Project

General

Profile

Actions

Bug #1336

closed

server.username & server.groupname

Added by Anonymous over 14 years ago. Updated over 13 years ago.

Status:
Wontfix
Priority:
Normal
Category:
core
Target version:
-
ASK QUESTIONS IN Forums:

Description

Currently, server.username sets only the user and server.groupname sets only the group.

This means that if lighttpd is started as root, both server.username and server.groupname must be specified in order for lighttpd to drop privileges.

It also means that there is no facility to set a group list.

I propose updating the server.username and server.groupname logic as follows:

if server.groupname is set {
setgroups( to specified group )
setgid( to specified group )
}
elseif server.username is set {
setgroups( to group list for specified user )
setgid( to group for specified user )
}
if server.username is set {
setuid( to specified user )
}

I am willing to write a patch if the logic is agreeable.

-- daniel.kauffman


Related issues

Related to Bug #2725: server.groupname not required with server.usernameFixed2016-04-11Actions
Actions #1

Updated by stbuehler over 13 years ago

  • Status changed from New to Fixed
  • Resolution set to wontfix

You have to specify username and the primary group you want, initgroups is used to set the other groups a user is in. perhaps we could use the default primary group of a user if no group is given. (such a patch would probably get accepted).

Actions #2

Updated by stbuehler over 13 years ago

  • Status changed from Fixed to Wontfix
Actions #3

Updated by gstrauss about 6 years ago

  • Related to Bug #2725: server.groupname not required with server.username added
Actions #4

Updated by gstrauss about 6 years ago

  • Related to deleted (Bug #2725: server.groupname not required with server.username)
Actions #5

Updated by gstrauss about 6 years ago

  • Related to Bug #2725: server.groupname not required with server.username added
Actions

Also available in: Atom