by default drop privs to www/www, not nobody/nogroup if User/Group

entries are not present;  or it's being run configless
"sure" henning@, "makes sense" merdely@, ok sthen@

2 files changed, 5 insertions, 5 deletions

diff --git a/usr.sbin/httpd/Makefile.bsd-wrapper b/usr.sbin/httpd/Makefile.bsd-wrapper
index 774029bd31a..cb062ab2543 100644
--- a/usr.sbin/httpd/Makefile.bsd-wrapper
+++ b/usr.sbin/httpd/Makefile.bsd-wrapper
@@ -1,5 +1,5 @@
 # Build wrapper for Apache 
-# $OpenBSD: Makefile.bsd-wrapper,v 1.68 2008/07/11 00:12:35 martynas Exp $
+# $OpenBSD: Makefile.bsd-wrapper,v 1.69 2009/03/10 10:56:40 martynas Exp $
 
 # Our lndir is hacked; specify a full path to avoid potential conflicts
 # with the one installed with X11.
@@ -48,7 +48,7 @@ CONFIG_ARGS=	--with-layout="OpenBSD" --enable-module="ssl" \
 	--suexec-logfile="/var/log/suexec_log" --suexec-userdir="public_html" \
 	--suexec-uidmin="1000" --suexec-gidmin="1000" \
 	--suexec-safepath="/usr/bin:/bin:/usr/local/bin" \
-	--disable-rule=EXPAT
+	--disable-rule=EXPAT --server-uid="www" --server-gid="www"
 
 # This is stupid - to build a DSO module for Apache you not only need to
 # --enable-shared, you need to --enable-module or --enable-shared doesn't
diff --git a/usr.sbin/httpd/src/include/ap_config.h b/usr.sbin/httpd/src/include/ap_config.h
index bd489a78357..804c164d0e7 100644
--- a/usr.sbin/httpd/src/include/ap_config.h
+++ b/usr.sbin/httpd/src/include/ap_config.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ap_config.h,v 1.22 2008/05/09 08:06:27 mbalmer Exp $ */
+/*	$OpenBSD: ap_config.h,v 1.23 2009/03/10 10:56:40 martynas Exp $ */
 
 /* ====================================================================
  * The Apache Software License, Version 1.1
@@ -98,10 +98,10 @@ extern "C" {
 #undef NO_SETSID
 #define HAVE_SYSLOG 1
 #ifndef DEFAULT_USER
-#define DEFAULT_USER "nobody"
+#define DEFAULT_USER "www"
 #endif
 #ifndef DEFAULT_GROUP
-#define DEFAULT_GROUP "nogroup"
+#define DEFAULT_GROUP "www"
 #endif
 #define HAVE_SHMGET 1
 #define HAVE_MMAP 1