Date: Tue, 25 Feb 2003 17:36:34 +0000 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: freebsd-questions@FreeBSD.ORG Subject: Re: Is Apache+Perl behaving correctly? Am I insane? Message-ID: <20030225173634.GB61003@happy-idiot-talk.infracaninophi> In-Reply-To: <871y1wjn6u.fsf@strauser.com> References: <871y1wjn6u.fsf@strauser.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Feb 25, 2003 at 11:16:09AM -0600, Kirk Strauser wrote: > I'm trying to enable mod_perl support for my TWiki-based website > (http://subwiki.honeypot.net/). I'm seeing some really strange behaviour, > though, and I don't know which of mod_perl or I are going insane. > > In my httpd.conf, I have: > > User www > Group www > > and it behaves in the expected way. TWiki ships with a script called > `testenv' that shows some information about the current Apache environment, > and it calls some very simple code to determine the user its running as: > > my $usr = lc( getlogin || getpwuid($<) ); > print "<tr><th align=\"right\">User:</th><td>$usr</td></tr>\n"; > > When I execute that script from a browser, I see "User: root", and I'm not > sure where that's coming from. Right now, the following httpd processes are > running on the server: > > # ps auxwww | grep -- -DSSL > root 34839 0.0 0.9 14092 7032 ?? Ss 10:55AM 0:00.95 /usr/local/sbin/httpd -DSSL > www 35394 0.0 0.9 14100 7068 ?? I 11:11AM 0:00.01 /usr/local/sbin/httpd -DSSL > www 35395 0.0 0.9 14100 7064 ?? I 11:11AM 0:00.01 /usr/local/sbin/httpd -DSSL > www 35396 0.0 0.9 14160 7112 ?? I 11:11AM 0:00.02 /usr/local/sbin/httpd -DSSL > www 35397 0.0 0.9 14160 7120 ?? I 11:11AM 0:00.02 /usr/local/sbin/httpd -DSSL > www 35398 0.0 0.9 14160 7120 ?? I 11:11AM 0:00.02 /usr/local/sbin/httpd -DSSL > www 35403 0.0 0.9 14092 7040 ?? I 11:12AM 0:00.01 /usr/local/sbin/httpd -DSSL > > Doesn't the process running as root exist solely to spawn other children? > If so, why does Perl (both with and without mod_perl enabled) think that > it's running as root instead of www? The problem is the getlogin(2) call. getlogin(2) tells you who the current user logged in as, which, given intervening calls to functions like setruid(3), setuid(2) or seteuid(2) is not necessarily the same thing as the uid running the process. In your case, the apache daemon has to be started up as root so it can bind port 80, but it's child processes all call setuid() or similar to switch to the standard UID the daemon runs under. You can easily see the effect by using su(1) or sudo(1): % sudo perl -e 'print scalar getlogin(), "\n";' matthew % sudo perl -e 'print scalar getpwuid($<), "\n";' root Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030225173634.GB61003>