Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:42.3
permissions
permissions-suexec-bsc951765.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File permissions-suexec-bsc951765.patch of Package permissions
commit d7a65302c469501961ca2170dfd1a7d2d8016171 Author: Marcus Meissner <meissner@suse.de> Date: Thu Oct 29 10:38:01 2015 +0100 add suexec with 0755 to all standard profiles. this can and should be overridden in permissions.local if you need it setuid root. bsc#951765 bsc#263789 diff --git a/permissions.easy b/permissions.easy index 2d658db..a9be696 100644 --- a/permissions.easy +++ b/permissions.easy @@ -375,3 +375,12 @@ # radosgw (bsc#943471) /usr/bin/radosgw root:www 0750 +capabilities cap_net_bind_service=ep +# +# suexec is only secure if the document root doesn't contain files +# writeable by wwwrun. Make sure you have a safe server setup +# before setting the setuid bit! See also +# https://bugzilla.novell.com/show_bug.cgi?id=263789 +# http://httpd.apache.org/docs/trunk/suexec.html +# You need to override this in permissions.local. +# +/usr/sbin/suexec2 root:root 0755 diff --git a/permissions.paranoid b/permissions.paranoid index 1c99ec6..5fcfa4a 100644 --- a/permissions.paranoid +++ b/permissions.paranoid @@ -381,3 +381,12 @@ # radosgw (bsc#943471) /usr/bin/radosgw root:root 0755 +# +# suexec is only secure if the document root doesn't contain files +# writeable by wwwrun. Make sure you have a safe server setup +# before setting the setuid bit! See also +# https://bugzilla.novell.com/show_bug.cgi?id=263789 +# http://httpd.apache.org/docs/trunk/suexec.html +# You need to override this in permissions.local. +# +/usr/sbin/suexec2 root:root 0755 diff --git a/permissions.secure b/permissions.secure index d30401f..91c7524 100644 --- a/permissions.secure +++ b/permissions.secure @@ -410,3 +410,13 @@ # radosgw (bsc#943471) /usr/bin/radosgw root:www 0750 +capabilities cap_net_bind_service=ep + +# +# suexec is only secure if the document root doesn't contain files +# writeable by wwwrun. Make sure you have a safe server setup +# before setting the setuid bit! See also +# https://bugzilla.novell.com/show_bug.cgi?id=263789 +# http://httpd.apache.org/docs/trunk/suexec.html +# You need to override this in permissions.local. +# +/usr/sbin/suexec2 root:root 0755
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor