Ok.  I didn't know that SER had the ability to change the GID it runs under (and therefore change the group owner of the FIFO hopefully).  This would solve the problem.  In my case I'd just set "group=serfifo".

HOWEVER, why I try this, I get: 

{root@fs/pts/7}~# ser -P /var/run/ser.pid -dddd -g serfifo
Segmentation fault

I tried it both in ser.cfg (group=serfifo), and both as text group names, and as a numeric group ID (499 in my case).  Both caused a SEGFAULT.  This is the SER CVS from the "0.8.11-r1" branch, compiled on a RH7.3 system w/ gcc 2.96.

I can't really see a reason for this SEGF except for a possible null pointer dereference in this code seg:

if ((tmp==0) ||(*tmp)){
Don't have time to debug at the moment.

- Jim

Andrei Pelinescu-Onciul wrote:
On Nov 25, 2003 at 14:49, Jim Burwell <jimb@jsbc.cc> wrote:
  
Yes.  When they changed the permissions on the FIFO, they made it 
inaccessable to the normal Apache user.  Too bad they didn't make the 
fifo owner/permissions a config file setting.  I just created a group 
called "serfifo", made "apache" a member of it, and put something like 
"(sleep 5; chgrp serfifo $SERFIFO) &" into my SER startup script.  This 
waits in the background for five seconds, then changes group ownership 
of the FIFO to one the apache user is a member of.  You have to wait a 
few seconds before doing the chgrp, because SER forks immediately on 
start, and can take some time to create the FIFO, so your chgrp can 
actually execute before the FIFO is created (race condition), so you 
must give it a few seconds.  The FIFO already has group rw perms as 
created by SER.
    

Fifo permissions can be changes from the config file. Use
fifo_mode=0666. You could try also to change your ser group (start ser
 with -g serinfo or add group=serinfo in the cfg).

We changed the fifo permissions because it introduced some security
problems on multi-user (read untrusted users) systems (DOS on ser using
fifo, overwritting files using fifo and setting the reply fifo to a link
in /tmp to some file elsewhere on the filesystem.). Now also ser will
 try to delete & recreate /tmp/fifo on startup to make sure it has the
 proper permissions.



Andrei
  

-- 
+---------------------------------------------------------------------------+
|         Jim Burwell - Sr. Systems/Network/Security Engineer, JSBC         |
+---------------------------------------------------------------------------+
| "I never let my schooling get in the way of my education." - Mark Twain   |
| "UNIX was never designed to keep people from doing stupid things, because |
|  that policy would also keep them from doing clever things." - Doug Gwyn  |
| "Cool is only three letters away from Fool" - Mike Muir, Suicyco          |
| "..Government in its best state is but a necessary evil; in its worst     |
|  state an intolerable one.." - Thomas Paine, "Common Sense" (1776)        |
+---------------------------------------------------------------------------+
|   Email:  jimb@jsbc.cc                              ICQ UIN:  1695089     |
+---------------------------------------------------------------------------+
|  Reply problems ?  Turn off the "sign" function in email prog.  Blame MS. |
+---------------------------------------------------------------------------+