Le Dimanche 13 Juillet 2003 11:11, Brian Candler a �crit : > > > > The FastCGI script was working, but now the authentication failed with > > FastCGI (but it runs well in CGI). I have this message in the logs. It's > > strange since the 2 scripts runs under the same user (apache) > > > > Jul 13 00:10:43 ipag sqwebmail.eur: authdaemon: s_connect() failed: > > Permission denied > > Jul 13 00:10:43 ipag sqwebmail.eur: maildircache: Cache create failure - > > cannot change to bin > > Clearly a uid/permissions problem: > - sqwebmail can't open the authdaemond socket
I've changed the permissions, without any effect. > - sqwebmail can't change uid to bin, maybe because it's already changed > uid to a different user and hence lost its root privileges. sqwebmail.eur is running as apache user, even if it has the sticky bit. And I don't know why there is a zombie process. 5344 apache 13 0 808 808 700 S 0.0 0.1 0:00.00 sqwebmail.eur 5345 apache 13 0 0 0 0 Z 0.0 0.0 0:00.01 sqwebmail.eur <defunct> > > I run everything as a single user (sqwebmail is setuid to that user, not to > root) and I chowned the authdaemond socket to that user, so I don't get > that problem. Good idea, but it should work as root ? > > Even then, I used to get a problem where some fastcgi processes were > running as that user, and some were running as 'www' (the webserver user). > This was fixed with two extra lines in main(), which have now been > incorporated into the main codebase: > > /* If we are running setuid non-root, change our real gid/uid too > */ if (getegid()) setgid(getegid()); > if (geteuid()) setuid(geteuid()); > > But I still don't fully understand the issues of running a setuid > application under fastcgi. I can't see how it could switch to a different > uid without exec'ing itself first to get its root privileges back. I never noticed than there are some differences concerning the permissions between a cgi and a fastcgi script ? Regards, -- Christophe BAEGERT [EMAIL PROTECTED] >>>>>>>>>>>>>>> http://www.europeanservers.net <<<<<<<<<<<<<<<< -------------- Ultra fast internet servers -------------
