Hello Dan, list
you wrote: (Answer at the end , sorry (Copy and paste :) )
"Dan Harkless" <leaf@...> writes:
> In any case, doing a leaf-user archive search, it looks like one of the
> bugs I was going to report (sh-httpd should be in group 4 rather than 10,
> or it can't read log files after they get cycled) has already been
> discussed. Since the bug tracking isn't really used, though, it's not
> really possible to verify that this will be addressed in the successor to
Actually, I just came across this page:
which explains that sh-httpd was intentionally
changed to GID 10 (which it
erroneously calls the "wheels" group, but that's
"wheel", singular) in
1.0-rc3 to get weblet to work with the grsecurity-
So it would appear that my above-mentioned fix of
putting the group back to
4 (adm) isn't valid. I'm curious why not, though.
That's how my copy of
Bering is currently running (and I have rebooted
since the change), and
weblet appears to be working fine. What is it that
wasn't working for the
authors until the sh-httpd group was changed to
If it _is_ necessary for sh-httpd to be in wheel,
either the log-cycling
cron jobs (including the weblet-specific one) will
need to be changed to
use -g wheel, or they'll need to be changed to use -m
644 instead of -m
640. This would seem to be a reasonable change, as
the default (empty) log
files that come with Bering are indeed mode 644.
They don't get changed to
mode 640 until the log cyclers run, and this disjoint
What doesn't function anymore if the group of sh-
httpd is adm are parts of the viewsys page:
the listing of the modules for example.
This was the reason the wheel ( not wheels you are
right ;)) group was used.
In the new release of weblet the modification to the
cron job assigning the logfiles to -g wheel is
Thanks for your feedback.
member of the bering crew.