httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Trawick <traw...@gmail.com>
Subject [mod_fcgid PATCH] don't try to change ownership of socket directory unless running as root
Date Mon, 11 May 2009 15:56:42 GMT
Currently, starting httpd as non-root with mod_fcgid loaded fails unless
User/Group are set to the active User/Group.  Normally, httpd modules don't
try to set ownership of objects to the specified User/Group unless starting
as root.  Thus, httpd.conf can contain reasonable User/Group settings for
production use but still be suitable for use by Joe User.
The affected code in fcgid_pm_unix.c is from the original revision (
http://svn.apache.org/viewvc/httpd/mod_fcgid/trunk/mod_fcgid/arch/unix/fcgid_pm_unix.c?revision=753487&view=markup
).

Logic was added a couple of years ago (
http://svn.apache.org/viewvc?view=rev&revision=753553) to bypass the
directory creation/chown if the directory already existed and had the
correct ownership, to allow use with some SELinux policy.

Comments/concerns?

Mime
View raw message