Yes the socket -i think- is created by apache with user root, only the child
get wwwrun and his child with mpm-itk get f.e. web589
So if we find the function create the socket, there it have to be created
with the user of mpm-itk.
May at this time the user is unknown.
May it is possible to create socket with 0777 instead of 0700 (may sec issue
but in test cases).
But i did not find the create function
Von: Josiah Purtlebaugh [mailto:josiah.purtleba...@gmail.com]
Gesendet: Samstag, 23. Februar 2013 02:51
An: mod-fcgid-users@lists.sourceforge.net
Betreff: Re: [Mod-fcgid-users] apache2-mpm-itk different php versions per
user php.ini / mod_fcgid
Right. The Unix socket is already owned by wwwrun and the chown is being
executed by a different uid, I think. We need to enforce not only the chown
but also the creation of the socket. It will be in another function.
Josiah
On Feb 22, 2013 5:48 PM, <m...@unimx.de <mailto:m...@unimx.de> > wrote:
We test:
/* Correct the file owner */
if (!geteuid()) {
//#if defined(MPM_ITK)
// if (chown(unix_addr.sun_path, procnode->uid, -1) < 0) {
if (chown(unix_addr.sun_path, "web589", -1) < 0) {
//#else
// if (chown(unix_addr.sun_path, ap_unixd_config.user_id, -1) < 0) {
//#endif
ap_log_error(APLOG_MARK, APLOG_ERR, errno, main_server,
"mod_fcgid: couldn't change owner of unix domain
socket %s",
unix_addr.sun_path);
close(unix_socket);
return errno;
}
}
But the same:
srwx------ 1 wwwrun wwwrun 0 23. Feb 02:44 5690.2
(13)Permission denied: mod_fcgid: can't lock process table in pid
Von: m...@unimx.de <mailto:m...@unimx.de> [mailto:m...@unimx.de
<mailto:m...@unimx.de> ]
Gesendet: Samstag, 23. Februar 2013 02:33
An: mod-fcgid-users@lists.sourceforge.net
<mailto:mod-fcgid-users@lists.sourceforge.net>
Betreff: Re: [Mod-fcgid-users] apache2-mpm-itk different php versions per
user php.ini / mod_fcgid
Thanks, but it does not work:
srwx------ 1 wwwrun wwwrun 0 23. Feb 02:26 10055.6
error_log: (13)Permission denied: mod_fcgid: can't lock process table in pid
patch and compile without error
greets martin
Von: Josiah Purtlebaugh [mailto:josiah.purtleba...@gmail.com]
Gesendet: Freitag, 22. Februar 2013 21:08
An: mod-fcgid-users@lists.sourceforge.net
<mailto:mod-fcgid-users@lists.sourceforge.net>
Betreff: Re: [Mod-fcgid-users] apache2-mpm-itk different php versions per
user php.ini / mod_fcgid
No promises this will work as I am not a maintainer nor developer of
mod_fcgid, but I have prepared a patch for you that should achieve the same
effect. I'm not able to test compilation with mpm-itk (mainly because I'm
not sure which package you're using), but it compiles cleanly without
mpm-itk libraries installed.
Go ahead and give it a shot, I guess; make sure you compile this against an
apache where MPM_ITK is defined and hopefully it will do what you desire.
Apply the patch from the mod_fcgid/modules/fcgid directory with patch -p1 <
mpm-itk_mod-fcgid.patch
Josiah
On Thu, Feb 21, 2013 at 7:45 AM, m...@unimx.de <mailto:m...@unimx.de>
<m...@unimx.de <mailto:m...@unimx.de> > wrote:
Hello Group,
the problem using ITK+mod_fcgid is the fcgid socket. the socket is
owned by wwwuser (wwwrun / www-data) of apache.
ITK set vhost to user1, so fcgid says:
Permission denied: mod_fcgid: can't lock process table in pid
socket dir:
srwx------ 1 wwwrun wwwrun 0 21. Feb 14:11 11585.0
srwx------ 1 wwwrun wwwrun 0 21. Feb 13:12 2666.0
srwx------ 1 wwwrun wwwrun 0 21. Feb 13:12 2666.1
srwx------ 1 wwwrun wwwrun 0 21. Feb 13:17 3083.0
srwx------ 1 wwwrun wwwrun 0 21. Feb 13:25 3938.0
The way using fcgi is, we have different php-versions and per user
php.ini
The way we use ITK is, we want to safe homedirs of all user not have
to be readable by wwwrun (f.e. remember symlink problem)
So we think, we must patch mod_fcgid (source
http://httpd.apache.org/mod_fcgid/)
May like modwsgi:
http://code.google.com/p/modwsgi/issues/detail?id=187
if (!geteuid()) {
+#if defined(MPM_ITK)
+ if (chown(process->socket, process->uid, -1) < 0) {
+#else
if (chown(process->socket, ap_unixd_config.user_id, -1) < 0) {
+#endif
ap_log_error(APLOG_MARK, WSGI_LOG_ALERT(errno),
wsgi_server,
"mod_wsgi (pid=%d): Couldn't change owner of
unix "
"domain socket '%s'.", getpid(),
Thus, set UNIX listener socket to be owned by the same user as daemon
process runs as.
Any ideas how to PATCH mod_fcgid ?
mpm-itk with mod_fcgid would be more than great :)
OR: Any way to user mpm-itk and different php-versions / per user
php.ini ?
Thanks
Martin
----------------------------------------------------------------------------
--
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb
_______________________________________________
Mod-fcgid-users mailing list
Mod-fcgid-users@lists.sourceforge.net
<mailto:Mod-fcgid-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/mod-fcgid-users
----------------------------------------------------------------------------
--
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb
_______________________________________________
Mod-fcgid-users mailing list
Mod-fcgid-users@lists.sourceforge.net
<mailto:Mod-fcgid-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/mod-fcgid-users
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb
_______________________________________________
Mod-fcgid-users mailing list
Mod-fcgid-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-fcgid-users
