www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andreas Jung <aj...@sz-sb.de>
Subject suexec/3154: suexec is getting started with wrong groupname
Date Tue, 06 Oct 1998 10:57:08 GMT

>Number:         3154
>Category:       suexec
>Synopsis:       suexec is getting started with wrong groupname
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Tue Oct  6 04:00:01 PDT 1998
>Last-Modified:
>Originator:     ajung@sz-sb.de
>Organization:
apache
>Release:        1.3.2
>Environment:
SunOS bonnie 5.5.1 Generic_103640-03 sun4u sparc SUNW,Ultra-Enterprise    
>Description:
I get the following error messages in the suexec logfile:

[1998-10-06 12:38:14]: uid: (lccd/lccd) gid: (lccd/lccd) cmd: test.cgi
[1998-10-06 12:38:14]: target uid/gid (217/217) mismatch with directory (217/8888) or program
(217/8888)  

I took a look at the Apache and suexec sourcen and logs of strace and 
tracked down the problem to:

The called CGI script test.cgi has the ownership: uid=lccd/217,gid=eucgi/8888
Apache starts suexec with uid=lccd/217 and gid=lccd/217.

So the comparision of the GIDs inside suexec fails. The httpd runs on
a special WWW account (uid=www,gid=eucgi/8888). Where does Apache takes the
GID=lccd from. The account "lccd" belongs to the groups "lccd" and "eucgi".
Does Apache take the first group ?

I also tried to set USER and GROUP inside the virtual host section - without
succuess. 

The main question seems to be: where is the GID for the suexec call taken from ??

Any idea ?
>How-To-Repeat:

>Fix:

>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <apbugs@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED.  This is not done]
[automatically because of the potential for mail loops. ]
[If you do not include this Cc, your reply may be ig-   ]
[nored unless you are responding to an explicit request ]
[from a developer.                                      ]
[Reply only with text; DO NOT SEND ATTACHMENTS!         ]




Mime
View raw message