On Nov 25, 2003 at 14:49, Jim Burwell jimb@jsbc.cc wrote:
Yes. When they changed the permissions on the FIFO, they made it inaccessable to the normal Apache user. Too bad they didn't make the fifo owner/permissions a config file setting. I just created a group called "serfifo", made "apache" a member of it, and put something like "(sleep 5; chgrp serfifo $SERFIFO) &" into my SER startup script. This waits in the background for five seconds, then changes group ownership of the FIFO to one the apache user is a member of. You have to wait a few seconds before doing the chgrp, because SER forks immediately on start, and can take some time to create the FIFO, so your chgrp can actually execute before the FIFO is created (race condition), so you must give it a few seconds. The FIFO already has group rw perms as created by SER.
Fifo permissions can be changes from the config file. Use fifo_mode=0666. You could try also to change your ser group (start ser with -g serinfo or add group=serinfo in the cfg).
We changed the fifo permissions because it introduced some security problems on multi-user (read untrusted users) systems (DOS on ser using fifo, overwritting files using fifo and setting the reply fifo to a link in /tmp to some file elsewhere on the filesystem.). Now also ser will try to delete & recreate /tmp/fifo on startup to make sure it has the proper permissions.
Andrei