NCSA 1.5a running as root on Linux 1.2.13?

NCSA 1.5a running as root on Linux 1.2.13?

Post by Jeremy D. Zawodn » Fri, 01 Dec 1995 04:00:00




> Mebbe I'm going crazy...but why does it appear that v1.5a of NCSA is
> running as root on a ps done on Linux 1.2.13?

> I've got user set to nobody, and group set similarly in the config
> file.  Shouldn't I get that indication in the process list?  Is this a
> bug or feature of NCSA httpd?

> Previous versions worked as advertised.

The 'master' copy runs as root.  It then forks children with the uid you
specified in the config file.  How do you think httpd is able to write to
root owned error and acceess logs. ;-)

Jeremy

------------------------------------------------------------------------------

Computer Science Undergraduate  *  Computer Consultant  *  Web Worker for Hire
        "Argue your limitations, and they're yours." -- Richard Bach

 
 
 

NCSA 1.5a running as root on Linux 1.2.13?

Post by Pete Fanni » Fri, 01 Dec 1995 04:00:00


Okay....

Mebbe I'm going crazy...but why does it appear that v1.5a of NCSA is
running as root on a ps done on Linux 1.2.13?

I've got user set to nobody, and group set similarly in the config
file.  Shouldn't I get that indication in the process list?  Is this a
bug or feature of NCSA httpd?

Previous versions worked as advertised.

--
Pete Fanning

WWW: http://www.execpc.com/~pfanning

 
 
 

NCSA 1.5a running as root on Linux 1.2.13?

Post by Paul Philli » Sat, 02 Dec 1995 04:00:00




Quote:>The 'master' copy runs as root.  It then forks children with the uid you
>specified in the config file.  How do you think httpd is able to write to
>root owned error and acceess logs. ;-)

It doesn't have to be root to write to them, it has to be root to open
them.  Permissions aren't checked once a process has an open file
descriptor.  On the other hand, it does have to be root to close them
and re-open them (e.g. after receiving a SIGHUP) which I presume is why
it keeps its privs at all.

 -PSP

--
"Over 90% of the posts to Internet are decay, and less than 10% are growth.
 Only Archimedes Plutonium posts are 90% wholesome and growth type."
     -- Archimedes Plutonium
        alt.religion.kibology

 
 
 

NCSA 1.5a running as root on Linux 1.2.13?

Post by Jeremy D. Zawodn » Sat, 02 Dec 1995 04:00:00





> >The 'master' copy runs as root.  It then forks children with the uid you
> >specified in the config file.  How do you think httpd is able to write to
> >root owned error and acceess logs. ;-)

> It doesn't have to be root to write to them, it has to be root to open
> them.  Permissions aren't checked once a process has an open file
> descriptor.

Yep.  And that open file descriptor probably comes from the parent.

Quote:> On the other hand, it does have to be root to close them
> and re-open them (e.g. after receiving a SIGHUP) which I presume is why
> it keeps its privs at all.

Plus the fact that one needs root permissions to bind to port 80.

Jeremy

------------------------------------------------------------------------------

Computer Science Undergraduate  *  Computer Consultant  *  Web Worker for Hire
        "Argue your limitations, and they're yours." -- Richard Bach

 
 
 

NCSA 1.5a running as root on Linux 1.2.13?

Post by Brandon Lon » Sat, 02 Dec 1995 04:00:00






>> >The 'master' copy runs as root.  It then forks children with the uid you
>> >specified in the config file.  How do you think httpd is able to write to
>> >root owned error and acceess logs. ;-)

>> It doesn't have to be root to write to them, it has to be root to open
>> them.  Permissions aren't checked once a process has an open file
>> descriptor.
>Yep.  And that open file descriptor probably comes from the parent.
>> On the other hand, it does have to be root to close them
>> and re-open them (e.g. after receiving a SIGHUP) which I presume is why
>> it keeps its privs at all.
>Plus the fact that one needs root permissions to bind to port 80.

I think, under Linux, that in order to use the FD_LINUX hack, the server
has to remain root, so it only changes its effective uid to the
user/group you set so it can change itself back to receive the file
descriptor pass.

This is only a guess, as we don't support the FD_LINUX hack but felt
there wasn't a good reason not to include it, at least until Linux
supports one of the real file descriptor passing mechanisms.

Brandon
--
 Brandon Long           "I think, therefore I am Confused." - RAW
 HTTPd/SDG/NCSA/UIUC  "Here's a nickel, kid.  Get yourself a better computer."

 http://www.uiuc.edu/ph/www/blong  Consider myself properly disclaimed.    

 
 
 

NCSA 1.5a running as root on Linux 1.2.13?

Post by Pete Fanni » Sat, 02 Dec 1995 04:00:00



Quote:>The 'master' copy runs as root.  It then forks children with the uid you
>specified in the config file.  How do you think httpd is able to write to
>root owned error and acceess logs. ;-)

Not on my config.  Both the master AND the child processes that are
started at server initialization are running as root.  Is this still
how it should be?
 
 
 

NCSA 1.5a running as root on Linux 1.2.13?

Post by Paul Philli » Sat, 02 Dec 1995 04:00:00




Quote:>> On the other hand, it does have to be root to close them
>> and re-open them (e.g. after receiving a SIGHUP) which I presume is why
>> it keeps its privs at all.

>Plus the fact that one needs root permissions to bind to port 80.

That's no reason to *keep* root privs.  It doesn't have to re-bind
to port 80 anywhere down the road after startup.

 -PSP

--
"I have a sex fantasy of tying up the chosen one in a chair, gagging his mouth
 with a small delicious apple and taping it up, putting a blind fold over his
 eyes, and proceeding to read my feminist love poetry and essays to him."
    -- Doctress Neutopia, alt.culture.usenet

 
 
 

NCSA 1.5a running as root on Linux 1.2.13?

Post by svante sorma » Fri, 08 Dec 1995 04:00:00



>Okay....
>Mebbe I'm going crazy...but why does it appear that v1.5a of NCSA is
>running as root on a ps done on Linux 1.2.13?
>I've got user set to nobody, and group set similarly in the config
>file.  Shouldn't I get that indication in the process list?  Is this a
>bug or feature of NCSA httpd?
>Previous versions worked as advertised.

I have the exact same problem. Im running 1.5a NCSA binary
distribution of Httpd on RedHat Linux 1.2.13
>--
>Pete Fanning

>WWW: http://www.execpc.com/~pfanning

 
 
 

NCSA 1.5a running as root on Linux 1.2.13?

Post by Rudi C. Wo » Wed, 13 Dec 1995 04:00:00




>>Mebbe I'm going crazy...but why does it appear that v1.5a of NCSA is
>>running as root on a ps done on Linux 1.2.13?
>>I've got user set to nobody, and group set similarly in the config
>>file.  Shouldn't I get that indication in the process list?  Is this a
>>bug or feature of NCSA httpd?

>I have the exact same problem. Im running 1.5a NCSA binary
>distribution of Httpd on RedHat Linux 1.2.13

Ditto here. I'm running Linux 1.2.13 and compiled NCSA httpd 1.5a (a.out) to
upgrade from 1.4.2.

No matter what I try, the 1.5a httpd refuses to run as "nobody". I get it
running as "root" every time.

I'm back to 1.4.2 (running nicely as "nobody") until I can figure this out.
Is this a bug or am I missing something important?

-rudi

 
 
 

NCSA 1.5a running as root on Linux 1.2.13?

Post by Matt Kru » Thu, 14 Dec 1995 04:00:00


+--------------------------------------------------------------------
| GROUP: comp.infosystems.www.servers.unix    DATE: 12 Dec 1995 03:49:04 GMT

+--------------------------------------------------------------------
| Ditto here. I'm running Linux 1.2.13 and compiled NCSA httpd 1.5a (a.out) to
| upgrade from 1.4.2.
| No matter what I try, the 1.5a httpd refuses to run as "nobody". I get it
| running as "root" every time.
| I'm back to 1.4.2 (running nicely as "nobody") until I can figure this out.
| Is this a bug or am I missing something important?

This is either a redhat thing, or a NCSA 1.5 thing.
But set up a test script to e-mail yourself a message through CGI.  It
will come from "nobody".  The processes show up as root with ps, but are
actually running as who you want.  I have no clue why.

