Return-Path: Delivered-To: apmail-apr-dev-archive@www.apache.org Received: (qmail 72894 invoked from network); 2 Feb 2009 17:14:30 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 2 Feb 2009 17:14:30 -0000 Received: (qmail 9271 invoked by uid 500); 2 Feb 2009 17:14:29 -0000 Delivered-To: apmail-apr-dev-archive@apr.apache.org Received: (qmail 9211 invoked by uid 500); 2 Feb 2009 17:14:29 -0000 Mailing-List: contact dev-help@apr.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Id: Delivered-To: mailing list dev@apr.apache.org Received: (qmail 9199 invoked by uid 99); 2 Feb 2009 17:14:29 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 02 Feb 2009 09:14:29 -0800 X-ASF-Spam-Status: No, hits=1.2 required=10.0 tests=SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (nike.apache.org: local policy) Received: from [64.202.165.31] (HELO smtpauth18.prod.mesa1.secureserver.net) (64.202.165.31) by apache.org (qpsmtpd/0.29) with SMTP; Mon, 02 Feb 2009 17:14:20 +0000 Received: (qmail 11737 invoked from network); 2 Feb 2009 17:13:58 -0000 Received: from unknown (76.252.112.72) by smtpauth18.prod.mesa1.secureserver.net (64.202.165.31) with ESMTP; 02 Feb 2009 17:13:58 -0000 Message-ID: <498729D5.1080004@rowe-clan.net> Date: Mon, 02 Feb 2009 11:13:57 -0600 From: "William A. Rowe, Jr." User-Agent: Thunderbird 2.0.0.19 (X11/20090105) MIME-Version: 1.0 To: Mladen Turk CC: APR Developer List Subject: Re: APR-izing httpd's unixd_set_proc_mutex_perms References: <488177E4.1090802@apache.org> <49848387.6040705@apache.org> <4985DC6C.9030305@rowe-clan.net> <4986A0F5.5050301@apache.org> In-Reply-To: <4986A0F5.5050301@apache.org> X-Enigmail-Version: 0.95.7 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org Mladen Turk wrote: > William A. Rowe, Jr. wrote: >> Mladen Turk wrote: >>> Long time since initial proposal, but here it is. >>> Since there was no objections I'll commit this into trunk. >> >> Does this API imply that the developer has to manage the resources >> to be converted by uid/gid? >> >> If so, I suspect you are ignoring others who the primary author is >> unaware of. >> >> The right API, IMHO, is to register a list of resources to be >> converted *to whatever target uid/gid* will be used after fork. >> Why should the author track these? >> > > Make sense, but IMO as an additional API. > We shouldn't make limit to set the object owners > during fork only. A simple client server where > server is running as root and client accessing its > shared memory won't need to fork in all cases. > > I presume you were thinking of list of callbacks > that could be registered to apr_procattr_t and > called after the fork is done, with its uid/gid. Something like that, yea. And you raise a good point w.r.t. some deliberately shared resources. I'd actually want to allow such an API to target either uid, gid or both for apps who want to manage access by only one or the other, leaving access by uid or gid alone after fork.