On Mon, Jul 14, 2003 at 11:52:40PM +0200, Christophe BAEGERT wrote:
> sqwebmail.eur is running as apache user
As I say, I had the same issue - that the process would end up being owned
by the webserver user ('www' in my case), but not always.
If it's intentional that it should run as this user, then make it setuid
this user instead of setuid root. That will guarantee that each process does
at setuid() to that user.
Of course you'll have to chown the authdaemond socket (and/or the directory
it's in) to "apache". That should cure the first error.
But unless all your mail directories are also owned by 'apache' you won't be
able to access any mail.
> I never noticed than there are some differences concerning the permissions
> between a cgi and a fastcgi script ?
A fastcgi script is persistent; a cgi script is spawned freshly for each
incoming connection.
Therefore, a setuid root cgi script can change to a different userid, and
then quit. A setuid root fastcgi script can change to a different userid,
but then will have lost its privileges to change to a second userid when the
next request comes in :-(
Regards,
Brian.
