[PATH] -g option for httpd and default user
Luciano Miguel Ferreira Rocha
strange at nsk.no-ip.org
Tue Oct 3 06:58:02 PDT 2006
On Mon, Oct 02, 2006 at 09:38:14PM +0200, Denis Vlasenko wrote:
> On Monday 25 September 2006 19:58, Luciano Miguel Ferreira Rocha wrote:
> >
> > Hello,
> >
> > The attached patch changes httpd in the following ways when
> > CONFIG_FEATURE_HTTPD_SETUID is set:
> >
> > 1. -u now also sets the group id (from pwent->pw_gid, if found, else
> > same as uid)
>
> Same as uid? Rationale?
Because current usage only sets uid, which I feel is broken. I expected
it to set gid as well, and was surprised when my CGIs couldn't write to
a directory w/ gid the one I speficied with -u. Thus, this patch.
> > 2. new -g option, defining new group id
> > 3. setgid and setuid are always called, even in the absence of -u/-g,
> > and a new option for defining the default was added. Default is "-1".
>
> Why they are always called? What if I want to run httpd under
> current user/group?
Well, if your current user is root, I doubt it, but you can specify it.
Defaulting to nobody (er, -1) is better, IMHO.
If you're not root, the calls will have no effect on the processe's ids.
> More general question: why does httpd needs -u AT ALL?
> Should we add similar options to all other daemons now?
I didn't add it, I changed its behaviour.
> Obviously not, setuidgid utility handles that just fine:
>
> setuidgid apache httpd -opt
I can't find a setuidgid applet on busybox-1.2.1.
> Or chpst from runit... (/me needs to merge that...)
ditto.
Regards,
Luciano Rocha
--
lfr
0/0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://busybox.net/lists/busybox/attachments/20061003/b87e1201/attachment-0001.pgp
More information about the busybox
mailing list