>Number: 3154 >Category: suexec >Synopsis: suexec is getting started with wrong groupname >Confidential: no >Severity: serious >Priority: medium >Responsible: apache >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Tue Oct 6 04:00:01 PDT 1998 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.3.2 >Environment: SunOS bonnie 5.5.1 Generic_103640-03 sun4u sparc SUNW,Ultra-Enterprise >Description: I get the following error messages in the suexec logfile:
[1998-10-06 12:38:14]: uid: (lccd/lccd) gid: (lccd/lccd) cmd: test.cgi [1998-10-06 12:38:14]: target uid/gid (217/217) mismatch with directory (217/8888) or program (217/8888) I took a look at the Apache and suexec sourcen and logs of strace and tracked down the problem to: The called CGI script test.cgi has the ownership: uid=lccd/217,gid=eucgi/8888 Apache starts suexec with uid=lccd/217 and gid=lccd/217. So the comparision of the GIDs inside suexec fails. The httpd runs on a special WWW account (uid=www,gid=eucgi/8888). Where does Apache takes the GID=lccd from. The account "lccd" belongs to the groups "lccd" and "eucgi". Does Apache take the first group ? I also tried to set USER and GROUP inside the virtual host section - without succuess. The main question seems to be: where is the GID for the suexec call taken from ?? Any idea ? >How-To-Repeat: >Fix: >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ] [If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request ] [from a developer. ] [Reply only with text; DO NOT SEND ATTACHMENTS! ]
