Mail Archives: cygwin-apps/2002/01/21/05:23:27
On Sun, Jan 20, 2002 at 05:31:40PM +0100, Stipe Tolj wrote:
> Please grap
>
> apache-1.3.22-3.tar.bz2
> apache-1.3.22-4-no-detach.tar.bz2
>
> from http://apache.dev.wapme.net/support/apache-cygwin/ and replace
> the files in -4 with those of -3 for testing.
That works nicely. Just one problem left, though.
In /etc/apache/httpd.conf I've set User to `Guest' (uid 501).
The apache service is started under SYSTEM account. When
looking into the process list you can see:
PID PPID PGID WINPID TTY UID STIME COMMAND
196 1 196 196 ? 18 10:53:42 /usr/bin/cygrunsrv
2504 196 2504 3740 ? 18 10:53:42 /usr/sbin/httpd
4012 2504 2504 4012 ? 18 10:53:43 /usr/sbin/httpd
It's ok that the service process is running under SYSTEM (uid 18)
account but the server process should have switched to the Guest
account (uid 501) like that:
PID PPID PGID WINPID TTY UID STIME COMMAND
196 1 196 196 ? 18 10:53:42 /usr/bin/cygrunsrv
2504 196 2504 3740 ? 18 10:53:42 /usr/sbin/httpd
4012 2504 2504 4012 ? 501 10:53:43 /usr/sbin/httpd
This would be the same as in Linux then, where the service is
started under root but the server runs under some nobody account.
Is the setuid() switched off in the Cygwin version??? That's
somewhat dangerous, actually. That way it's impossible to
run the server under an account with as few rights as possible.
Example Guest account: The machine would have to give "Start
as a service" user right to the Guest account. Uh, wait a
minute...
*dig, dig, dig*
Ok, as far as I can see, the problem is line 4136f. in http_main.c:
/* Only try to switch if we're running as root */
if (!geteuid() && (
That could get changed to (just a draft):
#ifdef CYGWIN
/* Only try to switch if we're running as SYSTEM */
#define SYSTEM_UID 18
if (geteuid() == SYSTEM_UID && (
#else
/* Only try to switch if we're running as root */
if (!geteuid() && (
#endif
Or is that the stuff in line 5375f.? I'm not quite sure.
> Be aware to have
>
> $ chown SYETEM /var/log/apache
>
> otherwise you won't get going.
Could you call that `chown' in your /etc/postinstall script?
> I'll ask the Apache guys if a OS-wide flag may be introduced.
> Otherwise, I will provide them a patch for the Cygwin specific flag.
That would of course be the best solution. However, except for the
setuid() problem and the postinstall one-liner we can go with it as
it is for now.
Thanks,
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Developer mailto:cygwin AT cygwin DOT com
Red Hat, Inc.
- Raw text -