Ok. I didn't know that SER had the ability to change the GID it runs under (and therefore change the group owner of the FIFO hopefully). This would solve the problem. In my case I'd just set "group=serfifo".
HOWEVER, why I try this, I get:
{root@fs/pts/7}~# ser -P /var/run/ser.pid -dddd -g serfifo Segmentation fault
I tried it both in ser.cfg (group=serfifo), and both as text group names, and as a numeric group ID (499 in my case). Both caused a SEGFAULT. This is the SER CVS from the "0.8.11-r1" branch, compiled on a RH7.3 system w/ gcc 2.96.
I can't really see a reason for this SEGF except for a possible null pointer dereference in this code seg:
if ((tmp==0) ||(*tmp)){
Don't have time to debug at the moment.
- Jim
Andrei Pelinescu-Onciul wrote:
On Nov 25, 2003 at 14:49, Jim Burwell jimb@jsbc.cc wrote:
Yes. When they changed the permissions on the FIFO, they made it inaccessable to the normal Apache user. Too bad they didn't make the fifo owner/permissions a config file setting. I just created a group called "serfifo", made "apache" a member of it, and put something like "(sleep 5; chgrp serfifo $SERFIFO) &" into my SER startup script. This waits in the background for five seconds, then changes group ownership of the FIFO to one the apache user is a member of. You have to wait a few seconds before doing the chgrp, because SER forks immediately on start, and can take some time to create the FIFO, so your chgrp can actually execute before the FIFO is created (race condition), so you must give it a few seconds. The FIFO already has group rw perms as created by SER.
Fifo permissions can be changes from the config file. Use fifo_mode=0666. You could try also to change your ser group (start ser with -g serinfo or add group=serinfo in the cfg).
We changed the fifo permissions because it introduced some security problems on multi-user (read untrusted users) systems (DOS on ser using fifo, overwritting files using fifo and setting the reply fifo to a link in /tmp to some file elsewhere on the filesystem.). Now also ser will try to delete & recreate /tmp/fifo on startup to make sure it has the proper permissions.
Andrei