On Tue, Dec 16, 2003 at 01:16:05PM +0100, Michael Bell wrote:
From: Michael Bell <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: [Openca-Users] openca_start httpd user Alexei Chetroi wrote:
Please help me. I can run /etc/openca/openca_start only if $AUTOCONF {"httpd_user"} = "root"; $AUTOCONF {"httpd_group"} = "root";
are set to root. If I use another uid it starts, but complains about
setuid and I cannot move any further by password prompt on web
interface. After introducing right password it prompts me once again in
the loop.
Please help. I don't want to run openca as root :)
I don't like such things too :)
There was a known bug in Net::Server 0.85. I updated our CVS version to 0.86. This version includes a bugfix for setuid and FreeBSD. I use a SuSE 8.2 and my Apache user and group are wwwrun and nogroup. Does www-data be a real group?
Yes www-data is a real user/group. There's a debian bug id: #223383 User and group www-data not acepted. Version 0.86 is also susceptible to this bug. Here's patch for 0.85 from bugs.debian.org
--- Server.pm 2003-04-07 06:06:22.000000000 +0200 +++ /usr/share/perl5/Net/Server.pm 2003-12-08 15:43:44.000000000 +0100 @@ -404,7 +404,7 @@ $self->log(1,"Group Not Defined. Defaulting to EGID '$)'\n"); $prop->{group} = $); }else{ - if( $prop->{group} =~ /^(\w+( \w+)*)$/ ){ + if( $prop->{group} =~ /^(\w[-\w]+( \w+)*)$/ ){ $prop->{group} = eval{ get_gid( $1 ) }; $self->fatal( $@ ) if $@; }else{ @@ -418,7 +418,7 @@ $self->log(1,"User Not Defined. Defaulting to EUID '$>'\n"); $prop->{user} = $>; }else{ - if( $prop->{user} =~ /^(\w+)$/ ){ + if( $prop->{user} =~ /^(\w[-\w]+)$/ ){ $prop->{user} = eval{ get_uid( $1 ) }; $self->fatal( $@ ) if $@; }else{
The regex is wrong. \w[-\w]+ must be \w[-\w]* and \w( \w*)* must be \w[-\w]*( \w[-\w]*)*.
I reported the issues to Debian's and CPAN's BTS. A patched version was committed to OpenCA's CVS. I found a problem in the XML logging module too and if this is fixed then I create the next snapshot.
Michael -- ------------------------------------------------------------------- Michael Bell Email: [EMAIL PROTECTED] ZE Computer- und Medienservice Tel.: +49 (0)30-2093 2482 (Computing Centre) Fax: +49 (0)30-2093 2704 Humboldt-University of Berlin Unter den Linden 6 10099 Berlin Email (private): [EMAIL PROTECTED] Germany http://www.openca.org
------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
