MK27 Posted February 9, 2009 Share Posted February 9, 2009 I'm using apache to work on some cgi stuff at home (linux) -- ie. there are no security issues. I noticed that since apache is not running as root, I can't access /root. So I tried changing User and Group in http.conf to root, and I get this: Apache has not been designed to serve pages while\n\trunning as root. There are known race conditions that\n\twill allow any local user to read any file on the system.\n\tIf you still desire to serve pages as root then\n\tadd -DBIG_SECURITY_HOLE to the CFLAGS env variable\n\tand then rebuild the server. This is just the FC10 "out-of-box" build. I imagine there is no way around the issue, but it doesn't hurt to ask... Quote Link to comment Share on other sites More sharing options...
trq Posted February 9, 2009 Share Posted February 9, 2009 No way is really safe but you might want to loosen permissions on the /root directory or move the stuff you want apache to be able to access to a more apprpriate directory. I see no reason apache would ever need access to /root Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.