>Number: 2468 >Category: general >Synopsis: initgroups() >Confidential: no >Severity: critical >Priority: medium >Responsible: apache >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Thu Jun 18 12:50:01 PDT 1998 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.3.0 >Environment: Digital UNIX v4.0, using cc. uname -a: OSF1 sauron V4.0 878 alpha >Description: [Thu Jun 18 15:30:47 1998] [notice] Apache/1.3.0 (Unix) configured -- resuming normal operations [Thu Jun 18 15:30:47 1998] [alert] (22)Invalid argument: initgroups: unable to set groups for User nobody and Group 200 [Thu Jun 18 15:30:47 1998] [alert] (22)Invalid argument: initgroups: unable to set groups for User nobody and Group 200 [Thu Jun 18 15:30:47 1998] [alert] (22)Invalid argument: initgroups: unable to set groups for User nobody and Group 200 [Thu Jun 18 15:30:47 1998] [alert] (22)Invalid argument: initgroups: unable to set groups for User nobody and Group 200 [Thu Jun 18 15:30:47 1998] [alert] (22)Invalid argument: initgroups: unable to set groups for User nobody and Group 200 [Thu Jun 18 15:30:48 1998] [alert] Child 15527 returned a Fatal error... Apache is exiting!
>How-To-Repeat: Run httpd, under Digital UNIX. >Fix: It seems that the initgroups call in http_main.c is comparing the wrong return value under Digital UNIX. >From the initgroups() man page: RETURN VALUES Upon successful completion, the initgroups() function returns 0 (zero). If the initgroups() function fails, 1 is returned and errno is set to indicate the error. >From the http_main.c source: if (initgroups(name, ap_group_id) == -1) { ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf, "initgroups: unable to set groups for User %s " "and Group %u", name, (unsigned)ap_group_id); clean_child_exit(APEXIT_CHILDFATAL); } For Digital UNIX, it should be == 1. I applied this fix, and the server appears to work. Without this fix, the server would exit, with error, immediatly. >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ]