From nobody@hyperreal.org Fri Jul 25 07:44:46 1997 Received: (from nobody@localhost) by hyperreal.org (8.8.5/8.8.5) id HAA02599; Fri, 25 Jul 1997 07:44:46 -0700 (PDT) Message-Id: <199707251444.HAA02599@hyperreal.org> Date: Fri, 25 Jul 1997 07:44:46 -0700 (PDT) From: Gerald Anderson Reply-To: gander@netcomi.com To: apbugs@hyperreal.org Subject: When using an NFS appliance (like Net Appl. Toaster) File Ownership issues before the switch to the final UID X-Send-Pr-Version: 3.2 >Number: 916 >Category: config >Synopsis: When using an NFS appliance (like Net Appl. Toaster) File Ownership issues before the switch to the final UID >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: closed >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Fri Jul 25 07:50:00 1997 >Last-Modified: Fri Jul 25 09:11:51 PDT 1997 >Originator: gander@netcomi.com >Organization: >Release: x - 1.2.x >Environment: Reading specs from /usr/lib/gcc-lib/i386-linux/2.7.2.1/specs gcc version 2.7.2.1 Linux multi34.netcomi.com 2.0.29 #5 Sat May 10 13:06:58 CDT 1997 i686 >Description: This one isn't such a big deal, but thought you guys might want to know about it. We are moving all of our client data over to a Network Appliances NFS Toaster. The problem is that when the server is started, and there are no log files for a virtual the server creates them right away when the owning UID is still 0. After the switch to the 'real' UID the server can no longer write to the files. This isn't really an apache problem per se but I thought that it may be something you wanted to look at in the future if it's a simple procedural change within the code. >How-To-Repeat: If you really needed to I could probably find a way to demonstrate it to you. Just email me. >Fix: Well, just as an in-house kludge, I went into the source and added a chown(2) after all the log file opens, this wouldn't be a fix though >Audit-Trail: State-Changed-From-To: open-closed State-Changed-By: marc State-Changed-When: Fri Jul 25 09:11:50 PDT 1997 State-Changed-Why: This is probably an issue with a "feature" in the way Linux does NFS writes. On any sane system, if you open a descriptor as root then change uids to another uid, you should still be able to write to the open descriptor. The log files are purposely created as the user that starts the server (ie. normally root) for security purposes; otherwise anyone who could run something as the user the server runs as could mess with them. Note that if the user the server runs as has write permissions to the logs directory (not just the files in it), then anyone who compromises that ID can get root easily. Also note that when logging via NFS you are not necessarily guaranteed that writes to files opened with O_APPEND will be atomic, so you may get intermingled entries. Something similar is reported in PR#452. Unfortunately, there is really nothing Apache can do. >Unformatted: