[jira] [Commented] (TS-748) Client side transparency doesn't work on trunk.

Mon, 25 Apr 2011 09:33:42 -0700 

    [ 
https://issues.apache.org/jira/browse/TS-748?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13024829#comment-13024829
 ] 

Alan M. Carroll commented on TS-748:
------------------------------------

It is unclear what changed caused this problem. The problem doesn't exist in 
2.1.7 even on the same system. The best I have discovered is the threading 
structure must have changed and connections are now handled in a different 
thread which doesn't have the required privilege.

The direct cause is that client transparency depends on POSIX capabilities. 
These are thread local, while the user id is per process. What happens is that 
various threads are started while the server has the root user id. Later this 
is changed to the specified non-root user and as a result the capabilities in 
all threads are cleared, leaving the client connection serving thread unable to 
set transparency. The main thread, because of code put in for transparency, 
continues to have the appropriate privileges. To make the same logic work in 
other threads, it would be necessary to make the privilege adjustments when the 
thread starts, as the actual change happens at an effectively random time and 
synchronizing that would be unfeasibly painful.

However, if we are going to make the privilege adjustments at the start of 
every thread, it seems better to just make the adjustment before spawning any 
threads. I don't see a good reason to not do so, and it seems better to not 
have threads suddenly change user id at a random time in the middle of their 
operation.


> Client side transparency doesn't work on trunk.
> -----------------------------------------------
>
>                 Key: TS-748
>                 URL: https://issues.apache.org/jira/browse/TS-748
>             Project: Traffic Server
>          Issue Type: Bug
>          Components: HTTP
>    Affects Versions: 2.1.8
>            Reporter: Alan M. Carroll
>            Assignee: Alan M. Carroll
>             Fix For: 2.1.8
>
>
> Client side transparency doesn't work because of permissions problems 
> (setting transparency on the socket fails).

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to