From dfe3c56004dbdca615a5f0b74b18bda51cdfa903 Mon Sep 17 00:00:00 2001 From: dgaudet Date: Sun, 14 Dec 1997 00:49:19 +0000 Subject: [PATCH] We talk about a "proper installation" occasionally... and assume folks know how to set the perms on the serverroot. But I don't think we document it anywhere. Nowhere that's easily found direct from the "how to install" page. Document it better, link to it. Remove the install_1_1 docs. Update a 1.2 reference to 1.3. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@79686 13f79535-47bb-0310-9956-ffa450edef68 --- docs/manual/install.html | 9 +++-- docs/manual/install.html.en | 9 +++-- docs/manual/misc/security_tips.html | 52 +++++++++++++++++++++++------ 3 files changed, 50 insertions(+), 20 deletions(-) diff --git a/docs/manual/install.html b/docs/manual/install.html index a815b1a72b..6052841af2 100644 --- a/docs/manual/install.html +++ b/docs/manual/install.html @@ -14,10 +14,7 @@ > -

Compiling and Installing Apache 1.2

- -

If you wish to download and install an earlier version of Apache please -read Compiling and Installing Apache 1.1.

+

Compiling and Installing Apache 1.3

UnixWare users will want to consult build notes for various UnixWare versions before compiling. @@ -128,7 +125,9 @@ The next step is to install the program and configure it. Apache is designed to be configured and run from the same set of directories where it is compiled. If you want to run it from somewhere else, make a directory and copy the conf, logs and -icons directories into it.

+icons directories into it. In either case you should +read the security tips +describing how to set the permissions on the server root directory.

The next step is to edit the configuration files for the server. This consists of setting up various directives in up to three diff --git a/docs/manual/install.html.en b/docs/manual/install.html.en index a815b1a72b..6052841af2 100644 --- a/docs/manual/install.html.en +++ b/docs/manual/install.html.en @@ -14,10 +14,7 @@ > -

Compiling and Installing Apache 1.2

- -

If you wish to download and install an earlier version of Apache please -read Compiling and Installing Apache 1.1.

+

Compiling and Installing Apache 1.3

UnixWare users will want to consult build notes for various UnixWare versions before compiling. @@ -128,7 +125,9 @@ The next step is to install the program and configure it. Apache is designed to be configured and run from the same set of directories where it is compiled. If you want to run it from somewhere else, make a directory and copy the conf, logs and -icons directories into it.

+icons directories into it. In either case you should +read the security tips +describing how to set the permissions on the server root directory.

The next step is to edit the configuration files for the server. This consists of setting up various directives in up to three diff --git a/docs/manual/misc/security_tips.html b/docs/manual/misc/security_tips.html index 9c36f85e43..b1704dd724 100644 --- a/docs/manual/misc/security_tips.html +++ b/docs/manual/misc/security_tips.html @@ -22,16 +22,48 @@ the suggestions will be general, others specific to Apache.

-

Permissions on Log File Directories

-

When Apache starts, it opens the log files as the user who started the -server before switching to the user defined in the -User directive. Anyone who -has write permission for the directory where any log files are -being written to can append pseudo-arbitrary data to any file on the -system which is writable by the user who starts Apache. Since the -server is normally started by root, you should NOT give anyone -write permission to the directory where logs are stored unless you -want them to have root access. + +

Permissions on ServerRoot Directories

+

In typical operation, Apache is started by the root +user, and it switches to the user defined by the User directive to serve hits. +As is the case with any command that root executes, you must take care +that it is protected from modification by non-root users. Not only +must the files themselves be writeable only by root, but so must the +directories, and parents of all directories. For example, if you +choose to place ServerRoot in /usr/local/apache then it is +suggested that you create that directory as root, with commands +like these: + +

+    mkdir /usr/local/apache
+    cd /usr/local/apache
+    mkdir bin conf logs
+    chown 0 . bin conf logs
+    chgrp 0 . bin conf logs
+    chmod 755 . bin conf logs
+
+ +It is assumed that /, /usr, and /usr/local are only modifiable by root. +When you install the httpd executable, you should ensure that it is +similarly protected: + +
+    cp httpd /usr/local/apache/bin
+    chown 0 /usr/local/apache/bin/httpd
+    chgrp 0 /usr/local/apache/bin/httpd
+    chmod 511 /usr/local/apache/bin/httpd
+
+ +

You can create an htdocs subdirectory which is modifiable by other +users -- since root never executes any files out of there, and shouldn't +be creating files in there. + +

If you allow non-root users to modify any files that root either +executes or writes on then you open your system to root compromises. +For example, someone could replace the httpd binary so that the next +time you start it, it will execute some arbitrary code. Or someone +could overwrite the logs with arbitrary data.

Server Side Includes

-- 2.50.1