httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Wilson <and...@tees.elsevier.co.uk>
Subject Re: WWW Form Bug Report: ""User" option doesn't change the user of the "parent" process" on Ultrix
Date Thu, 05 Oct 1995 20:21:42 GMT
> > Submitter: mcgrant@rascals.stanford.edu
> > Operating system: Ultrix, version: 4.4
> > Extra Modules used: 
> > URL exhibiting problem: 
> > 
> > Symptoms:
> > --
> > I guess this isn't a bug report, per se, since it is well-defined behavior. I had
sent a patch for httpd 1.4 to the NCSA people, and it worked just great for me.  Basically,
I want the _parent_ process for httpd to change its UID as well as the child processes. I
found this most useful when constructing a crontab file for my "www" user, which would send
a kill -HUP signal to the httpd daemon every once in awhile. By adding this option (perhaps
as a  compile-time option), it allows me to completely remove root from the Web management.
 Of course the socket must be bound _before_ the uid is changed. But like I said, it works
fine for me. I will attempt to create an appropriate patch for httpd_main.c for Apache 0.8.14.
 Comments? Mike  
> 
> 
> hi,
> 
> does this mean that any CGI script can send a SIGHUP to the server, or
> worse, send a SIGTERM or SIGKILL?
> 
> 
> regards,
> rob

It should be ok.  I guess what the patch would do is define a second
pair of User/Group directives that the parent process would change to after
binding to port 80.

	User	htbin
	Group	htbin

	ParentUser wwwadmin
	ParentGroup wwwadmin

The question is which of setuid and seteuid should be called, and here my
understanding of UNIX permissions is a little flaky.  Felix von Leitner's
SETUID patch might require root permissions to exist in some form or other
all the time, so that cgi-bin calls could subsequently be seteuid ~user at
access time.  If you don't care about seteuid'ing to ~user then I think
that all the server really needs root perms for is to bind to the server
and actually set[e]uid set[e]grp.  Thereafter it should be happy to
run as wwwadmin or whatever.

Huh?

Ay.

Mime
View raw message