Re: [users@httpd] mod_fcgid upload permission changes.

Toni Moreno Tue, 11 Dec 2012 06:55:23 -0800

Hi Igor This is my actual configuration, I'm using as Wrapper de php-cgi.

<IfModule mod_fcgid.c>
        AddHandler fcgid-script .fcgi
        FcgidWrapper /usr/bin/php-cgi .fcgi
        FcgidIPCDir  /opt/itsat/var/run/fastcgi/fcgidsock
        DefaultInitEnv PHPRC        "/opt/itsat/etc/"
        FcgidConnectTimeout 100
        FcgidMaxRequestsPerProcess 1000
        IPCConnectTimeout 100
        FcgidMaxProcesses 10
        FcgidMaxRequestLen 1572864000
</IfModule>


If tested to change php-cgi by  php-cgi-wrapper and I've created an script
who makes umaks before exec php-cgi but  didn't work.

I think mod_fcgid is doing UPLOAD (handling file transfer) by itself to
/tmp before process "/usr/bin/php-cgi " have been spawned, is because of
that your suggested  bypass doesn't work.

Why mod_fcgid is changing umask ? A bug maybe ?

Thanks a lot!!

.


2012/12/11 Igor Cicimov <icici...@gmail.com>

>
> On 11/12/2012 11:05 PM, "Toni Moreno" <toni.mor...@gmail.com> wrote:
> >
> > Hi Igor!! Thanks a lot for your answer, but I think is not the correct
> one, becaouse as I said before user "itsat" is already running with correct
> umask, and apache is running with this umask. The same apache instance is
> running mod_php and mod_fcgid. When files are created from mod_php
> default  permissions  (644)  are different from those created from
> mod_fcgid ( 600).
> >
> > Why mod_fcgid changes umaks ?
> >
> >
> > PERMISSIONS MOD_PHP+APACHE = (644)
> >
> > [ITSAT][toni-itsatdev].root:/opt/itsat/var/log > ls -ltr
> > total 112
> > -rw-r--r-- 1 itsat  itsatadm   407 Dec 11 12:54 itsat.log
> > -rw-r--r-- 1 itsat  itsatadm  2668 Dec 11 12:54 itsat-web.log
> > -rw-r--r-- 1 itsat  itsatadm     0 Dec 11 12:54 itsat-tsm.log
> > -rw-r--r-- 1 itsat  itsatadm     0 Dec 11 12:54 itsat-tsim.log
> > -rw-r--r-- 1 itsat  itsatadm     0 Dec 11 12:54 itsat-remote.log
> >
> > PERMISSIONS MOD_FCGID + APACHE ( 600 )
> >
> > itsat@test:/tmp$ ls -ltr
> > total 252
> > drwxrwxrwt 2 root  root         40 Dec 11 08:51 VMwareDnD
> > -rw------- 1 itsat itsatadm 245806 Dec 11 11:03 fcgid.tmp.PEozaa <-
> CREATED ON UPLOAD FILE with mod_fcgid
> > -rw-r--r-- 1 itsat itsatadm      0 Dec 11 11:20 foo
> > drwx------ 2 root  root        100 Dec 11 08:51 vmware-root
> >
> >
> Then use wrapper script to set umask for fcgid. See FcgidWrapper for
> details.
>
> >
> > 2012/12/11 Igor Cicimov <icici...@gmail.com>
> >>
> >>
> >> On 11/12/2012 10:42 PM, "Igor Cicimov" <icici...@gmail.com> wrote:
> >> >
> >> >
> >> > On 11/12/2012 9:33 PM, "Toni Moreno" <toni.mor...@gmail.com> wrote:
> >> > >
> >> > > Hi to all ,and sorry form my poor English.
> >> > >
> >> > > I have a problem when trying upload files and handle it with
> mod_fcgid.
> >> > >
> >> > > The fact is I'm running apache 2.2.16 on debian and runing it as
> user "itsat" which have "0022" umask. ( user "itsat" creates files in 644
> >> > >
> >> >
> >> > Put umask 022 in the /etc/apache2/envvars file.
> >> >
> >> Or call umask from your cgi script if you like better. Or chmod the
> file from the cgi script after uploading as another option. In these cases
> the change will not be global in apache.
> >>
> >> > > itsat@test:/tmp$ touch foo
> >> > > itsat@test:/tmp$ ls -ltr
> >> > > total 252
> >> > > drwxrwxrwt 2 root  root         40 dic 11 08:51 VMwareDnD
> >> > > drwx------ 2 root  root        100 dic 11 08:51 vmware-root
> >> > > -rw-r--r-- 1 itsat itsatadm      0 Dec 11 11:02 foo
> >> > >
> >> > > But when doing an "upload" ( from any browser)  the mod_fcgid
> creates a tmp file with 600 permissions !!  ( an lots of problems after
> because I can not read it from a CGI program who expects 644 permissions.
> >> > >
> >> > >
> >> > > itsat@test:/tmp$ ls -ltr
> >> > > total 252
> >> > > drwxrwxrwt 2 root  root         40 Dec 11 08:51 VMwareDnD
> >> > > -rw------- 1 itsat itsatadm 245806 Dec 11 11:03 fcgid.tmp.PEozaa
> >> > > -rw-r--r-- 1 itsat itsatadm      0 Dec 11 11:20 foo
> >> > > drwx------ 2 root  root        100 Dec 11 08:51 vmware-root
> >> > >
> >> > >
> >> > > Can anybody help me to change this behavior on apache/mod_fcgid ?
> >> > >
> >> > > Thanks!!!
> >> > >
> >> > > --
> >> > >
> >> > > Att
> >> > >
> >> > > Toni Moreno
> >> > >
> >> > > 699706656
> >> > >
> >> > >
> >> > >
> >> > >
> >> > > Si no quieres perderte en el olvido tan pronto como estés muerto y
> corrompido,
> >> > >
> >> > > escribe cosas dignas de leerse, o haz cosas dignas de escribirse.
> >> > >
> >> > >
> >> > >
> >> > > Benjamin Franklin
> >> > >
> >> > >
> >
> >
> >
> >
> > --
> >
> > Att
> >
> > Toni Moreno
> >
> > 699706656
> >
> >
> >
> >
> > Si no quieres perderte en el olvido tan pronto como estés muerto y
> corrompido,
> >
> > escribe cosas dignas de leerse, o haz cosas dignas de escribirse.
> >
> >
> >
> > Benjamin Franklin
> >
> >
>
>


-- 

Att

Toni Moreno

699706656



*Si no quieres perderte en el olvido tan pronto como estés muerto y
corrompido, *

*escribe cosas dignas de leerse, o haz cosas dignas de escribirse.*



*Benjamin Franklin*

Re: [users@httpd] mod_fcgid upload permission changes.

Reply via email to