mÃn 2005-01-10 klockan 23:00 -0600 skrev Ryan Underwood: > I think I found the issue. PAGs no longer survive a setuid() call. As > soon as an Apache child changes from root to www-data, it has lost its > credentials. Under 2.4, the credentials are still available after > setuid so the child can access the sites on AFS.
Hmm, setuid() shouldn't clear the groups list. Perhaps setgid() (which Apache calls) does though. Or maybe Apache calls setgroups(). Anyway... Put the tokens in the default PAG of www-data instead. That is, don't use a PAG, just su to the www-data user and run kinit and httpd. Then there are no PAG groups to loose. (Run the id command in the same context to make sure.) /abo _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
