[PATH] -g option for httpd and default user
Luciano Miguel Ferreira Rocha
strange at nsk.no-ip.org
Tue Oct 3 10:24:31 PDT 2006
On Tue, Oct 03, 2006 at 01:24:04PM -0400, Rich Felker wrote:
> On Tue, Oct 03, 2006 at 02:58:02PM +0100, Luciano Miguel Ferreira Rocha wrote:
> > > Why they are always called? What if I want to run httpd under
> > > current user/group?
> >
> > Well, if your current user is root, I doubt it, but you can specify it.
> > Defaulting to nobody (er, -1) is better, IMHO.
> >
> > If you're not root, the calls will have no effect on the processe's ids.
>
> You'd better check the return values though if you're root, and exit
> if they fail. Due to some linux stupidity, setuid can sometimes fail
> if you're root under dubious 'security' setups, and it would be very
> bad if the httpd maintained root in these situations. IIRC the main
> way this can happen is related to "POSIX" capabilities (which have
> nothing to do with POSIX, BTW) but there may be other ways.
Yes, and due to those same capabilities, it can succeed even if
EUID != 0.
Both that situations aren't a concern in my system, and I don't know
what will happend to -u/-g in busybox's httpd, so I won't be touching my
patch again.
Regards,
Luciano Rocha
--
lfr
0/0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://busybox.net/lists/busybox/attachments/20061003/d96f3bdd/attachment.pgp
More information about the busybox
mailing list