You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2014/11/28 20:21:39 UTC

[Bug 57279] New: APACHE STARTS AS A USER BELONGING TO DIFFERENT GROUP THAN THE INSTANCE OWNERS GROUP

https://issues.apache.org/bugzilla/show_bug.cgi?id=57279

            Bug ID: 57279
           Summary: APACHE STARTS AS A USER BELONGING TO DIFFERENT GROUP
                    THAN THE INSTANCE OWNERS GROUP
           Product: Apache httpd-2
           Version: 2.4.10
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: critical
          Priority: P2
         Component: mod_unixd
          Assignee: bugs@httpd.apache.org
          Reporter: kunwarjai.kec@gmail.com

To run apache as a different user

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 57279] APACHE STARTS AS A USER BELONGING TO DIFFERENT GROUP THAN THE INSTANCE OWNERS GROUP

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=57279

jai verma <ku...@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |kunwarjai.kec@gmail.com

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 57279] APACHE STARTS AS A USER BELONGING TO DIFFERENT GROUP THAN THE INSTANCE OWNERS GROUP

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=57279

jai verma <ku...@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEEDINFO                    |NEW

--- Comment #3 from jai verma <ku...@gmail.com> ---
Instance created: 
uid=560773(user1) gid=9500(group1) groups=9500(group1)

Running as:
uid=94197(user2) gid=8509(group2) groups=8509(group2) and
uid=94119(user3) gid=42774(group3)
groups=42774(group3),9500(group1),8509(group2)

Considering above users only 94119 should be able to start apache as it belongs
to the group of apache owner i.e. 560773. But user 94197 is also able to start
apache.


httpd.conf CHANGES:

User user2
Group group2

Apache starts successfully

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 57279] APACHE STARTS AS A USER BELONGING TO DIFFERENT GROUP THAN THE INSTANCE OWNERS GROUP

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=57279

Eric Covener <co...@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |INVALID

--- Comment #4 from Eric Covener <co...@gmail.com> ---
There's nothing in the HTTP server that cares about 'instances' much less the
userid that created them. If you don't expect a user to be able to execute
http, it's being managed outside of httpd.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 57279] APACHE STARTS AS A USER BELONGING TO DIFFERENT GROUP THAN THE INSTANCE OWNERS GROUP

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=57279

--- Comment #1 from jai verma <ku...@gmail.com> ---
To start Apache as a Different User (other than the Apache owner) the
configured User id must be in the same Group as the group that owns the
instance directory.

But its observed that any user is able to start Apache irrespective of its
Group.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 57279] APACHE STARTS AS A USER BELONGING TO DIFFERENT GROUP THAN THE INSTANCE OWNERS GROUP

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=57279

Eric Covener <co...@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |NEEDINFO

--- Comment #2 from Eric Covener <co...@gmail.com> ---
It's unclear what bug you're reporting.

What's an Apache owner? What's an instance directory? What's unexpected about
your outcome in terms of specific userids and configurations?

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org