(Is it just me, or is NCSA getting more "junky" as time goes on, and
becoming a big mess?  Apache is looking appealing)

--
============================================================================

--------------------------------------+-------------------------------------
      Check out MK-STATS - A new, complete WWW log-analysis program
                   http://web.sau.edu/~mkruse/mkstats/
============================================================================

 
 
 

NCSA 1.5a running as root on Linux 1.2.13?

Post by Jeffery Ch » Tue, 19 Dec 1995 04:00:00


: This is either a redhat thing, or a NCSA 1.5 thing.
: But set up a test script to e-mail yourself a message through CGI.  It
: will come from "nobody".  The processes show up as root with ps, but are
: actually running as who you want.  I have no clue why.

: (Is it just me, or is NCSA getting more "junky" as time goes on, and
: becoming a big mess?  Apache is looking appealing)

Didn't is say in the docs that it runs at root, but will have permissions
of the user/group you specify?

==========================================================
Jeffery Chow   3rd year Computer Science,  UBC

Home Page: http://www.ugrad.cs.ubc.ca/spider/j8g1
----------------------------------------------------------
"Now what if we were to make a large wooden badger?"
==========================================================

 
 
 

1. NCSA 1.5a on Linux 1.2.13 SIGSEGV's


: : I'm having the exact same problem on my Slackware 3.0 Linux box.  NCSA
: : 1.4 worked with no problems at all, but 1.5 has been giving me
: : SIGSEGV's up the wazoo.  Here's just a sample of the error_log:
: :
: : [Tue Nov 21 17:05:19 1995] HTTPd: Starting as /usr/local/etc/httpd/httpd
: : [Tue Nov 21 17:05:19 1995] HTTPd: caught SIGSEGV, dumping core
: : [Tue Nov 21 17:05:19 1995] child error: child connection closed
: : [Tue Nov 21 17:05:19 1995] HTTPd: caught SIGSEGV, dumping core
: : [Tue Nov 21 17:05:19 1995] HTTPd: caught SIGSEGV, dumping core
: : [Tue Nov 21 17:05:19 1995] HTTPd: caught SIGSEGV, dumping core
: : [Tue Nov 21 17:05:19 1995] HTTPd: caught SIGSEGV, dumping core
: : [Tue Nov 21 17:05:19 1995] child error: child connection closed

: I'm having the same problem with Solaris 2.4 x86. Apparently it's not
: Linux specific.

  I've found at least two places in the code where the error logging
functions try using a null pointer (hostname that hasn't been filled in).

util.c -- Around line 604

    sprintf(errstr,"timed out waiting for %s",
                gCurrentRequest->remote_name ? gCurrentRequest->remote_name : "-"); /* BWA */

http_log.c -- Around line 213

    sprintf(str,"%s %s %s [%s %c%02d%02d] \"%s\" ",
            (reqInfo->remote_name ? reqInfo->remote_name : "-"), /* BWA */

  I've stopped getting those SIGSEGV messages since making these two changes.

--
Brian W. Antoine         "Do all the males around here have trouble with their
Senior Networking Eng       hearing," I asked my new friend as shey watched me
Olivetti North America \|/    and the idiot who had demanded I dance for him.
E. 22425 Appleway     --*--   "Only the ones who don't have mates," said Sarah
Spokane, WA 99019      /|\     as I let my shields flare into life around us.
http://tau-ceti.isc-br.com/ =========== From the Stories of the Family nas Kan

2. Passing keys to another program

3. Java for NCSA 1.5a on Linux 1.2.13

4. How (or whether) to simulate real-world Internet latency for web benchmark?

5. NCSA 1.5a on Linux 1.2.13: can't allocate buffer

6. Binary Ownership

7. NCSA 1.5a on Linux 1.2.13 SIGSEGV's

8. IGMP v3 support in Solaris

9. Virtual Hosts on NCSA 1.5a and Linux 1.2.13

10. NCSA 1.5a compatible w/Linuc 1.2.13?

11. HELP: Netscape 2.0b3 screws up Linux 1.2.13 while running as root!

12. httpd 1.5a under linux 1.2.13