Reviewed by: Chuck Murcko, Brian Behlendorf

Submitted by: Marc Slemko Added documentation about security concerns with logging in Apache 1.2. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@77404 13f79535-47bb-0310-9956-ffa450edef68
author: brian <brian@unknown> 1997-01-10 08:24:03 +0000
committer: brian <brian@unknown> 1997-01-10 08:24:03 +0000
commit: c09109559c1e775c8a46bc7b273906594abc45f1 (patch)
tree: 23d88f0f2883c3e1fdd554c45d9a7d25b8026a64 /docs/manual/invoking.html.en
parent: df7c9f885c1644659d62ce5ae93fba7094f13c42 (diff)
download: httpd-c09109559c1e775c8a46bc7b273906594abc45f1.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/docs/manual/invoking.html.en b/docs/manual/invoking.html.en
index 4a594d3577..927674aab4 100644
--- a/docs/manual/invoking.html.en
+++ b/docs/manual/invoking.html.en
@@ -80,6 +80,13 @@ is set by the <A HREF="mod/mod_mime.html#typesconfig">TypesConfig</A> directive,
 and is <code>conf/mime.types</code> by default.
 
 <h2>Log files</h2>
+<h3>security warning</h3>
+Anyone who can write to the directory where Apache is writing a
+log file can almost certainly gain access to the uid that the server is
+started as, which is normally root.  Do <EM>NOT</EM> give people write
+access to the directory the logs are stored in without being aware of
+the consequences; see the <A HREF="misc/security_tips.html">security tips</A>
+document for details.
 <h3>pid file</h3>
 On daemon startup, it saves the process id of the parent httpd process to
 the file <code>logs/httpd.pid</code>. This filename can be changed with the
author	brian <brian@unknown>	1997-01-10 08:24:03 +0000
committer	brian <brian@unknown>	1997-01-10 08:24:03 +0000
commit	c09109559c1e775c8a46bc7b273906594abc45f1 (patch)
tree	23d88f0f2883c3e1fdd554c45d9a7d25b8026a64 /docs/manual/invoking.html.en
parent	df7c9f885c1644659d62ce5ae93fba7094f13c42 (diff)
download	httpd-c09109559c1e775c8a46bc7b273906594abc45f1.tar.gz