You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2003/03/30 14:53:42 UTC
DO NOT REPLY [Bug 8904] -
perchild: apr_proc_mutex problem
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8904>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8904
perchild: apr_proc_mutex problem
------- Additional Comments From st.muehlebach@gmx.ch 2003-03-30 12:53 -------
I found out an alternative solution to the 'permission denied' problem of 'perchild'-servers. The only restriction is, that ALL processes (the main process and the worker processes) must run unter the same GID ('nogroup' or '#-1' in this example). a) Change in file srclib/apr/locks/unix/proc_mutex.c, line 217: new_mutex->interproc->filedes = semget(IPC_PRIVATE, 1, IPC_CREAT | 0660); ^^^^ b) When you start the server you must make sure that the GID of the calling shell is 'nogroup'. This can be done either with 'newgrp' or 'sg': sg nogroup -c "/usr/local/apache2/bin/httpd -k start" The main process starts under 'root':'nogroup', creates the semaphore and forks off several worker processes which may change their UID (but NOT their GID!). I personally don't see any security problems caused by the 'all servers under same GID'-rule.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org