[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Apache running as root . . . .

Subject: Re: [cobalt-security] Apache running as root . . . .
From: "Steve Werby" <steve-lists@xxxxxxxxxxxx>
Date: Fri, 8 Feb 2002 18:55:30 -0500
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

----- Original Message -----
From: "Fragga" <fragga@xxxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Friday, February 08, 2002 11:58 AM
Subject: [cobalt-security] Apache running as root . . . .

> greets all.
>
> has anyone got any linkage regarding the apache running as root
> issue with the cobalts. I`ve read an old bugtraq thread regardng it
> however that relates to Raq 3. has anything been built into the RAQ 4`s
> for increased security regarding this flaw. A quick ps -aux on my raq 4
> still shows root to be running the show.

The normal Apache that runs on port 80 (standard http port) should be
running as user httpd, which is an unprivileged user.  This is set using the
User directive in httpd.conf.  You should see a line "User httpd".  If you
see Apache running as root it's because the separate Apache process that
runs on the port used by the Cobalt GUI runs as root.  That's necessary for
the GUI's scripts to be able to modify files that are owned by root.  If
that's not what you're experiencing post some more details.

--
Steve Werby
President, Befriend Internet Services LLC
http://www.befriend.com/

References:
- Re: [cobalt-security] POSSIBLE MAJOR SECURITY BREACH
  - From: Nico Meijer
- [cobalt-security] Apache running as root . . . .
  - From: Fragga

Prev by Date: Re: [cobalt-security] newbee question
Next by Date: Re: [cobalt-security] Apache running as root . . . .
Previous by thread: [cobalt-security] Apache running as root . . . .
Next by thread: Re: [cobalt-security] Apache running as root . . . .

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index