DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=30413>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=30413 default value for "Group" directive (="#-1") Summary: default value for "Group" directive (="#-1") Product: Apache httpd-2.0 Version: 2.0.50 Platform: PC OS/Version: Linux Status: NEW Severity: Major Priority: Other Component: Runtime Config AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] The default value for the "Group" directive in httpd.conf is "#-1". Up to now this maps to GID=65535, which is most often the GID for group "nogroup" or similar. Since linux kernel v2.6 UIDs and GIDs can be 32 bit (I have this configuration), so that -1 now maps to (2^32)-1. All users that belong to a group "nogroup" (GID=65535) do *not* neccessarily also belong to a group with the GID (2^32)-1. This should be fixed by specifing "Group nogroup" as default value, because many people do not change this setting (because they don't understand it *g*). (This misbehaviour caused strange bugs when executing CGIs that *should* have permissions to do certain things (because group "nogroup" was allowed to do these actions), but the scripts always failed with "permission denied" (because they did not run as "nogroup", but as group with GID=2^32-1)) --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
