From pgodel at gmail.com Tue Mar 17 21:23:32 2009 From: pgodel at gmail.com (Pablo Godel) Date: Tue, 17 Mar 2009 16:23:32 -0400 Subject: [mpm-itk] AssignUserId questions Message-ID: <843a1de40903171323o20e77666pc43134ab730fc300@mail.gmail.com> Hello, I've been playing around with mpm-itk and so far I really like it. I have a few questions regarding AssignUserId. So far it seems to only accept usernames. It does not like numeric uids and if the username changes in passwd then if you restart apache it won't restart because AssignUserId has the old name. - would it be possible to use numeric uids in AssignUserId? - or would it be possible to issue a warning that the username was not found and fall back to a default user? Having apache not start on a shared server environment is not very good. Any comments/suggestions? Thank you Pablo -------------- next part -------------- An HTML attachment was scrubbed... URL: From sgunderson at bigfoot.com Wed Mar 18 10:45:05 2009 From: sgunderson at bigfoot.com (Steinar H. Gunderson) Date: Wed, 18 Mar 2009 10:45:05 +0100 Subject: [mpm-itk] AssignUserId questions In-Reply-To: <843a1de40903171323o20e77666pc43134ab730fc300@mail.gmail.com> References: <843a1de40903171323o20e77666pc43134ab730fc300@mail.gmail.com> Message-ID: <20090318094505.GA18823@uio.no> On Tue, Mar 17, 2009 at 04:23:32PM -0400, Pablo Godel wrote: > I've been playing around with mpm-itk and so far I really like it. I have a > few questions regarding AssignUserId. > So far it seems to only accept usernames. It does not like numeric uids and > if the username changes in passwd then if you restart apache it won't > restart because AssignUserId has the old name. In general, mpm-itk doesn't do uid/gid parsing itself -- it uses functions Apache exposes for this purpose. In other words, its functionality matches 100% that of all other usernames and group names in Apache. In other words, I think you have to take your request upstream. :-) /* Steinar */ -- Homepage: http://www.sesse.net/ From kernel01 at gmail.com Wed Mar 18 13:08:04 2009 From: kernel01 at gmail.com (Jess) Date: Wed, 18 Mar 2009 14:08:04 +0200 Subject: [mpm-itk] mpm-itk Digest, Vol 18, Issue 1 In-Reply-To: References: Message-ID: <714dbf6f0903180508g72de3eb5pd73c52354fdfe6e4@mail.gmail.com> Hi, I am not sure if you compiled Apache MPM ITK on your own or you're using the Debian/Ubuntu package, but if the latter, you might be interested in a file called: /etc/apache2/envvars, this allows you to export: export APACHE_RUN_USER=www-data export APACHE_RUN_GROUP=www-data And you can also run some shell manipulations here, so you could find the user attached to a certain UID and export it. Then, in the apache2.conf file, you could do: User ${APACHE_RUN_USER} Group ${APACHE_RUN_GROUP} And so on... On Wed, Mar 18, 2009 at 1:00 PM, wrote: > Send mpm-itk mailing list submissions to > mpm-itk at err.no > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.err.no/mailman/listinfo/mpm-itk > or, via email, send a message with subject or body 'help' to > mpm-itk-request at err.no > > You can reach the person managing the list at > mpm-itk-owner at err.no > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of mpm-itk digest..." > > > Today's Topics: > > 1. AssignUserId questions (Pablo Godel) > 2. Re: AssignUserId questions (Steinar H. Gunderson) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Tue, 17 Mar 2009 16:23:32 -0400 > From: Pablo Godel > Subject: [mpm-itk] AssignUserId questions > To: mpm-itk at err.no > Message-ID: > <843a1de40903171323o20e77666pc43134ab730fc300 at mail.gmail.com> > Content-Type: