httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From traw...@apache.org
Subject svn commit: r778204 - in /httpd/mod_fcgid/trunk/mod_fcgid: CHANGES arch/unix/fcgid_pm_unix.c
Date Sun, 24 May 2009 18:04:35 GMT
Author: trawick
Date: Sun May 24 18:04:35 2009
New Revision: 778204

URL: http://svn.apache.org/viewvc?rev=778204&view=rev
Log:
Don't try to set the ownership of the socket directory unless running
as root and the socket directory was just created.

now working: joeuser using mod_fcgid with default httpd.conf (which
  has User set to something other than joeuser)

now not working: automatically fixing/changing ownership of a directory 
  (potentially via symlink) owned by some other user; this will result
  in run-time failures until manual intervention


Modified:
    httpd/mod_fcgid/trunk/mod_fcgid/CHANGES
    httpd/mod_fcgid/trunk/mod_fcgid/arch/unix/fcgid_pm_unix.c

Modified: httpd/mod_fcgid/trunk/mod_fcgid/CHANGES
URL: http://svn.apache.org/viewvc/httpd/mod_fcgid/trunk/mod_fcgid/CHANGES?rev=778204&r1=778203&r2=778204&view=diff
==============================================================================
--- httpd/mod_fcgid/trunk/mod_fcgid/CHANGES [utf8] (original)
+++ httpd/mod_fcgid/trunk/mod_fcgid/CHANGES [utf8] Sun May 24 18:04:35 2009
@@ -1,6 +1,11 @@
                                                          -*- coding: utf-8 -*-
 Changes with mod_fcgid 2.3
 
+  *) Don't try to set the ownership of the socket directory unless running
+     as root, resolving startup failures when starting as a non-root id but
+     httpd.conf specifies a different User/Group (e.g., when using the 
+     default httpd.conf as non-root).  [Jeff Trawick]
+
   *) Fix formatting of several messages, including the oft-seen "mod_fcgid: 
      Can't create shared memory for size %zu byte".  [Jeff Trawick]
 

Modified: httpd/mod_fcgid/trunk/mod_fcgid/arch/unix/fcgid_pm_unix.c
URL: http://svn.apache.org/viewvc/httpd/mod_fcgid/trunk/mod_fcgid/arch/unix/fcgid_pm_unix.c?rev=778204&r1=778203&r2=778204&view=diff
==============================================================================
--- httpd/mod_fcgid/trunk/mod_fcgid/arch/unix/fcgid_pm_unix.c (original)
+++ httpd/mod_fcgid/trunk/mod_fcgid/arch/unix/fcgid_pm_unix.c Sun May 24 18:04:35 2009
@@ -289,8 +289,7 @@
 
     rv = apr_stat(&finfo, get_socketpath(main_server), APR_FINFO_USER,
                   configpool);
-    if (rv != APR_SUCCESS || !(finfo.valid & APR_FINFO_USER)
-        || finfo.user != unixd_config.user_id) {
+    if (rv != APR_SUCCESS) {
         /* Make dir for unix domain socket */
         if ((rv = apr_dir_make_recursive(get_socketpath(main_server),
                                          APR_UREAD | APR_UWRITE |
@@ -302,11 +301,24 @@
             exit(1);
         }
 
-        if (chown(get_socketpath(main_server), unixd_config.user_id, -1) < 0) {
-            ap_log_error(APLOG_MARK, APLOG_ERR, errno, main_server,
-                         "mod_fcgid: Can't set ownership of unix socket dir %s",
-                         get_socketpath(main_server));
-            exit(1);
+        /* Child processes need to be able to create sockets in the unix
+         * socket dir.  Change the ownership to the child user only if
+         * running as root and we just successfully created the directory
+         * (avoiding any concerns about changing the target of a link
+         * created by another user).
+         *
+         * If the directory already existed and was owned by a different user,
+         * FastCGI requests will fail at steady state, and manual intervention
+         * will be required.
+         */
+
+        if (!geteuid()) {
+            if (chown(get_socketpath(main_server), unixd_config.user_id, -1) < 0) {
+                ap_log_error(APLOG_MARK, APLOG_ERR, errno, main_server,
+                             "mod_fcgid: Can't set ownership of unix socket dir %s",
+                             get_socketpath(main_server));
+                exit(1);
+            }
         }
     }
 



Mime
View raw message