User, Logs, Restarts?

[Ben Hyde <bh...@pobox.com>]

Httpd can wear's two hats, or UID, during it's life: the one it's invoked
via and; the one specified in the config files.

Configuration files are read, and their side effects taken, wearing
both these hats.

The user in force when pconf is cleaned up is can be different than
that when the space was allocated.

ap_open_logs is called wearing either hat.  That has interesting
consequences on the file protections and the processes this fires up.

Or am I confused?

 - ben

Re: User, Logs, Restarts?

[Dean Gaudet <dg...@arctic.org>]

It's always been the case that anything spawned by the parent runs as the
uid of the parent... i.e. the uid that the thing was invoked as.

Dean

On Wed, 16 Sep 1998, Ben Hyde wrote:

> 
> Thanks for the quick reply Marc.  Immediately after sending it water
> was reported dripping from the kitchen bathroom ceiling and I've now got
> a garbage can of plaster and a plumbing problem.  So... to tell you the
> truth I'm unsure what I was thinking beyond the original oddness
> I noticed, i.e. that the <foo> from 'ErrorLog "|<foo> ..."' are running
> as the launch user not the configured user.
> 
> Ignore this until I study it some more. - ben
> 
> Marc Slemko writes:
> >On Wed, 16 Sep 1998, Ben Hyde wrote:
> >
> >> 
> >> Httpd can wear's two hats, or UID, during it's life: the one it's invoked
> >> via and; the one specified in the config files.
> >> 
> >> Configuration files are read, and their side effects taken, wearing
> >> both these hats.
> >> 
> >> The user in force when pconf is cleaned up is can be different than
> >> that when the space was allocated.
> >> 
> >> ap_open_logs is called wearing either hat.  That has interesting
> >> consequences on the file protections and the processes this fires up.
> >> 
> >> Or am I confused?
> >
> >I think you are confused with at least some of that.
> >
> >Lets start with: why do you think that ap_open_logs is called as the
> >run-as user?  If it were, then opening them would not succeed on any
> >system not setup insecurely.
> >
> 

Re: User, Logs, Restarts?

[Ben Hyde <bh...@pobox.com>]

Thanks for the quick reply Marc.  Immediately after sending it water
was reported dripping from the kitchen bathroom ceiling and I've now got
a garbage can of plaster and a plumbing problem.  So... to tell you the
truth I'm unsure what I was thinking beyond the original oddness
I noticed, i.e. that the <foo> from 'ErrorLog "|<foo> ..."' are running
as the launch user not the configured user.

Ignore this until I study it some more. - ben

Marc Slemko writes:
>On Wed, 16 Sep 1998, Ben Hyde wrote:
>
>> 
>> Httpd can wear's two hats, or UID, during it's life: the one it's invoked
>> via and; the one specified in the config files.
>> 
>> Configuration files are read, and their side effects taken, wearing
>> both these hats.
>> 
>> The user in force when pconf is cleaned up is can be different than
>> that when the space was allocated.
>> 
>> ap_open_logs is called wearing either hat.  That has interesting
>> consequences on the file protections and the processes this fires up.
>> 
>> Or am I confused?
>
>I think you are confused with at least some of that.
>
>Lets start with: why do you think that ap_open_logs is called as the
>run-as user?  If it were, then opening them would not succeed on any
>system not setup insecurely.
>

Re: User, Logs, Restarts?

[Marc Slemko <ma...@znep.com>]

On Wed, 16 Sep 1998, Ben Hyde wrote:

> 
> Httpd can wear's two hats, or UID, during it's life: the one it's invoked
> via and; the one specified in the config files.
> 
> Configuration files are read, and their side effects taken, wearing
> both these hats.
> 
> The user in force when pconf is cleaned up is can be different than
> that when the space was allocated.
> 
> ap_open_logs is called wearing either hat.  That has interesting
> consequences on the file protections and the processes this fires up.
> 
> Or am I confused?

I think you are confused with at least some of that.

Lets start with: why do you think that ap_open_logs is called as the
run-as user?  If it were, then opening them would not succeed on any
system not setup insecurely.