hwg-servers archives Nov 2003 new search results previous next

Re: CGI configuration troubles

by "Lyle Giese" <lyle(at)lcrcomputer.com>

 Date:  Sun, 30 Nov 2003 12:00:58 -0600
 To:  <bxk(at)bxk.cjb.net>
 Cc:  "Hwg-Servers List \(E-mail\)" <hwg-servers(at)hwg.org>
 References: 
  todo: View Thread, Original 
I don't know enough about MAC's to offer any security specific advise there.
But Apache is starting automatically and that is done via root, but are you
sure all processes are owned by root?  I wouldn't think Apple would do that
to you as by default Apache 1.3.x runs as nobody.

>From a terminal window, using find or locate would get you to those files.
Under Linux, I use find like this:

find . -name httpd.conf

Which searchs from the root directory looking for httpd.conf.

But from a command line or terminal window, you should be able to run:

httpd -V

With the uppercase V, Apache should show you what config files it's loading
on startup.  This will confirm which ones Apple configured Apache to load,
just in case they are doing something non-standard.

Lyle

----- Original Message ----- 
From: <bxk(at)bxk.cjb.net>
To: <lyle(at)lcrcomputer.com>
Sent: Sunday, November 30, 2003 11:39 AM
Subject: Re: CGI configuration troubles


> thats what i thought
> os 10.1.5 mac
> using what the apache the os came with
> did a little personalizing w/perl
>
> no, did not patch servers os
> how?
>
> also, why is httpd running as root? im not logged in as root when
> i see this in process viewer
>
> very sorry, very new, trying to comprehend not necessarily from the ground
up
>
> thank you lyle
>
>
> > Httpd running as root is a major security problem.  If someone manages
to
> > take control of your httpd server and force a script to it, it will run
in
> > the security context of root.  Major problem. The bad guys will 'own'
your
> > server.
> >
> > What operating system is the server running?  It makes a difference in
what
> > the default location is for your files and how to use the file system
> > utilities to find files.
> >
> > Did you install Apache from source or just using what the OS came with?
> > Have you patched your server's OS yet?
> >
> > Lyle
> >
> > ----- Original Message ----- 
> > From: <bxk(at)bxk.cjb.net>
> > To: <hwg-servers(at)hwg.org>
> > Sent: Saturday, November 29, 2003 10:23 PM
> > Subject: CGI configuration troubles
> >
> >
> > > New
> > > Getting "Forbidden" Do Not Have Permission to Access
> > > when trying to access scripts. . .
> > >
> > > Need to configure cgi scripts for permissions and to tell where cgi
> > scripts are stored
> > > but have major obstacles:
> > >
> > > A few details, please forgive my ignorance:
> > > 1.  httpd is running as "root" and "httpd" (?) is this right?
> > > 2.  cant locate httpd.conf, can only find httpd_conf.pm on server
> > > 3.  cant locate error log (duh!) how to find from terminal?
> > >
> > > SERVER_SOFTWARE = Apache/1.3.26 (Darwin)
> > >
> >
>
>

HWG: hwg-servers mailing list archives, maintained by Webmasters @ IWA