On Fri, 2006-10-06 at 14:38 -0700, Rod Roark wrote: > Replying to myself: > > On Friday 06 October 2006 13:35, Rod Roark wrote: > > I have a very puzzling (to me) problem. I'm working with a Mandriva > > box running Apache 2.0.54. It runs as user nobody with its group ID > > set to -1 -- i.e. httpd.conf includes: > > > > User nobody > > Group #-1 > > It turns out if I change it to "Group nogroup", everything works. > > So is setgid(-1) supposed to disable group permissions? I have never > seen that documented....
No, it would probably set the group id to 65535 on most systems (which is frequently called "nobody"). The problem is that the groups listed in /etc/group are "supplementary" groups, and a simple setgid or setuid don't by themselves load the supplementary group information for the new user into the kernel's process table for that process. Something else is required, but I'm not entirely sure what that something is for non-interactive scripts. -- Micah J. Cowan Programmer, musician, typesetting enthusiast, gamer... http://micah.cowan.name/ _______________________________________________ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