text/plain; charset="iso-8859-1" > > Hello, > I've been playing around with mpm-itk and so far I really like it. I have a > few questions regarding AssignUserId. > So far it seems to only accept usernames. It does not like numeric uids and > if the username changes in passwd then if you restart apache it won't > restart because AssignUserId has the old name. > > - would it be possible to use numeric uids in AssignUserId? > - or would it be possible to issue a warning that the username was not > found > and fall back to a default user? > > Having apache not start on a shared server environment is not very good. > > Any comments/suggestions? > > Thank you > Pablo > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > http://lists.err.no/pipermail/mpm-itk/attachments/20090317/db5333e7/attachment-0001.htm > > ------------------------------ > > Message: 2 > Date: Wed, 18 Mar 2009 10:45:05 +0100 > From: "Steinar H. Gunderson" > Subject: Re: [mpm-itk] AssignUserId questions > To: Pablo Godel > Cc: mpm-itk at err.no > Message-ID: <20090318094505.GA18823 at uio.no> > Content-Type: text/plain; charset=utf-8 > > On Tue, Mar 17, 2009 at 04:23:32PM -0400, Pablo Godel wrote: > > I've been playing around with mpm-itk and so far I really like it. I have > a > > few questions regarding AssignUserId. > > So far it seems to only accept usernames. It does not like numeric uids > and > > if the username changes in passwd then if you restart apache it won't > > restart because AssignUserId has the old name. > > In general, mpm-itk doesn't do uid/gid parsing itself -- it uses functions > Apache exposes for this purpose. In other words, its functionality matches > 100% that of all other usernames and group names in Apache. > > In other words, I think you have to take your request upstream. :-) > > /* Steinar */ > -- > Homepage: http://www.sesse.net/ > > > > ------------------------------ > > _______________________________________________ > mpm-itk mailing list > mpm-itk at err.no > http://lists.err.no/mailman/listinfo/mpm-itk > > > End of mpm-itk Digest, Vol 18, Issue 1 > ************************************** > -- Use Linux - Live longer Best regards, Jess Portnoy -------------- next part -------------- An HTML attachment was scrubbed... URL: From knut at auvor.no Wed Mar 18 13:23:48 2009 From: knut at auvor.no (Knut Auvor Grythe) Date: Wed, 18 Mar 2009 13:23:48 +0100 Subject: [mpm-itk] AssignUserId questions In-Reply-To: <20090318094505.GA18823@uio.no> References: <843a1de40903171323o20e77666pc43134ab730fc300@mail.gmail.com> <20090318094505.GA18823@uio.no> Message-ID: <20090318122348.GE4964@stud.ntnu.no> On Wed, Mar 18, 2009 at 10:45:05AM +0100, Steinar H. Gunderson wrote: >> I've been playing around with mpm-itk and so far I really like it. I have a >> few questions regarding AssignUserId. >> So far it seems to only accept usernames. It does not like numeric uids and >> if the username changes in passwd then if you restart apache it won't >> restart because AssignUserId has the old name. > > In general, mpm-itk doesn't do uid/gid parsing itself -- it uses functions > Apache exposes for this purpose. In other words, its functionality matches > 100% that of all other usernames and group names in Apache. > > In other words, I think you have to take your request upstream. :-) ...or you could just start using the correct syntax ;-) To use a uid instead of a user name, simply prefix the uid with a '#': AssignUserID #123 #234 I believe I've seen this kind of syntax in various other programs as well, so I think it's a pretty standard way of doing it in the unix world. -- Knut Auvor From pgodel at gmail.com Wed Mar 18 14:44:55 