You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by VPN Cluster <vp...@gmail.com> on 2008/07/10 20:00:46 UTC

[users@httpd] httpd folder is owned by root

After successful compilation of Apache 2.2.9 , Apache folder on
/usr/lcoal/httpd is owned by root:root.

It should be owned by apache:apache. How to go about fixing that..

Re: [users@httpd] httpd folder is owned by root

Posted by Res <re...@ausics.net>.

On Thu, 10 Jul 2008, Frank Gingras wrote:

> You need to fix those installations immediately, then. You can run:
>
> chown -R root:root /usr/local/httpd

A caution there, if he serves content from /usr/local/apache/htdocs|cgi-bin
they should *not* be owned by root but apache or the vhost domain owner
Though I'd like to think he like most of us, uses something like /var/www
so it is entirely separate at all times.


-- 
Cheers
Res
 	--- Usenet policy, and why I might ignore you ---
1/ GoogleGroups are UDP'd on my nntp server. If you use them, don't
    waste your time or energy replying to me.

2/ If only cleanfeed filtered out trolls as well as spam, usenet would be
    a nicer place.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] httpd folder is owned by root

Posted by Frank Gingras <fr...@gmail.com>.

You need to fix those installations immediately, then. You can run:

chown -R root:root /usr/local/httpd


to fix it.

If you have any directories that require write access for your scripts, 
chmod those to 775, and chgrp to apache. Be aware that you should 
prevent script and unknown content from being uploaded there to minimize 
the security risk.

VPN Cluster wrote:
> I have several other servers that have apache and they all owned by
> apache:apache . Even /usr/local/httpd/bin/apachectl is owned by apach:apache
>
> This is the only machine where I compiled apache but I see all the tree of
> folder and files under /usr/local/httpd is owned by root:root ..
>
> On Thu, Jul 10, 2008 at 2:04 PM, Frank Gingras <fr...@gmail.com>
> wrote:
>
>   
>> VPN Cluster wrote:
>>
>>     
>>> After successful compilation of Apache 2.2.9 , Apache folder on
>>> /usr/lcoal/httpd is owned by root:root.
>>>
>>> It should be owned by apache:apache. How to go about fixing that..
>>>
>>>
>>>
>>>       
>> Hello,
>>
>> The files under /usr/local/httpd *should* belong to root, actually.
>>
>> You should never chown the files served by apache to the apache user. That
>> is a tremendous security risk.
>>
>> What problem are you trying to solve, exactly?
>>
>> Frank
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>  "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>>     
>
>   


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] httpd folder is owned by root

Posted by VPN Cluster <vp...@gmail.com>.

I have several other servers that have apache and they all owned by
apache:apache . Even /usr/local/httpd/bin/apachectl is owned by apach:apache

This is the only machine where I compiled apache but I see all the tree of
folder and files under /usr/local/httpd is owned by root:root ..

On Thu, Jul 10, 2008 at 2:04 PM, Frank Gingras <fr...@gmail.com>
wrote:

> VPN Cluster wrote:
>
>> After successful compilation of Apache 2.2.9 , Apache folder on
>> /usr/lcoal/httpd is owned by root:root.
>>
>> It should be owned by apache:apache. How to go about fixing that..
>>
>>
>>
> Hello,
>
> The files under /usr/local/httpd *should* belong to root, actually.
>
> You should never chown the files served by apache to the apache user. That
> is a tremendous security risk.
>
> What problem are you trying to solve, exactly?
>
> Frank
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>  "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

Re: [users@httpd] httpd folder is owned by root

Posted by Frank Gingras <fr...@gmail.com>.

VPN Cluster wrote:
> After successful compilation of Apache 2.2.9 , Apache folder on
> /usr/lcoal/httpd is owned by root:root.
>
> It should be owned by apache:apache. How to go about fixing that..
>
>   
Hello,

The files under /usr/local/httpd *should* belong to root, actually.

You should never chown the files served by apache to the apache user. 
That is a tremendous security risk.

What problem are you trying to solve, exactly?

Frank

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] httpd folder is owned by root

Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.

VPN Cluster wrote:
> After successful compilation of Apache 2.2.9 , Apache folder on 
> /usr/lcoal/httpd is owned by root:root.
> 
> It should be owned by apache:apache. 

Never.  Absolutely not.  Anyone who compromises apache with an arbitrary
code execution exploit or uses any number of vulnerable scripts or even
untrusted content authors would be able to modify the installation of
Apache itself.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org