From nobody@hyperreal.com Tue Jun 17 14:28:39 1997 Received: (from nobody@localhost) by hyperreal.com (8.8.5/8.8.5) id OAA16188; Tue, 17 Jun 1997 14:28:39 -0700 (PDT) Message-Id: <199706172128.OAA16188@hyperreal.com> Date: Tue, 17 Jun 1997 14:28:39 -0700 (PDT) From: Michael Graff Reply-To: explorer@flame.org To: apbugs@hyperreal.com Subject: Group directive in virtual host config broken X-Send-Pr-Version: 3.2 >Number: 746 >Category: config >Synopsis: Group directive in virtual host config broken >Confidential: no >Severity: critical >Priority: medium >Responsible: apache >State: closed >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Tue Jun 17 14:30:01 1997 >Last-Modified: Tue Jun 17 16:54:19 PDT 1997 >Originator: explorer@flame.org >Organization: >Release: 1.2b6 >Environment: NetBSD 1.2E >Description: I am trying to set up a virtual host on my machine. I have things configured to be like: server name user group www.flame.org www nobody www.sorcery.net sorcery sor-www However, the server cannot access, as www.sorcery.net, files which are mode 640 and user:group explorer:sor-www. However, they work fine when the mode is 644. This makes the .htaccess directive meaningless, as anyone on my machine as full access to the files. >How-To-Repeat: Contact me for more information if you need it. Simple case should be: set up main host, user foo, group bar. set up virtual host, user baz, group bax. Make a file owned by baz:bax in the virtual's space, mode 640. Try to read it. It will fail. chmod 644 it, and it will work. Make a file owned by foo:bar in the virtual space, mode 640. Try to read it. It will work. >Fix: No idea. I think the virtual host code needs a roto-till. At the very least, the child servers need to be more virtual-host aware, and perhaps even running as a specific user:group and maintained on seperate child pools. It seems that you could maintain a user:group pool for each configured user:group defined, and use the appropriate pool for the requests to the servers. %0 >Audit-Trail: State-Changed-From-To: open-closed State-Changed-By: marc State-Changed-When: Tue Jun 17 16:54:19 PDT 1997 State-Changed-Why: This is not a bug. Either Apache has to run as root to be able to switch UIDs (which we aren't willing to do at this point) or you have to run seperate copies of Apache with different directives. suexec can help for CGIs... >Unformatted: