>Number: 5273
>Category: os-linux
>Synopsis: initgroups() returns an error to error_log
>Confidential: no
>Severity: critical
>Priority: medium
>Responsible: apache
>State: open
>Class: sw-bug
>Submitter-Id: apache
>Arrival-Date: Mon Nov 8 16:10:09 PST 1999
>Last-Modified:
>Originator: [EMAIL PROTECTED]
>Organization:
apache
>Release: 1.3.6, 1.3.9
>Environment:
Linux, Slackware 4.0, Slackware 7.0, kernel 2.3.26, kernel 2.2.13, egcs-1.1.2.
glibc-2.1.2, libc-5.4.46.
>Description:
I've compiled both apache 1.3.6, and Apache 1.3.9, on my machine, to use
PHP-4.0B2 with it. Compiles clean, installs clean. When I run 'apachectl
start', I get the following:
[Sun Nov 7 21:17:55 1999] [notice] Apache/1.3.9 (PHP4.0B2) configured --
resuming normal operations
[Sun Nov 7 21:17:55 1999] [alert] (22)Invalid argument: initgroups: unable to
set groups for User nobody and Group 449967254
[Sun Nov 7 21:17:55 1999] [alert] (22)Invalid argument: initgroups: unable to
set groups for User nobody and Group 449967254
[Sun Nov 7 21:17:55 1999] [alert] (22)Invalid argument: initgroups: unable to
set groups for User nobody and Group 449967254
[Sun Nov 7 21:17:55 1999] [alert] (22)Invalid argument: initgroups: unable to
set groups for User nobody and Group 449967254
[Sun Nov 7 21:17:55 1999] [alert] (22)Invalid argument: initgroups: unable to
set groups for User nobody and Group 449967254
[Sun Nov 7 21:17:55 1999] [alert] Child 11987 returned a Fatal error...
Apache is exiting!
>How-To-Repeat:
recompile apache, witht he same setup, as above. glibc-2.1.2 as the main
library, and recompile apache, using libc-5.4.46. Same error occurs, on both.
egcs-1.1.2 or probably even gcc-2.7.2.3. Either, should give the same error.
>Fix:
initgroups() in http_main.c, line 3018, there is:
if (initgroups(name, ap_group_id) == -1) {
ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf,
"initgroups: unable to set groups for User %s "
"and Group %u", name, (unsigned)ap_group_id);
clean_child_exit(APEXIT_CHILDFATAL);
}
initgroups(3) states:
The initgroups() function initializes the group access
list by reading the group database /etc/group and using
all groups of which user is a member. The additional
group group is also added to the list.
The initgroups() function returns 0 on success, or -1 if
an error occurs.
on most linux boxes, 'nobody' has UID 65534. nogroup, has GID -2. httpd.conf
asks to not use any group above 65536. las tI checked, -2 < 65536. So, why
should initgroups return -1 in this instance? If true, no linux box, running
glibc-2.1.2 will be able to compile and run apache 1.3.6 - 1.3.9. I would
suggest checking initgroups() to see what may be happening, for this error to
occur.
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, you need]
[to include <[EMAIL PROTECTED]> in the Cc line and make sure the]
[subject line starts with the report component and number, with ]
[or without any 'Re:' prefixes (such as "general/1098:" or ]
["Re: general/1098:"). If the subject doesn't match this ]
[pattern, your message will be misfiled and ignored. The ]
["apbugs" address is not added to the Cc line of messages from ]
[the database automatically because of the potential for mail ]
[loops. If you do not include this Cc, your reply may be ig- ]
[nored unless you are responding to an explicit request from a ]
[developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]
