You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Paul Richards <pa...@alpha.netcraft.co.uk> on 1995/10/04 15:18:06 UTC

WWW Form Bug Report: "Seems to ignore file modes even when not running as root" on FreeBSD (fwd)

Any ideas?

In reply to archie@tribe.com who said
> From nobody@hyperreal.com Wed Oct  4 03:38:25 1995
> Message-Id: <19...@taz.hyperreal.com>
> From: archie@tribe.com
> To: paul@FreeBSD.org
> Date: Tue Oct  3 19:38:52 1995
> Subject: WWW Form Bug Report: "Seems to ignore file modes even when not running as root" on FreeBSD
> 
> Submitter: archie@tribe.com
> Operating system: FreeBSD, version: 2.0.5
> Extra Modules used: none
> URL exhibiting problem: 
> 
> Symptoms:
> --
>  The httpd binary must be setuid-root in order to bind to port 80. In conf/httpd.conf I have the lines  User www Group www  User "www" is a normal user on my system. However, I can still access this file via the server:  -rw-------  1 root    bin   3828 Oct  3 19:07 doc.shtml  Shouldn't I not be allowed to read this since the httpd server is running as user "www" ?  A "ps" listing shows two httpd processes both running as root. The Apache version is 0.8.14.  Thanks for a great server!  -Archie 
> --
> 
> Backtrace:
> --
> 


-- 
  Paul Richards, Netcraft Ltd.
  Internet: paul@netcraft.co.uk, http://www.netcraft.co.uk
  Phone: 0370 462071 (Mobile), +44 1225 447500 (work)