NetBSD Problem Report #35142

From ascent@gehakt.student.utwente.nl  Mon Nov 27 17:03:55 2006
Return-Path: <ascent@gehakt.student.utwente.nl>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
	by narn.NetBSD.org (Postfix) with ESMTP id 8741763B90D
	for <gnats-bugs@gnats.NetBSD.org>; Mon, 27 Nov 2006 17:03:55 +0000 (UTC)
Message-Id: <20061127160335.BBCBC28ABEE@gehakt.student.utwente.nl>
Date: Mon, 27 Nov 2006 17:03:35 +0100 (CET)
From: Wouter Schoot <ascent@schoot.org>
Reply-To: Wouter Schoot <ascent@schoot.org>
To: gnats-bugs@NetBSD.org
Subject: lighttpd doesn't create an own user (like apache does)
X-Send-Pr-Version: 3.95

>Number:         35142
>Category:       pkg
>Synopsis:       www/lighttpd doesn't create an own user (like apache does)
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    joerg
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Nov 27 17:05:00 +0000 2006
>Last-Modified:  Mon Nov 27 18:26:16 +0000 2006
>Originator:     Wouter Schoot <ascent@schoot.org>
>Release:        NetBSD 4.99.4
>Organization:

>Environment:


System: NetBSD gehakt.student.utwente.nl 4.99.4 NetBSD 4.99.4 (GEHAKT) #10: Sat Nov 25 19:53:04 CET 2006 root@gehakt.student.utwente.nl:/usr/src/sys/arch/i386/compile/GEHAKT i386
Architecture: i386
Machine: i386
>Description:
lighttpd is an alternative webserver for like for instance apache. However, the
pkg doesn't create a user (i.e. 'www') to run under. I think this is good
behaviour to enforce, just as apache does. Moreover pkg's like phpmyadmin
blindly trust on the existance of a www user (hardcoded in the Makefile).

>How-To-Repeat:

>Fix:


>Release-Note:

>Audit-Trail:
From: Joerg Sonnenberger <joerg@britannica.bec.de>
To: gnats-bugs@NetBSD.org
Cc: 
Subject: Re: pkg/35142: lighttpd doesn't create an own user (like apache does)
Date: Mon, 27 Nov 2006 18:34:38 +0100

 On Mon, Nov 27, 2006 at 05:05:01PM +0000, Wouter Schoot wrote:
 > >Description:
 > lighttpd is an alternative webserver for like for instance apache. However, the
 > pkg doesn't create a user (i.e. 'www') to run under. I think this is good
 > behaviour to enforce, just as apache does. Moreover pkg's like phpmyadmin
 > blindly trust on the existance of a www user (hardcoded in the Makefile).

 The question is which one. I have multiple setups with lighty and run it
 both as a normal user (not via rc.d), as www:www and other users,
 depending on the circumstances. I don't think we reusing www would be a
 good idea for an default name, as it makes the protection at least
 partly go away when Apache is also running on the machine.

 Beside, the part about phpmyadmin does not apply, but I answer about
 that in the original PR.

 Joerg

Responsible-Changed-From-To: pkg-manager->joerg
Responsible-Changed-By: snj@netbsd.org
Responsible-Changed-When: Mon, 27 Nov 2006 18:26:16 +0000
Responsible-Changed-Why:
Over to maintainer.


>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.