2009 From: pgodel at gmail.com (Pablo Godel) Date: Wed, 18 Mar 2009 09:44:55 -0400 Subject: [mpm-itk] AssignUserId questions In-Reply-To: <20090318122348.GE4964@stud.ntnu.no> References: <843a1de40903171323o20e77666pc43134ab730fc300@mail.gmail.com> <20090318094505.GA18823@uio.no> <20090318122348.GE4964@stud.ntnu.no> Message-ID: <843a1de40903180644v74ee9484ve91fccf92c88162b@mail.gmail.com> That's awesome, I did not know. Thank you! Pablo On Wed, Mar 18, 2009 at 8:23 AM, Knut Auvor Grythe wrote: > On Wed, Mar 18, 2009 at 10:45:05AM +0100, Steinar H. Gunderson wrote: > >> I've been playing around with mpm-itk and so far I really like it. I > have a > >> few questions regarding AssignUserId. > >> So far it seems to only accept usernames. It does not like numeric uids > and > >> if the username changes in passwd then if you restart apache it won't > >> restart because AssignUserId has the old name. > > > > In general, mpm-itk doesn't do uid/gid parsing itself -- it uses > functions > > Apache exposes for this purpose. In other words, its functionality > matches > > 100% that of all other usernames and group names in Apache. > > > > In other words, I think you have to take your request upstream. :-) > > ...or you could just start using the correct syntax ;-) > > To use a uid instead of a user name, simply prefix the uid with a '#': > > AssignUserID #123 #234 > > I believe I've seen this kind of syntax in various other programs as > well, so I think it's a pretty standard way of doing it in the unix > world. > > -- > Knut Auvor > -------------- next part -------------- An HTML attachment was scrubbed... URL: From sgunderson at bigfoot.com Sun Mar 22 00:01:11 2009 From: sgunderson at bigfoot.com (Steinar H. Gunderson) Date: Sun, 22 Mar 2009 00:01:11 +0100 Subject: [mpm-itk] New version of mpm-itk (2.2.11-01) Message-ID: <20090321230111.GA7915@uio.no> Hi, I've released a new version of mpm-itk (2.2.11-01), along with some reorganization/cleanups of the web page. The biggest change is that you can now do AssignUserID in and sections, which I guess should increase the flexibility a bit. (It's very lightly tested, though -- both testing and code audits would be very welcome!) >From the changelog: * NOTE: This release contains major new functionality. As with mpm-itk in general, you may want to consider closely whether you actually want to put it in production. Also note that Apache 2.0 is no longer supported. * Updated for Apache 2.2.11 (in particular, prefork had a few minor changes that are now incorporated). * Allow uid/gid and nice value to be set per-directory (actually per-location) in addition to per-vhost. Adapted from patch by Knut Auvor Grythe. * Some minor code cleanups. * If waitpid() is interrupted by a signal (returning EINTR), try again. This fixes a race condition where a graceful restart could fail and hang the child forever. Adapted from patch by Jan Boysen, who also diagnosed and reported the bug. * As a side effect of the per-directory patches doing proper config merging, you can now set default values for all options outside the vhost definitions and have them get properly overridden by settings in more specific scopes. * Fix a small memory leak on reload by using apr_pstrdup() instead of strdup(). Download is at http://mpm-itk.sesse.net/ as usual. I'll probably get the Debian packages (and by extension, eventually the Ubuntu packages) ready by tomorrow. /* Steinar */ -- Homepage: http://www.sesse.net/ From azurit at pobox.sk Sun Mar 22 13:39:26 2009 From: azurit at pobox.sk (azurIt) Date: Sun, 22 Mar 2009 13:39:26 +0100 Subject: [mpm-itk] New version of mpm-itk (2.2.11-01) Message-ID: Thank you! Are you going to create/update packages also for Debian Etch ? azur >-----P?vodn? spr?va----- >Od: Steinar H. Gunderson [mailto:sgunderson at bigfoot.com] >Komu: mpm-itk at err.no >Predmet: [mpm-itk] New version of mpm-itk (2.2.11-01) > > >Hi, > >I've released a new version of mpm-itk (2.2.11-01), along with some >reorganization/cleanups of the web page. The biggest change is that you can >now do AssignUserID in and sections, which I guess >should increase the flexibility a bit. (It's very lightly tested, though -- >both testing and code audits would be very welcome!) > >From the changelog: > >* NOTE: This release contains major new functionality. As with mpm-itk in >general, you may want to consider closely whether you actually want to >put it in production. Also note that Apache 2.0 is no longer supported. >* Updated for Apache 2.2.11 (in particular, prefork had a few minor changes >that are now incorporated). >* Allow uid/gid and nice value to be set per-directory (actually per-location) >in addition to per-vhost. Adapted from patch by Knut Auvor Grythe. >* Some minor code cleanups. >* If waitpid() is interrupted by a signal (returning EINTR), try again. >This fixes a race condition where a graceful restart could fail and hang >the child forever. Adapted from patch by Jan Boysen, who also diagnosed and >reported the bug. >* As a side effect of the per-directory patches doing proper config merging, >you can now set default values for all options outside the vhost definitions >and have them get properly overridden by settings in more specific scopes. >* Fix a small memory leak on reload by using apr_pstrdup() instead of >strdup(). > >Download is at http://mpm-itk.sesse.net/ as usual. I'll probably get the >Debian packages (and by extension, eventually the Ubuntu packages) ready by >tomorrow. > >/* Steinar */ >-- >Homepage: http://www.sesse.net/ > >_______________________________________________ >mpm-itk mailing list >mpm-itk at err.no >http://lists.err.no/mailman/listinfo/mpm-itk From sgunderson at bigfoot.com Sun Mar 22 14:39:48 2009 From: sgunderson at bigfoot.com (Steinar H. Gunderson) Date: Sun, 22 Mar 2009 14:39:48 +0100 Subject: [mpm-itk] New version of mpm-itk (2.2.11-01) In-Reply-To: References: Message-ID: <20090322133948.GA5988@uio.no> On Sun, Mar 22, 2009 at 01:39:26PM +0100, azurIt wrote: > Are you going to create/update packages also for Debian Etch ? No, none are planned. /* Steinar */ -- Homepage: http://www.sesse.net/ From oeriksson at mandriva.com Sun Mar 22 14:55:03 2009 From: oeriksson at mandriva.com (Oden Eriksson) Date: Sun, 22 Mar 2009 14:55:03 +0100 Subject: [mpm-itk] New version of mpm-itk (2.2.11-01) In-Reply-To: <20090322133948.GA5988@uio.no> References: <20090322133948.GA5988@uio.no> Message-ID: <200903221455.04203.oeriksson@mandriva.com> s?ndag 22 mars 2009 14:39:48 skrev Steinar H. Gunderson: > On Sun, Mar 22, 2009 at 01:39:26PM +0100, azurIt wrote: > > Are you going to create/update packages also for Debian Etch ? > > No, none are planned. > > /* Steinar */ fixed in mandriva cooker (will be in 2009 spring) :) -- Regards // Oden Eriksson From sgunderson at bigfoot.com Sun Mar 22 16:11:21 2009 From: sgunderson at bigfoot.com (Steinar H. Gunderson) Date: Sun, 22 Mar 2009 16:11:21 +0100 Subject: [mpm-itk] New version of mpm-itk (2.2.11-01) In-Reply-To: <20090321230111.GA7915@uio.no> References: <20090321230111.GA7915@uio.no> Message-ID: <20090322151121.GA6721@uio.no> On Sun, Mar 22, 2009 at 12:01:11AM +0100, Steinar H. Gunderson wrote: > Download is at http://mpm-itk.sesse.net/ as usual. I'll probably get the > Debian