You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I would like to propose the following patch because when I started using mod_ruid2, I had problems because after the first uid change, I was not able to return to the default user uid/gid, which in RedHat is 48. Only after some investigation I discovered it was due to minuid being 100. In my opinion, if we start as a certiain User and Group (in httpd.conf), then we should always be able to revert back to them
--- mod_ruid2-0.9.8/mod_ruid2.c.orig 2014-02-11 23:14:59.625901994 +0100
+++ mod_ruid2-0.9.8/mod_ruid2.c 2014-02-11 23:16:20.857630500 +0100
@@ -312,7 +312,7 @@
static const command_rec ruid_cmds[] = {
AP_INIT_TAKE1 ("RMode", set_mode, NULL, RSRC_CONF | ACCESS_CONF, "Set mode to config or stat (default: config)"),
- AP_INIT_TAKE2 ("RUidGid", set_uidgid, NULL, RSRC_CONF | ACCESS_CONF, "Minimal uid or gid file/dir, else set[ug]id to default (User,Group)"),
+ AP_INIT_TAKE2 ("RUidGid", set_uidgid, NULL, RSRC_CONF | ACCESS_CONF, "When mode is config set[ug]id to these uid or gid, else set[ug]id to default (User,Group)"),
AP_INIT_RAW_ARGS ("RGroups", set_groups, NULL, RSRC_CONF | ACCESS_CONF, "Set additional groups"),
AP_INIT_TAKE2 ("RDefaultUidGid", set_defuidgid, NULL, RSRC_CONF, "If uid or gid is < than RMinUidGid set[ug]id to this uid gid"),
AP_INIT_TAKE2 ("RMinUidGid", set_minuidgid, NULL, RSRC_CONF, "Minimal uid or gid file/dir, else set[ug]id to default (RDefaultUidGid)"),
@@ -518,12 +518,17 @@
}
/* if uid of filename is less than conf->min_uid then set to conf->default_uid */
+ /* but only when RMode is stat. If RMode is config, then we explicitly asked for a certain user/group, so use them. */
+ /* There's also the case where RMode is config, but no explicit RUidGid was provided. In this case we rely on original */
+ /* httpd.conf User/Group, and the concept remains */
+ if (dconf->ruid_mode != RUID_MODE_CONF) {
if (uid < conf->min_uid) {
uid=conf->default_uid;
}
if (gid < conf->min_gid) {
gid=conf->default_gid;
}
+ }
/* set supplementary groups */
/* IMHO, only in CONF mode the supplementary groups should be set to the original process supplementary groups (when the admin does not explicitly ask for some set of supplementary goups).
@@ -537,7 +542,7 @@
} else if (dconf->groupsnr > 0) {
groups = apr_pcalloc(r->pool, dconf->groupsnr * sizeof(gid_t));
for (groupsnr = 0; groupsnr < dconf->groupsnr; groupsnr++) {
- if (dconf->groups[groupsnr] >= conf->min_gid) {
+ if (dconf->groups[groupsnr] >= conf->min_gid || dconf->ruid_mode == RUID_MODE_CONF) { /* IMHO, if the admin asks for some gid, we should use it. This may be questionable if the config may be done by someone elve via .htaccess. But even in this case, IMHO we should always be able to revert back to what the admin configured in httpd.conf (for example, in RedHat/CentOS, group httpd is 48, which is < 100. But it's normal to be able to go back to 48, even to make httpd able to track the presence of .htaccess on the next request. */
groups[groupsnr] = dconf->groups[groupsnr];
} else {
groups[groupsnr] = conf->default_gid;
The text was updated successfully, but these errors were encountered:
I would like to propose the following patch because when I started using mod_ruid2, I had problems because after the first uid change, I was not able to return to the default user uid/gid, which in RedHat is 48. Only after some investigation I discovered it was due to minuid being 100. In my opinion, if we start as a certiain User and Group (in httpd.conf), then we should always be able to revert back to them
The text was updated successfully, but these errors were encountered: