http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14774
Craig Miskell <cr...@catalyst.net.nz> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |cr...@catalyst.net.nz --- Comment #1 from Craig Miskell <cr...@catalyst.net.nz> --- It appears based on some debugging that when running under apache-mpm-itk, setuid binaries like 'at' don't have quite enough permissions to do what they need. While it does end up running as daemon.daemon, and can write to files in /var/spool/cron/atjobs/, it fails at the fchown step with EPERM. From the docs for fchown, that means "The effective UID does not match the owner of the file, and the process is not privileged (Linux: it does not have the CAP_FOWNER capability))". Without going deeper, I expect this is a result of mpm-itk dropping capabilities or privileges to get down to the run-time user, and not being able to elevate back up as a result. This would affect any other setuid programs too. Converting to some sort of app-layer (starman? plack?) may solve it, where apache runs as normal, and the application runs out of app processes that run as the correct user from the start, and which can therefore setuid back up. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/