Very Computer

The 'master' copy runs as root.  It then forks children with the uid you
specified in the config file.  How do you think httpd is able to write to
root owned error and acceess logs. ;-)

Jeremy

------------------------------------------------------------------------------

Computer Science Undergraduate  *  Computer Consultant  *  Web Worker for Hire
        "Argue your limitations, and they're yours." -- Richard Bach

Okay....

Mebbe I'm going crazy...but why does it appear that v1.5a of NCSA is
running as root on a ps done on Linux 1.2.13?

I've got user set to nobody, and group set similarly in the config
file.  Shouldn't I get that indication in the process list?  Is this a
bug or feature of NCSA httpd?

Previous versions worked as advertised.

--
Pete Fanning

WWW: http://www.execpc.com/~pfanning

Quote:>The 'master' copy runs as root.  It then forks children with the uid you
>specified in the config file.  How do you think httpd is able to write to
>root owned error and acceess logs. ;-)

It doesn't have to be root to write to them, it has to be root to open
them.  Permissions aren't checked once a process has an open file
descriptor.  On the other hand, it does have to be root to close them
and re-open them (e.g. after receiving a SIGHUP) which I presume is why
it keeps its privs at all.

 -PSP

--
"Over 90% of the posts to Internet are decay, and less than 10% are growth.
 Only Archimedes Plutonium posts are 90% wholesome and growth type."
     -- Archimedes Plutonium
        alt.religion.kibology

Yep.  And that open file descriptor probably comes from the parent.

Quote:> On the other hand, it does have to be root to close them
> and re-open them (e.g. after receiving a SIGHUP) which I presume is why
> it keeps its privs at all.

Plus the fact that one needs root permissions to bind to port 80.

Jeremy

------------------------------------------------------------------------------

Computer Science Undergraduate  *  Computer Consultant  *  Web Worker for Hire
        "Argue your limitations, and they're yours." -- Richard Bach

I think, under Linux, that in order to use the FD_LINUX hack, the server
has to remain root, so it only changes its effective uid to the
user/group you set so it can change itself back to receive the file
descriptor pass.

This is only a guess, as we don't support the FD_LINUX hack but felt
there wasn't a good reason not to include it, at least until Linux
supports one of the real file descriptor passing mechanisms.

Brandon
--
 Brandon Long           "I think, therefore I am Confused." - RAW
 HTTPd/SDG/NCSA/UIUC  "Here's a nickel, kid.  Get yourself a better computer."

 http://www.uiuc.edu/ph/www/blong  Consider myself properly disclaimed.    

Quote:>The 'master' copy runs as root.  It then forks children with the uid you
>specified in the config file.  How do you think httpd is able to write to
>root owned error and acceess logs. ;-)

Not on my config.  Both the master AND the child processes that are
started at server initialization are running as root.  Is this still
how it should be?

Quote:>> On the other hand, it does have to be root to close them
>> and re-open them (e.g. after receiving a SIGHUP) which I presume is why
>> it keeps its privs at all.

>Plus the fact that one needs root permissions to bind to port 80.

That's no reason to *keep* root privs.  It doesn't have to re-bind
to port 80 anywhere down the road after startup.

 -PSP

--
"I have a sex fantasy of tying up the chosen one in a chair, gagging his mouth
 with a small delicious apple and taping it up, putting a blind fold over his
 eyes, and proceeding to read my feminist love poetry and essays to him."
    -- Doctress Neutopia, alt.culture.usenet

I have the exact same problem. Im running 1.5a NCSA binary
distribution of Httpd on RedHat Linux 1.2.13

Ditto here. I'm running Linux 1.2.13 and compiled NCSA httpd 1.5a (a.out) to
upgrade from 1.4.2.

No matter what I try, the 1.5a httpd refuses to run as "nobody". I get it
running as "root" every time.

I'm back to 1.4.2 (running nicely as "nobody") until I can figure this out.
Is this a bug or am I missing something important?

-rudi

+--------------------------------------------------------------------
| GROUP: comp.infosystems.www.servers.unix    DATE: 12 Dec 1995 03:49:04 GMT

+--------------------------------------------------------------------
| Ditto here. I'm running Linux 1.2.13 and compiled NCSA httpd 1.5a (a.out) to
| upgrade from 1.4.2.
| No matter what I try, the 1.5a httpd refuses to run as "nobody". I get it
| running as "root" every time.
| I'm back to 1.4.2 (running nicely as "nobody") until I can figure this out.
| Is this a bug or am I missing something important?

This is either a redhat thing, or a NCSA 1.5 thing.
But set up a test script to e-mail yourself a message through CGI.  It
will come from "nobody".  The processes show up as root with ps, but are
actually running as who you want.  I have no clue why.

(Is it just me, or is NCSA getting more "junky" as time goes on, and
becoming a big mess?  Apache is looking appealing)

--
============================================================================

--------------------------------------+-------------------------------------
      Check out MK-STATS - A new, complete WWW log-analysis program
                   http://web.sau.edu/~mkruse/mkstats/
============================================================================

: This is either a redhat thing, or a NCSA 1.5 thing.
: But set up a test script to e-mail yourself a message through CGI.  It
: will come from "nobody".  The processes show up as root with ps, but are
: actually running as who you want.  I have no clue why.

: (Is it just me, or is NCSA getting more "junky" as time goes on, and
: becoming a big mess?  Apache is looking appealing)

Didn't is say in the docs that it runs at root, but will have permissions
of the user/group you specify?

==========================================================
Jeffery Chow   3rd year Computer Science,  UBC

Home Page: http://www.ugrad.cs.ubc.ca/spider/j8g1
----------------------------------------------------------
"Now what if we were to make a large wooden badger?"
==========================================================