and is <code>conf/mime.types</code> by default.
<h2>Log files</h2>
+<h3>security warning</h3>
+Anyone who can write to the directory where Apache is writing a
+log file can almost certainly gain access to the uid that the server is
+started as, which is normally root. Do <EM>NOT</EM> give people write
+access to the directory the logs are stored in without being aware of
+the consequences; see the <A HREF="misc/security_tips.html">security tips</A>
+document for details.
<h3>pid file</h3>
On daemon startup, it saves the process id of the parent httpd process to
the file <code>logs/httpd.pid</code>. This filename can be changed with the
and is <code>conf/mime.types</code> by default.
<h2>Log files</h2>
+<h3>security warning</h3>
+Anyone who can write to the directory where Apache is writing a
+log file can almost certainly gain access to the uid that the server is
+started as, which is normally root. Do <EM>NOT</EM> give people write
+access to the directory the logs are stored in without being aware of
+the consequences; see the <A HREF="misc/security_tips.html">security tips</A>
+document for details.
<h3>pid file</h3>
On daemon startup, it saves the process id of the parent httpd process to
the file <code>logs/httpd.pid</code>. This filename can be changed with the
<HR>
+<H2>Permissions on Log File Directories</H2>
+<P>When Apache starts, it opens the log files as the user who started the
+server before switching to the user defined in the
+<a href="../mod/core.html#user"><b>User</b></a> directive. Anyone who
+has write permission for the directory where any log files are
+being written to can append pseudo-arbitrary data to any file on the
+system which is writable to the user who starts Apache. Since the
+server is normally started by root, you should <EM>NOT</EM> give anyone
+write permission to the directory where logs are stored unless you
+want them to have root access.
+<P>
+<HR>
<H2>Server Side Includes</H2>
<P>Server side includes (SSI) can be configured so that users can execute
arbitrary programs on the server. That thought alone should send a shiver
deliberate or accidental.<p>
All the CGI scripts will run as the same user, so they have potential to
-conflict (accidentally or deliberately) with other scripts e.g. User A hates
-User B, so he writes a script to trash User B's CGI database.<P>
+conflict (accidentally or deliberately) with other scripts e.g.
+User A hates User B, so he writes a script to trash User B's CGI
+database. One program which can be used to allow scripts to run
+as different users is <A HREF="../suexec.html">suEXEC</A> which is
+included with Apache as of 1.2 and is called from special hooks in
+the Apache server code. Another popular way of doing this is with
+<A HREF="http://wwwcgi.umr.edu/~cgiwrap/">CGIWrap</A>. <P>
<HR>
-Please send any other useful security tips to
-<A HREF="mailto:apache-bugs@mail.apache.org">apache-bugs@mail.apache.org</A>
-<p>
-<HR>
<H2>Stopping users overriding system wide settings...</H2>
<P>To run a really tight ship, you'll want to stop users from setting
This stops all overrides, Includes and accesses in all directories apart
from those named.<p>
+<HR>
+<P>Please send any other useful security tips to
+<A HREF="mailto:apache-bugs@mail.apache.org">apache-bugs@mail.apache.org</A>
+<p>
+<HR>
+
<!--#include virtual="footer.html" -->
</BODY>
</HTML>
then it is assumed to be relative to the <A HREF="#serverroot">ServerRoot</A>.
Example:
<blockquote><code>ErrorLog /dev/null</code></blockquote>
-This effectively turns off error logging.<p><hr>
+This effectively turns off error logging.<p>
+
+SECURITY: See the <A HREF="../misc/security_tips.html">security tips</A>
+document for details on why your security could be compromised if
+the directory where logfiles are stored is writable by anyone other
+than the user that starts the server.
+
+<p><hr>
<A name="files"><h2><Files></h2></A>
<strong>Syntax:</strong> <Files <em>filename</em>>
command (if your OS supports it), or with kernel patches like <A
HREF="../misc/vif-info.html">VIF</A> (for SunOS(TM) 4.1.x)).<p>
+SECURITY: See the <A HREF="../misc/security_tips.html">security tips</A>
+document for details on why your security could be compromised if
+the directory where logfiles are stored is writable by anyone other
+than the user that starts the server.
+
<p><strong>See also:</strong>
<A HREF="../virtual-host.html">Information on Virtual Hosts.
(multihome)</A><br>
run under the user who started httpd. This will be root if the server
was started by root; be sure that the program is secure.<p>
+<strong>Security:</strong> See the <A
+HREF="../misc/security_tips.html">security tips</A> document for
+details on why your security could be compromised if the directory
+where logfiles are stored is writable by anyone other than the user
+that starts the server.<P>
+
This directive is provided for compatibility with NCSA 1.4.<p>
<!--#include virtual="footer.html" -->
See the examples below.
<p>
+<h2>Security Considerations</h2>
+
+See the <A HREF="../misc/security_tips.html">security tips</A> document
+for details on why your security could be compromised if the directory
+where logfiles are stored is writable by anyone other than the user
+that starts the server.
+<p>
<h2>Directives</h2>
<ul>
run under the user who started httpd. This will be root if the server
was started by root; be sure that the program is secure.<p>
+<strong>Security:</strong> See the <A
+HREF="../misc/security_tips.html">security tips</A> document for
+details on why your security could be compromised if the directory
+where logfiles are stored is writable by anyone other than the user
+that starts the server.<P>
+
This directive is provided for compatibility with NCSA 1.4.<p>
<!--#include virtual="footer.html" -->
<tt>RewriteLog</tt> directive or use <tt>RewriteLogLevel 0</tt>!
</td></tr>
</table>
+<P>
+
+SECURITY: See the <A HREF="../misc/security_tips.html">security
+tips</A> document for details on why your security could be
+compromised if the directory where logfiles are stored is writable
+by anyone other than the user that starts the server. <P>
<p>
<b>Example:</b>
projects / apache / commitdiff