packages (and by extension, eventually the Ubuntu packages) ready by > tomorrow. Debian packages on their way to unstable. /* Steinar */ -- Homepage: http://www.sesse.net/ From christoph at interway.ch Wed Mar 25 16:09:26 2009 From: christoph at interway.ch (Christoph Roethlisberger) Date: Wed, 25 Mar 2009 16:09:26 +0100 Subject: [mpm-itk] Problem with 2.2.11-01 on Debian unstable Message-ID: <3240C50DB59B4D5CA251E6ACDBAE506E@brigitte> After upgrading my debian unstable box to the new mod_itk, suddenly all my webs on this server did not work anymore. (permission denied error) After a quick check I came to the conclusion that this new version can't ready any files where the WORLD user has no permissions to. As I store all files in 660 (770 for directorys) this caused a mayor problem and I'm are not sure if this change in behaviour is by design. My VirtualHost config looks like this: ServerName www.domain.com DocumentRoot /webhome/domain.com/www/ AssignUserID username groupname ... ... All files under the webroot belong to this user and group, so it should work imho. (and did till the update - and again after downgrade) Do I need a new/additional config option, or is this a problem with mod_itk itself? Christoph From mc-mpm-itk at skynet.com.es Wed Mar 25 17:27:08 2009 From: mc-mpm-itk at skynet.com.es (mc-mpm-itk at skynet.com.es) Date: Wed, 25 Mar 2009 17:27:08 +0100 Subject: [mpm-itk] Problem with 2.2.11-01 on Debian unstable In-Reply-To: <3240C50DB59B4D5CA251E6ACDBAE506E@brigitte> Message-ID: <6E508D4468224A1290B40A2C7C5F4C22@skynet.com.es> Hi, > After upgrading my debian unstable box to the new mod_itk, > suddenly all my > webs on this server did not work anymore. (permission denied error) Same behaviour here. Regular pages work in my case, however using .htaccess yields in the behaviour described: [Tue Mar 24 21:44:26 2009] [crit] [client 2001:1410:0:1001:10::2] (13)Permission denied: /var/www/openskynet.de/~mc/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable However, a .php page containing returns the correct user (which is allowed to read the .htaccess file o.c.). > Do I need a new/additional config option, or is this a > problem with mod_itk itself? That's what I also wonder at the moment :-) Br, Martin From sgunderson at bigfoot.com Wed Mar 25 18:05:12 2009 From: sgunderson at bigfoot.com (Steinar H. Gunderson) Date: Wed, 25 Mar 2009 18:05:12 +0100 Subject: [mpm-itk] Problem with 2.2.11-01 on Debian unstable In-Reply-To: <6E508D4468224A1290B40A2C7C5F4C22@skynet.com.es> References: <3240C50DB59B4D5CA251E6ACDBAE506E@brigitte> <6E508D4468224A1290B40A2C7C5F4C22@skynet.com.es> Message-ID: <20090325170512.GA14059@uio.no> On Wed, Mar 25, 2009 at 05:27:08PM +0100, mc-mpm-itk at skynet.com.es wrote: >> Do I need a new/additional config option, or is this a >> problem with mod_itk itself? > That's what I also wonder at the moment :-) It sounds like a bug to me. I'll investigate, but I won't get to do it today. /* Steinar */ -- Homepage: http://www.sesse.net/ From lampacz at gmail.com Thu Mar 26 12:56:55 2009 From: lampacz at gmail.com (Lampa) Date: Thu, 26 Mar 2009 12:56:55 +0100 Subject: [mpm-itk] DOCUMEN_ROOT problem Message-ID: <9aef75b10903260456re7aa853mae124c9b7a0ebf38@mail.gmail.com> Hello, is possible that with mod_itk (debian testing 2.2.6-02-1+b20) is problem with DOCUMENT_ROOT ? If i use VirtualDocumentRoot /var/www/local/domain.tld/home/%-3 i have DOCUMENT_ROOT set to /htdocs But if i use DocumentRoot /var/www/local/domain.tld/home/www DOCUMENT_ROOT is set to /var/www/local/domain.tld/home/www (which is correct) Never used mod_itk before, maybe i can try compile