[Mono-dev] RFC: mod_mono group membership patch

Philip Tricca flihp at twobit.us
Fri Nov 6 11:32:23 EST 2009


I'm run a shared host for a few friends and recently I set up mono for 
them (latest source release on Debian Lenny).  Typically, to separate 
users I create a unique, shared group between each user and the web 
server (pretty standard user of DAC).

When I deployed mod_mono & mod-mono-server2 using this scheme I got a 
System.UnauthorizedAccessException when the mono server would try to 
read files owned by such a group.  It was however able to access files 
with group perms for the default apache group.  This exception was 
thrown even though the web server could access the same files without 
any troubles.

Going through the code for mod_mono I was able to find the location 
where the server drops root privileges, assuming the uid and gid of the 
apache user and group.  I was not able to find any call to initgroups 
where it would normally set up the supplementary group membership. 
Using getgroups to see which groups the forked process belonged to did 
not return the expected group list, which seems to be the source of the 

The attached patch fixes this.  I've been running it on two live system 
for a few days now and it work fine.  If you like the patch it's free 
for the taking.  If not, let me know what the preferred solution is.

- Philip

-------------- next part --------------
A non-text attachment was scrubbed...
Name: mod_mono.grp.patch
Type: text/x-diff
Size: 1003 bytes
Desc: not available
Url : http://lists.ximian.com/pipermail/mono-devel-list/attachments/20091106/aad8bb68/attachment.bin 

More information about the Mono-devel-list mailing list