[Mono-dev] mod_mono and supplementary groups

Jay Miller jnmiller at cryptofreak.org
Mon Nov 5 14:52:16 EST 2007

I'm confused about how mod_mono works with supplementary groups.  I
have Apache running as apache.apache, with the apache user a member of
the 'safe' group:

 $ groups apache
 apache : apache safe

I also have a directory with 'safe' ownership:

 $ ls -dl /var/log/safe
 drwxrwxr-x 2 root safe 4.0K Nov  5 12:04 /var/log/safe

The following PHP script is able to write to that directory:

 <?php touch("/var/log/safe/arr.php"); ?>

However, the following ASP script is not:

 <%@ Page Language="C#" Debug="true" %>
 <% using (System.IO.File.CreateText("/var/log/safe/arr.asp")) { } %>

Interestingly, these two scripts return different values when they
call getgroups().  The PHP script "correctly" returns the apache and
safe groups.  The ASP script returns apache for its effective uid/gid,
but getgroups() returns groups 0,1,2,3,4,6,10 - all of *root's*
supplementary groups!

Hopefully someone can provide some quick insight to my problem here
and, ideally, a workaround - thank you in advance for your help!

Jay Miller
PGP Fingerprint | 5f7adbbe bfc60727 96dca94c 616d5080 09e3e846

More information about the Mono-devel-list mailing list