http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14774
Craig Miskell <cr...@catalyst.net.nz> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |cr...@catalyst.net.nz
--- Comment #1 from Craig Miskell <cr...@catalyst.net.nz> ---
It appears based on some debugging that when running under apache-mpm-itk,
setuid binaries like 'at' don't have quite enough permissions to do what they
need. While it does end up running as daemon.daemon, and can write to files in
/var/spool/cron/atjobs/, it fails at the fchown step with EPERM. From the docs
for fchown, that means "The effective UID does not match the owner of the file,
and the process is not privileged (Linux: it does not have the CAP_FOWNER
capability))".
Without going deeper, I expect this is a result of mpm-itk dropping
capabilities or privileges to get down to the run-time user, and not being able
to elevate back up as a result. This would affect any other setuid programs
too.
Converting to some sort of app-layer (starman? plack?) may solve it, where
apache runs as normal, and the application runs out of app processes that run
as the correct user from the start, and which can therefore setuid back up.
--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
