[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-developers] Nobody User replacing HTTPD user???

Subject: Re: [cobalt-developers] Nobody User replacing HTTPD user???
From: Will DeHaan <will@xxxxxxxxxx>
Date: Mon Aug 28 18:21:41 2000
Organization: Cobalt Networks

Ben Koshy wrote:
> 
> I've got 2 Cobalt RAQ3 running the latest in OS Updates and Security
> Patches...weird thing though:
> 
> On Cobalt A, when a new site is setup, its owned by user httpd
> 
> On Cobalt B, when a new site is setup, its owned by user nobody
> 
> Should I be concerned?  The group permissions are set for site1, site2 etc
> so users from those groups can write to the directories...but I'm curious
> why this is happening?
> 

A recent RaQ 3 patch changed site web ownership from httpd to nobody to
resolve a security problem where site members could modify other sites
through .htaccess/AllowOverride All exploits.


	-- Will

References:
- [cobalt-developers] Nobody User replacing HTTPD user???
  - From: Ben Koshy

Prev by Date: [cobalt-developers] Urchin
Next by Date: Re: [cobalt-developers] Urchin
Previous by thread: [cobalt-developers] DNS News
Next by thread: Re: [cobalt-developers] Nobody User replacing HTTPD user???

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index