I have run across this same problem. Is there any chance this patch will get committed?
Thanks. - jeremy On 6/4/07, Scott McNab <[EMAIL PROTECTED]> wrote: > Hello. > > I have discovered that mongrel does not correctly take on all the > groups of the requested user/group combination. It seems that while > the specified user and group is correctly activated, all the other > groups that are associated with this user are not enabled and the > group permissions remain the same as the caller (i.e. root). > > This problem (and solution) is discussed in the Ruby Forum: > > http://www.ruby-forum.com/topic/110492 > > It seems that Process.initgroups needs to be called in order for the > user's group permissions to be properly activated. > > I have a fix that involves making a slight addition to > mongrel-1.0.1/lib/mongrel/configurator.rb as follows: > > --- configurator.rb.orig 2007-05-28 04:22:11.000000000 -0400 > +++ configurator.rb 2007-05-28 04:11:02.000000000 -0400 > @@ -55,6 +55,11 @@ > # Change privilege of the process to specified user and group. > def change_privilege(user, group) > begin > + if group && user > + log "Initialising groups for {#user}:{#group}." > + Process.initgroups(user,Etc.getgrnam(group).gid) > + end > + > if group > log "Changing group to #{group}." > Process::GID.change_privilege(Etc.getgrnam(group).gid) > > To confirm this is an appropriate fix, I took a look at the source for > the linux coreutils 'su' command, which is very similar: > > /* Become the user and group(s) specified by PW. */ > > static void > change_identity (const struct passwd *pw) > { > #ifdef HAVE_INITGROUPS > errno = 0; > if (initgroups (pw->pw_name, pw->pw_gid) == -1) > error (EXIT_FAIL, errno, _("cannot set groups")); > endgrent (); > #endif > if (setgid (pw->pw_gid)) > error (EXIT_FAIL, errno, _("cannot set group id")); > if (setuid (pw->pw_uid)) > error (EXIT_FAIL, errno, _("cannot set user id")); > } > > This patch seems to solve the problem for me - Can someone please > review this for possible inclusion in the main mongrel source tree? > > Thanks, > Scott > _______________________________________________ > Mongrel-users mailing list > [email protected] > http://rubyforge.org/mailman/listinfo/mongrel-users > _______________________________________________ Mongrel-users mailing list [email protected] http://rubyforge.org/mailman/listinfo/mongrel-users
