You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2014/11/28 20:21:39 UTC
[Bug 57279] New: APACHE STARTS AS A USER BELONGING TO DIFFERENT
GROUP THAN THE INSTANCE OWNERS GROUP
https://issues.apache.org/bugzilla/show_bug.cgi?id=57279
Bug ID: 57279
Summary: APACHE STARTS AS A USER BELONGING TO DIFFERENT GROUP
THAN THE INSTANCE OWNERS GROUP
Product: Apache httpd-2
Version: 2.4.10
Hardware: PC
OS: Linux
Status: NEW
Severity: critical
Priority: P2
Component: mod_unixd
Assignee: bugs@httpd.apache.org
Reporter: kunwarjai.kec@gmail.com
To run apache as a different user
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 57279] APACHE STARTS AS A USER BELONGING TO DIFFERENT GROUP
THAN THE INSTANCE OWNERS GROUP
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=57279
jai verma <ku...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |kunwarjai.kec@gmail.com
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 57279] APACHE STARTS AS A USER BELONGING TO DIFFERENT GROUP
THAN THE INSTANCE OWNERS GROUP
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=57279
jai verma <ku...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEEDINFO |NEW
--- Comment #3 from jai verma <ku...@gmail.com> ---
Instance created:
uid=560773(user1) gid=9500(group1) groups=9500(group1)
Running as:
uid=94197(user2) gid=8509(group2) groups=8509(group2) and
uid=94119(user3) gid=42774(group3)
groups=42774(group3),9500(group1),8509(group2)
Considering above users only 94119 should be able to start apache as it belongs
to the group of apache owner i.e. 560773. But user 94197 is also able to start
apache.
httpd.conf CHANGES:
User user2
Group group2
Apache starts successfully
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 57279] APACHE STARTS AS A USER BELONGING TO DIFFERENT GROUP
THAN THE INSTANCE OWNERS GROUP
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=57279
Eric Covener <co...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |INVALID
--- Comment #4 from Eric Covener <co...@gmail.com> ---
There's nothing in the HTTP server that cares about 'instances' much less the
userid that created them. If you don't expect a user to be able to execute
http, it's being managed outside of httpd.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 57279] APACHE STARTS AS A USER BELONGING TO DIFFERENT GROUP
THAN THE INSTANCE OWNERS GROUP
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=57279
--- Comment #1 from jai verma <ku...@gmail.com> ---
To start Apache as a Different User (other than the Apache owner) the
configured User id must be in the same Group as the group that owns the
instance directory.
But its observed that any user is able to start Apache irrespective of its
Group.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 57279] APACHE STARTS AS A USER BELONGING TO DIFFERENT GROUP
THAN THE INSTANCE OWNERS GROUP
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=57279
Eric Covener <co...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |NEEDINFO
--- Comment #2 from Eric Covener <co...@gmail.com> ---
It's unclear what bug you're reporting.
What's an Apache owner? What's an instance directory? What's unexpected about
your outcome in terms of specific userids and configurations?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org