Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
/usr/HTTPServer/logs/cgisock=
706 views
Skip to first unread message
jerry....@wellpoint.com
Dec 18, 2012, 1:59:43 PM12/18/12
to
I am running Apache 2.0.59 on AIX 6.1. The web server is not running as root. It is running as a different user via sudo.
There is a file called cgisock= in /usr/HTTPServer/logs. The file is empty. The permissions are srwxrwxrwx. My company is scanning servers for files that are world-writable. They want me to remove the world write permission from all files. Is it safe for me to remove the world write permission from this file?
Thanks.
Jerry
There is a file called cgisock= in /usr/HTTPServer/logs. The file is empty. The permissions are srwxrwxrwx. My company is scanning servers for files that are world-writable. They want me to remove the world write permission from all files. Is it safe for me to remove the world write permission from this file?
Thanks.
Jerry
I R A Darth Aggie
Dec 21, 2012, 9:11:01 AM12/21/12
to
On Tue, 18 Dec 2012 10:59:43 -0800 (PST),
jerry....@wellpoint.com <jerry....@wellpoint.com>, in
It looks like it is simply a socket, and thus the rather expansive
file permissions. You can read more on the mod_cgid page:
http://httpd.apache.org/docs/2.0/mod/mod_cgid.html
"The socket will be opened using the permissions of the user
who starts Apache (usually root). To maintain the security of
communications with CGI scripts, it is important that no other
user has permission to write in the directory where the socket
is located."
You can probably manually change the permisions, but that will last
only until you reboot/restart Apache. Are you actually using an
external cgi daemon? you may not need this mod at all, so that would
be one solution.
--
Consulting Minister for Consultants, DNRC
I can please only one person per day. Today is not your day. Tomorrow
isn't looking good, either.
I am BOFH. Resistance is futile. Your network will be assimilated.
jerry....@wellpoint.com <jerry....@wellpoint.com>, in
file permissions. You can read more on the mod_cgid page:
http://httpd.apache.org/docs/2.0/mod/mod_cgid.html
"The socket will be opened using the permissions of the user
who starts Apache (usually root). To maintain the security of
communications with CGI scripts, it is important that no other
user has permission to write in the directory where the socket
is located."
You can probably manually change the permisions, but that will last
only until you reboot/restart Apache. Are you actually using an
external cgi daemon? you may not need this mod at all, so that would
be one solution.
--
Consulting Minister for Consultants, DNRC
I can please only one person per day. Today is not your day. Tomorrow
isn't looking good, either.
I am BOFH. Resistance is futile. Your network will be assimilated.
0 new messages