Mailing-List: contact cygwin-apps-help AT cygwin DOT com; run by ezmlm Sender: cygwin-apps-owner AT cygwin DOT com List-Subscribe: List-Archive: List-Post: List-Help: , Delivered-To: mailing list cygwin-apps AT cygwin DOT com Date: Mon, 21 Jan 2002 11:22:48 +0100 From: Corinna Vinschen To: cygapp Subject: Re: apache-1.3.22-4 no-detach patch Message-ID: <20020121112248.H11608@cygbert.vinschen.de> Mail-Followup-To: cygapp References: <3C475FB1 DOT 26A73DB7 AT wapme-systems DOT de> <20020118093341 DOT A18161 AT cygbert DOT vinschen DOT de> <3C47EC5B DOT D0886E51 AT wapme-systems DOT de> <20020118161913 DOT C11608 AT cygbert DOT vinschen DOT de> <3C4AF0EC DOT C1F0F399 AT wapme-systems DOT de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3C4AF0EC.C1F0F399@wapme-systems.de> User-Agent: Mutt/1.3.22.1i On Sun, Jan 20, 2002 at 05:31:40PM +0100, Stipe Tolj wrote: > Please grap > > apache-1.3.22-3.tar.bz2 > apache-1.3.22-4-no-detach.tar.bz2 > > from http://apache.dev.wapme.net/support/apache-cygwin/ and replace > the files in -4 with those of -3 for testing. That works nicely. Just one problem left, though. In /etc/apache/httpd.conf I've set User to `Guest' (uid 501). The apache service is started under SYSTEM account. When looking into the process list you can see: PID PPID PGID WINPID TTY UID STIME COMMAND 196 1 196 196 ? 18 10:53:42 /usr/bin/cygrunsrv 2504 196 2504 3740 ? 18 10:53:42 /usr/sbin/httpd 4012 2504 2504 4012 ? 18 10:53:43 /usr/sbin/httpd It's ok that the service process is running under SYSTEM (uid 18) account but the server process should have switched to the Guest account (uid 501) like that: PID PPID PGID WINPID TTY UID STIME COMMAND 196 1 196 196 ? 18 10:53:42 /usr/bin/cygrunsrv 2504 196 2504 3740 ? 18 10:53:42 /usr/sbin/httpd 4012 2504 2504 4012 ? 501 10:53:43 /usr/sbin/httpd This would be the same as in Linux then, where the service is started under root but the server runs under some nobody account. Is the setuid() switched off in the Cygwin version??? That's somewhat dangerous, actually. That way it's impossible to run the server under an account with as few rights as possible. Example Guest account: The machine would have to give "Start as a service" user right to the Guest account. Uh, wait a minute... *dig, dig, dig* Ok, as far as I can see, the problem is line 4136f. in http_main.c: /* Only try to switch if we're running as root */ if (!geteuid() && ( That could get changed to (just a draft): #ifdef CYGWIN /* Only try to switch if we're running as SYSTEM */ #define SYSTEM_UID 18 if (geteuid() == SYSTEM_UID && ( #else /* Only try to switch if we're running as root */ if (!geteuid() && ( #endif Or is that the stuff in line 5375f.? I'm not quite sure. > Be aware to have > > $ chown SYETEM /var/log/apache > > otherwise you won't get going. Could you call that `chown' in your /etc/postinstall script? > I'll ask the Apache guys if a OS-wide flag may be introduced. > Otherwise, I will provide them a patch for the Cygwin specific flag. That would of course be the best solution. However, except for the setuid() problem and the postinstall one-liner we can go with it as it is for now. Thanks, Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Developer mailto:cygwin AT cygwin DOT com Red Hat, Inc.