apache2 itself to see if problem isn't in package version. Thank you for advices and help. -- Lampa From sgunderson at bigfoot.com Thu Mar 26 16:00:55 2009 From: sgunderson at bigfoot.com (Steinar H. Gunderson) Date: Thu, 26 Mar 2009 16:00:55 +0100 Subject: [mpm-itk] DOCUMEN_ROOT problem In-Reply-To: <9aef75b10903260456re7aa853mae124c9b7a0ebf38@mail.gmail.com> References: <9aef75b10903260456re7aa853mae124c9b7a0ebf38@mail.gmail.com> Message-ID: <20090326150055.GB4227@uio.no> On Thu, Mar 26, 2009 at 12:56:55PM +0100, Lampa wrote: > is possible that with mod_itk (debian testing 2.2.6-02-1+b20) is > problem with DOCUMENT_ROOT ? I'm sorry, I don't understand your question. > If i use > > VirtualDocumentRoot /var/www/local/domain.tld/home/%-3 What is VirtualDocumentRoot? Something to do with mod_vhost_alias? > i have DOCUMENT_ROOT set to /htdocs DOCUMENT_ROOT the environment variable, or something else? /* Steinar */ -- Homepage: http://www.sesse.net/ From knut at auvor.no Thu Mar 26 16:11:12 2009 From: knut at auvor.no (Knut Auvor Grythe) Date: Thu, 26 Mar 2009 16:11:12 +0100 Subject: [mpm-itk] Problem with 2.2.11-01 on Debian unstable In-Reply-To: <6E508D4468224A1290B40A2C7C5F4C22@skynet.com.es> References: <3240C50DB59B4D5CA251E6ACDBAE506E@brigitte> <6E508D4468224A1290B40A2C7C5F4C22@skynet.com.es> Message-ID: <20090326151112.GD27596@stud.ntnu.no> On Wed, Mar 25, 2009 at 05:27:08PM +0100, mc-mpm-itk at skynet.com.es wrote: >> After upgrading my debian unstable box to the new mod_itk, suddenly >> all my webs on this server did not work anymore. (permission denied >> error) > > Same behaviour here. Regular pages work in my case, however using > .htaccess yields in the behaviour described: > > [Tue Mar 24 21:44:26 2009] [crit] [client 2001:1410:0:1001:10::2] (13)Permission denied: /var/www/openskynet.de/~mc/.htaccess > pcfg_openfile: unable to check htaccess file, ensure it is readable > > However, a .php page containing > returns the correct user (which is allowed to read the .htaccess file o.c.). As a side effect of the new per-directory syntax for setting, mpm-itk now does the setuid() at a slightly later time, after the per-directory config structure is created. This probably means that the .htaccess files are opened as root. Perhaps you are using NFS with root_squash enabled? That would explain the problem you are seeing. This is a potential issue that simply slipped my mind when I wrote the initial patch and submitted it. I guess it should be investigated a bit. -- Knut Auvor From lampacz at gmail.com Thu Mar 26 18:42:47 2009 From: lampacz at gmail.com (Lampa) Date: Thu, 26 Mar 2009 18:42:47 +0100 Subject: [mpm-itk] DOCUMEN_ROOT problem In-Reply-To: <20090326150055.GB4227@uio.no> References: <9aef75b10903260456re7aa853mae124c9b7a0ebf38@mail.gmail.com> <20090326150055.GB4227@uio.no> Message-ID: <9aef75b10903261042r634b72e1l81a3e4fd95053049@mail.gmail.com> Hello, yes VirtualDocumentRoot is from mod_vhost_alias, and DOCUMENT_ROOT is env variable from php/cgi script. But seem that nothing to do with mod-itk. Sorry for disturbing... 2009/3/26 Steinar H. Gunderson : > On Thu, Mar 26, 2009 at 12:56:55PM +0100, Lampa wrote: >> is possible that with mod_itk (debian testing 2.2.6-02-1+b20) is >> problem with DOCUMENT_ROOT ? > > I'm sorry, I don't understand your question. > >> If i use >> >> VirtualDocumentRoot /var/www/local/domain.tld/home/%-3 > > What is VirtualDocumentRoot? Something to do with mod_vhost_alias? > >> i have DOCUMENT_ROOT set to /htdocs > > DOCUMENT_ROOT the environment variable, or something else? > > /* Steinar */ > -- > Homepage: http://www.sesse.net/ > -- Lampa