Message-Id: <199702282038.PAA17969@u4-138.openmarket.com> To: firstname.lastname@example.org Subject: Re: OS Permission Denied.. Again... In-Reply-To: Your message of "Fri, 28 Feb 1997 13:12:02 +0100." <3316CB92.25F9@dmcsoft.com> Date: Fri, 28 Feb 1997 15:38:06 -0500 From: Stanley Gambarin <gambarin@OpenMarket.com> > Emanuele Berti wrote: > > > > We are having troubles running the fast-cgi module for Apache - Linux. > > When someone tries to connect to the demo script echo.fcg the server > > returns an OS error: 'Permission Denied'. > > > > I also had this problem running the Apache module on Linux. What it > turned out to be was the Unix domain socket files were created with the > wrong permissions. The Apache server was configured to run as user > nobody, but was started by root on bootup. The fcgi process ended up > running as the correct user, but the socket files were created owned by > root, and the httpd user didn't have permission to read/write them. > > Sandy I will attempt to explain the cause of the above to the best of my abilities. The problem occurs when the server is run under the user nobody, which is #defined on many systems as (-1). When the sockets are to be created, the mod_fastcgi module tries to obtain user and group information for the proper permissions on the sockets. It checks that if the user and group information have not been initialized, then it uses effective user/group ids, otherwise it uses specified uids. The problem occurs since the check for initialization is done against (-1): uid = (user_id == (uid_t) -1) ? geteuid() : user_id; Therefore, in the above situation, when server runs as nobody, and started as root, uid will assume the value *root*, which is a wrong value. Later on, the process manager changes it's own uid to nobody and hence you will get failures when attempting to use the sockets. The proper thing to do is to establish a separate user to run the web server under, usually referred to as httpd or www. This avoids the confusion of comparison above. Hope that was of some help. Stanley. P.S> if your problems persist, feel free to email to the mailing list with a better description, including OS, versions of mod_fastcgi and apache, configuration files, etc.