From owner-cvs-all  Mon Apr 16  9:17:19 2001
Delivered-To: cvs-all@freebsd.org
Received: from nagual.pp.ru (pobrecita.freebsd.ru [194.87.13.42])
	by hub.freebsd.org (Postfix) with ESMTP
	id 2148A37B43C; Mon, 16 Apr 2001 09:17:14 -0700 (PDT)
	(envelope-from ache@nagual.pp.ru)
Received: (from ache@localhost)
	by nagual.pp.ru (8.11.3/8.11.3) id f3GGH8D03291;
	Mon, 16 Apr 2001 20:17:08 +0400 (MSD)
	(envelope-from ache)
Date: Mon, 16 Apr 2001 20:17:08 +0400
From: "Andrey A. Chernov" <ache@nagual.pp.ru>
To: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net>
Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: Re: cvs commit: ports/www/mnoGoSearch-current Makefile
Message-ID: <20010416201707.B2726@nagual.pp.ru>
References: <20010416195744.A2726@nagual.pp.ru> <200104161606.JAA52818@gndrsh.dnsmgr.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200104161606.JAA52818@gndrsh.dnsmgr.net>; from freebsd@gndrsh.dnsmgr.net on Mon, Apr 16, 2001 at 09:06:23AM -0700
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Mon, Apr 16, 2001 at 09:06:23 -0700, Rodney W. Grimes wrote:
> The whole reason of running apache as nobody.nogroup is so that it can
> not access a file of any type unless it is world accessable.  The mistake

Many others will disagree with you. Consider f.e. guestbook which needs
_write_ access from Apache-running CGIs. I.e.  "can not access any file
which is not belongs to processing using Apache or its CGIs".

> Does apache need write access to this hierarchy?  If not a simple

Yes, of course. Not Apache, but its CGI's, i.e. search engine which is the
port (running as nobody.nogroup too, because CGI).

> Also it seems as if -YOU- are the maintainer of apache, so please can
> you go fix it's abuse of nobody:nogroup.  (Hint: running as nobody:nogroup
> is _NOT_ the bug.)

It breaks setups for too many peoples, so require testing in many variants
and setups I don't have access to, nearly all write access CGIs will be
broken, so at least all such ports needs be fixed by someone who will
introduce this change. BTW, I am open to review patches from such hero.

-- 
Andrey A. Chernov
http://ache.pp.ru/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message