[jira] Commented: (TS-165) Config files (records.config at least) can get wrong ownership

Fri, 12 Feb 2010 20:35:53 -0800 

    [ 
https://issues.apache.org/jira/browse/TS-165?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12833323#action_12833323
 ] 

Leif Hedstrom commented on TS-165:
----------------------------------

I'm wondering of this is causing a problem:

[Feb 12 21:19:32.502] Manager {3085694768} DEBUG: (lm) [runAsUser] Attempting 
to run as user 'nobody'
[Feb 12 21:19:32.502] Manager {3085694768} DEBUG: (lm) [runAsUser] Attempting 
to run as user 'nobody'
[Feb 12 21:19:32.502] Manager {3085694768} DEBUG: (lm) [runAsUser] Running with 
uid: '0' euid: '99'
[Feb 12 21:19:32.502] Manager {3085694768} DEBUG: (lm) [runAsUser] Running with 
uid: '0' euid: '99'

but, later I see

[Feb 12 21:19:32.644] Manager {3085694768} DEBUG: (lm) [removeRootPiv] removed 
root privileges.  Euid is 0.

The code does

bool
removeRootPriv(void)
{
  if (seteuid(getuid()) < 0) {
    Debug("lm", "[restoreRootPiv] seteuid root failed : %s\n", strerror(errno));
    return false;
  }

  Debug("lm", "[removeRootPiv] removed root privileges.  Euid is %d\n", 
geteuid());
  return true;
}


which, I'm pretty sure, will restore euid to 0 (just as  the debug messages 
says). So, I suspect the logic here is no longer correct? At least the function 
name makes no sense, since it actually does the opposite of removing "root 
privileges" :).

In the end, I think the traffic_manager process is runnig as "root" ?

Also, why are those first Debug messages showing up twice?? 


> Config files (records.config at least) can get wrong ownership
> --------------------------------------------------------------
>
>                 Key: TS-165
>                 URL: https://issues.apache.org/jira/browse/TS-165
>             Project: Traffic Server
>          Issue Type: Bug
>          Components: Config
>            Reporter: Leif Hedstrom
>            Assignee: George Paul
>            Priority: Critical
>             Fix For: 2.0.0a
>
>
> With the following steps, I get records.config to become owned by root, when 
> it should stay owned by nobody:
> (04:43:38 PM) zwoop: Ok, so this reproduces it every time on my fedora box, 
> gonna try it on ubuntu next
> (04:44:41 PM) zwoop: This is what I did
> (04:44:41 PM) zwoop: 1) rm -rf local
> (04:44:41 PM) zwoop: 2) sudo gmake install
> (04:44:41 PM) zwoop: 3) emacs local/etc/trafficserver/records.config
> (04:44:41 PM) zwoop:      change port from 8080 to 80, and change eth0 to 
> eth1 (I have to do the later, or it'll fail)
> (04:44:41 PM) zwoop: 4) local/bin/trafficserver start
> (04:44:41 PM) zwoop: 5) Wait 10-20 seconds (at least, maybe longer)
> (04:44:41 PM) zwoop: 6) ls -lrt local/etc/trafficserver

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to