NetBSD Problem Report #35142
From firstname.lastname@example.org Mon Nov 27 17:03:55 2006
Received: from mail.netbsd.org (mail.netbsd.org [18.104.22.168])
by narn.NetBSD.org (Postfix) with ESMTP id 8741763B90D
for <gnats-bugs@gnats.NetBSD.org>; Mon, 27 Nov 2006 17:03:55 +0000 (UTC)
Date: Mon, 27 Nov 2006 17:03:35 +0100 (CET)
From: Wouter Schoot <email@example.com>
Reply-To: Wouter Schoot <firstname.lastname@example.org>
Subject: lighttpd doesn't create an own user (like apache does)
>Synopsis: www/lighttpd doesn't create an own user (like apache does)
>Arrival-Date: Mon Nov 27 17:05:00 +0000 2006
>Last-Modified: Mon Nov 27 18:26:16 +0000 2006
>Originator: Wouter Schoot <email@example.com>
>Release: NetBSD 4.99.4
System: NetBSD gehakt.student.utwente.nl 4.99.4 NetBSD 4.99.4 (GEHAKT) #10: Sat Nov 25 19:53:04 CET 2006 firstname.lastname@example.org:/usr/src/sys/arch/i386/compile/GEHAKT i386
lighttpd is an alternative webserver for like for instance apache. However, the
pkg doesn't create a user (i.e. 'www') to run under. I think this is good
behaviour to enforce, just as apache does. Moreover pkg's like phpmyadmin
blindly trust on the existance of a www user (hardcoded in the Makefile).
From: Joerg Sonnenberger <email@example.com>
Subject: Re: pkg/35142: lighttpd doesn't create an own user (like apache does)
Date: Mon, 27 Nov 2006 18:34:38 +0100
On Mon, Nov 27, 2006 at 05:05:01PM +0000, Wouter Schoot wrote:
> lighttpd is an alternative webserver for like for instance apache. However, the
> pkg doesn't create a user (i.e. 'www') to run under. I think this is good
> behaviour to enforce, just as apache does. Moreover pkg's like phpmyadmin
> blindly trust on the existance of a www user (hardcoded in the Makefile).
The question is which one. I have multiple setups with lighty and run it
both as a normal user (not via rc.d), as www:www and other users,
depending on the circumstances. I don't think we reusing www would be a
good idea for an default name, as it makes the protection at least
partly go away when Apache is also running on the machine.
Beside, the part about phpmyadmin does not apply, but I answer about
that in the original PR.
Responsible-Changed-When: Mon, 27 Nov 2006 18:26:16 +0000
Over to maintainer.
$NetBSD: query-full-pr,v 1.36 2007/11/24 03:27:39 kano Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.