pacman -S httpd这样安装的httpd是用root启动的，存在安全隐患吧？

andyliucn · 发表于 2005-3-31 19:28:34

比如说加入php或cgi支持的话，随便写个程序，岂不是可以访问系统任何文件？

diony · 发表于 2005-3-31 19:38:30

我这里/etc/httpd/conf/httpd.conf文件的默认设置：

<IfModule !mpm_winnt.c>
<IfModule !mpm_netware.c>
#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
#  . On SCO (ODT 3) use "User nouser" and "Group nogroup".
#  . On HPUX you may not be able to use shared memory as nobody, and the
# suggested workaround is to create a user www and use that user.
#  NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET)
#  when the value of (unsigned)Group is above 60000;
#  don't use Group #-1 on these systems!
#
User nobody
Group nobody
</IfModule>
</IfModule>

diony · 发表于 2005-3-31 19:48:53

btw，should be 'pacman -S apache'.
'pacman -S httpd' will only report an error.

tx-cary · 发表于 2005-4-1 08:54:00

arch的apache默认的文件根目录在/home/http/httpd/html下面，http协议的程序都不可能访问你其它目录下的文件。

而且谁有权限传php和cgi到你的机器上？

碧轩 · 发表于 2005-4-2 01:20:27

这个...自己可以改吧？

nbxmedia · 发表于 2005-4-2 03:57:33

httpd.conf不是有运行用户的设定吗.换一个就可以了

碧轩 · 发表于 2005-4-2 08:18:21

再不行，就自己做pkg包，呵呵，反正就是修改httpd.conf文件，嘿嘿

		自动登录	找回密码
密码			注册