Re: OS Permission Denied.. Again...

Stanley Gambarin (gambarin@OpenMarket.com)
Fri, 28 Feb 1997 15:38:06 -0500

Message-Id: <199702282038.PAA17969@u4-138.openmarket.com>
To: sandy@dmcsoft.com
Subject: Re: OS Permission Denied.. Again... 
In-Reply-To: Your message of "Fri, 28 Feb 1997 13:12:02 +0100."
             <3316CB92.25F9@dmcsoft.com> 
Date: Fri, 28 Feb 1997 15:38:06 -0500
From: Stanley Gambarin <gambarin@OpenMarket.com>

> Emanuele Berti wrote:
> > 
> > We are having troubles running the fast-cgi module for Apache - Linux.
> > When someone tries to connect to the demo script echo.fcg the server
> > returns an OS error: 'Permission Denied'.
> > 
> 
> I also had this problem running the Apache module on Linux. What it
> turned out to be was the Unix domain socket files were created with the
> wrong permissions. The Apache server was configured to run as user
> nobody, but was started by root on bootup. The fcgi process ended up
> running as the correct user, but the socket files were created owned by
> root, and the httpd user didn't have permission to read/write them.
> 
> Sandy

	I will attempt to explain the cause of the above to the best of 
my abilities.  The problem occurs when the server is run under the user
nobody, which is #defined on many systems as (-1).  When the sockets are 
to be created, the mod_fastcgi module tries to obtain user and group
information for the proper permissions on the sockets.  It checks that if
the user and group information have not been initialized, then it uses 
effective user/group ids, otherwise it uses specified uids.  The problem
occurs since the check for initialization is done against (-1):
	    uid = (user_id == (uid_t) -1)  ? geteuid() : user_id;
Therefore, in the above situation, when server runs as nobody,  and started
as root, uid will assume the value *root*, which is a wrong value.  Later
on, the process manager changes it's own uid to nobody and hence you 
will get failures when attempting to use the sockets.
	The proper thing to do is to establish a separate user to run
the web server under, usually referred to as httpd or www.  This avoids
the confusion of comparison above.

						Hope that was of some help.
							Stanley.

P.S> if your problems persist, feel free to email to the mailing list
with a better description, including OS, versions of mod_fastcgi and apache,
configuration files, etc.