[Mono-dev] mod_mono and supplementary groups
Jay Miller
jnmiller at cryptofreak.org
Mon Nov 5 14:52:16 EST 2007
I'm confused about how mod_mono works with supplementary groups. I
have Apache running as apache.apache, with the apache user a member of
the 'safe' group:
$ groups apache
apache : apache safe
I also have a directory with 'safe' ownership:
$ ls -dl /var/log/safe
drwxrwxr-x 2 root safe 4.0K Nov 5 12:04 /var/log/safe
The following PHP script is able to write to that directory:
<?php touch("/var/log/safe/arr.php"); ?>
However, the following ASP script is not:
<%@ Page Language="C#" Debug="true" %>
<% using (System.IO.File.CreateText("/var/log/safe/arr.asp")) { } %>
Interestingly, these two scripts return different values when they
call getgroups(). The PHP script "correctly" returns the apache and
safe groups. The ASP script returns apache for its effective uid/gid,
but getgroups() returns groups 0,1,2,3,4,6,10 - all of *root's*
supplementary groups!
Hopefully someone can provide some quick insight to my problem here
and, ideally, a workaround - thank you in advance for your help!
--
Jay Miller
PGP Fingerprint | 5f7adbbe bfc60727 96dca94c 616d5080 09e3e846
More information about the Mono-devel-list
mailing list