrict access to the www user to only trusted people; and
>
> 2. Only trusted people are allowed to author any sort of script
> (cgi/perl/php) on the server.
>
> Joshua.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
> ---
> [This e-mail was scanned for viruses by Webjogger's AntiVirus Protection
System]
>
>
---
[This e-mail was scanned for viruses by Webjogger's AntiVirus Protection System]
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Folder Permissions
Posted by Joshua Slive <jo...@slive.ca>.
On Fri, 6 Jun 2003, Mario Antonio wrote:
> I got a security concern.
> When using a php script that uploads files to the server, I need to give
> write permissions to everybody in that specific folder (within the
> public_html folder)
>
> When a file is uploaded, That file is now owned by "WWW" (apache user) and
> its group remains the same (the user's group that owns that folder)
>
> These are the permissions of that specific folder:
> drwxrwxrwx 2 myuser myuser 512 Jun 5 15:24 myfolder_to_upload
This folder should be owned by www and should have write permissions only
for the owner.
>
> And these are the permissions of the file that is uploaded:
> -rw-r--r-- 1 www myuser 58880 Jun 5 14:11 my_uploaded_file.doc
>
> is this Ok? or is it something that I should stay away from?
> If it is such a security threat, How to provide a safe environment to
> upload files through web scripts?
This is "relatively" safe if:
1. You restrict access to the www user to only trusted people; and
2. Only trusted people are allowed to author any sort of script
(cgi/perl/php) on the server.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] Folder Permissions
Posted by Mario Antonio <di...@webjogger.net>.
Hi,
I am running apache as follows:
Server Version: Apache/1.3.27 (Unix) mod_perl/1.27 mod_ssl/2.8.14
OpenSSL/0.9.7a PHP/4.3.1
I got a security concern.
When using a php script that uploads files to the server, I need to give
write permissions to everybody in that specific folder (within the
public_html folder)
When a file is uploaded, That file is now owned by "WWW" (apache user) and
its group remains the same (the user's group that owns that folder)
These are the permissions of that specific folder:
drwxrwxrwx 2 myuser myuser 512 Jun 5 15:24 myfolder_to_upload
And these are the permissions of the file that is uploaded:
-rw-r--r-- 1 www myuser 58880 Jun 5 14:11 my_uploaded_file.doc
is this Ok? or is it something that I should stay away from?
If it is such a security threat, How to provide a safe environment to
upload files through web scripts?
I hope this question is within the context of this mailing list since my
concerns, as Apache Admin, is how to set up properly folder permissions for
cgi and php scripts.
Regards
Mario Antonio
---
[This e-mail was scanned for viruses by Webjogger's AntiVirus Protection System]
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org