From owner-cvs-all  Mon Apr 16  8:58: 7 2001
Delivered-To: cvs-all@freebsd.org
Received: from nagual.pp.ru (pobrecita.freebsd.ru [194.87.13.42])
	by hub.freebsd.org (Postfix) with ESMTP
	id 16FD137B422; Mon, 16 Apr 2001 08:58:00 -0700 (PDT)
	(envelope-from ache@nagual.pp.ru)
Received: (from ache@localhost)
	by nagual.pp.ru (8.11.3/8.11.3) id f3GFvpa02931;
	Mon, 16 Apr 2001 19:57:51 +0400 (MSD)
	(envelope-from ache)
Date: Mon, 16 Apr 2001 19:57:49 +0400
From: "Andrey A. Chernov" <ache@nagual.pp.ru>
To: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net>
Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: Re: cvs commit: ports/www/mnoGoSearch-current Makefile
Message-ID: <20010416195744.A2726@nagual.pp.ru>
References: <200104150808.f3F88I176805@freefall.freebsd.org> <200104161536.IAA52751@gndrsh.dnsmgr.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200104161536.IAA52751@gndrsh.dnsmgr.net>; from freebsd@gndrsh.dnsmgr.net on Mon, Apr 16, 2001 at 08:36:04AM -0700
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Mon, Apr 16, 2001 at 08:36:04 -0700, Rodney W. Grimes wrote:
> > ache        2001/04/15 01:08:18 PDT
> > 
> >   Modified files:
> >     www/mnoGoSearch-current Makefile 
> >   Log:
> >   chown nobody.nogroup whole /var/mnogosearch (not require additional privs for
> >   spelld)
> 
> This exposes these files to NFS root access.  The original concept of
> nobody and nogroup was introduced by NFS, and the intent was that no
> file no place ever should have a uid/gid with these values, as that
> is what root is mapped to without a -maproot clause in the exports
> line.
> 
> Please do NOT continue to propogate this error of actually makeing
> files owned by nobody or have group nogroup.

This is needed for httpd reason. Unfortunately Apache httpd runs as
nobody.nogroup and starts CGIs too. httpd must be fixed first to another
user/group, probably www.www or something like. I prefer not to make fix
by myself due to various backward compatibility issues I prefer to deal
not. When httpd will be fixed, satellite ports can be fixed to, but not
earlier.

-- 
Andrey A. Chernov
http://ache.pp.ru/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message