[Mono-dev] mod_mono and supplementary groups
Rafael Teixeira
monoman at gmail.com
Tue Nov 6 08:04:01 EST 2007
Mod_Mono calls a process running Mono runtime, probably the process
user is set to what Apache tells, but groups may not being set
correctly. Just some thoughts on it.
On 11/5/07, Jay Miller <jnmiller at cryptofreak.org> wrote:
> I'm confused about how mod_mono works with supplementary groups. I
> have Apache running as apache.apache, with the apache user a member of
> the 'safe' group:
>
> $ groups apache
> apache : apache safe
>
> I also have a directory with 'safe' ownership:
>
> $ ls -dl /var/log/safe
> drwxrwxr-x 2 root safe 4.0K Nov 5 12:04 /var/log/safe
>
> The following PHP script is able to write to that directory:
>
> <?php touch("/var/log/safe/arr.php"); ?>
>
> However, the following ASP script is not:
>
> <%@ Page Language="C#" Debug="true" %>
> <% using (System.IO.File.CreateText("/var/log/safe/arr.asp")) { } %>
>
> Interestingly, these two scripts return different values when they
> call getgroups(). The PHP script "correctly" returns the apache and
> safe groups. The ASP script returns apache for its effective uid/gid,
> but getgroups() returns groups 0,1,2,3,4,6,10 - all of *root's*
> supplementary groups!
>
> Hopefully someone can provide some quick insight to my problem here
> and, ideally, a workaround - thank you in advance for your help!
>
> --
> Jay Miller
> PGP Fingerprint | 5f7adbbe bfc60727 96dca94c 616d5080 09e3e846
> _______________________________________________
> Mono-devel-list mailing list
> Mono-devel-list at lists.ximian.com
> http://lists.ximian.com/mailman/listinfo/mono-devel-list
>
--
Rafael "Monoman" Teixeira
---------------------------------------
"I myself am made entirely of flaws, stitched together with good intentions."
Augusten Burroughs
More information about the Mono-devel-list
mailing list