Jul 092006
 

I’ve fixed the cache problem.

Reading the last few posts here, you’d know there have been a few cache problems. I’m hesitant to say it’s now all fixed, but well, I hope so.

The latest problem related to clearing cache entries. It was a permissions issue. The script which removes the cache entries runs as setuidgid(8). This explains why the problem occured only when processing cvs-all emails, and not when I ran the script from the command line.

The cache entries are created by PHP running as user www under Apache. The cache entries are cleared by Perl running as user dan, under a shell script. Thus, the file permissions have to be such that they can be created by www and deleted by dan. Initially, I was going with chgrp www:www and putting myself in group www. However, this fails when running as setuidgid(8).

What is setuidgid you might ask? It is part of sysutils/daemontools and it is part of the FreshPorts foundation. It has been used by FreshPorts since the very beginning. daemontools is a collection of tools for managing UNIX services. I use this tool to keep the FreshPorts daemon running. This daemon processes the incoming emails from the cvs-all mailing list.

So why is this causing a problem? This is why:


[dan@laptop:~] $ id
uid=1001(dan) gid=1001(dan) groups=1001(dan), 0(wheel)
[dan@laptop:~] $ sudo setuidgid dan id
uid=1001(dan) gid=1001(dan) groups=1001(dan)
[dan@laptop:~] $

That’s just an example from my laptop, but you can see how the wheel group is removed. The answer is found in man 8 setuidgid:


setuidgid sets its uid and gid to account's uid and gid, removing all
supplementary groups. It then runs child.

Ahh! OK, so I then tried a different set of permission: chown www:dan and chmod 777.

Now everything seems to be working OK.

Time will tell.

I thank those people who took the time to email me about the problems they say. And to Christian Laursen and nox who provided feedback and insight when I started talking about the issues on IRC.

cheers

Website Pin Facebook Twitter Myspace Friendfeed Technorati del.icio.us Digg Google StumbleUpon Premium Responsive