PHP :: Bug #80669 :: Can't initgroups() when specifying numeric user

Bug #80669	Can't initgroups() when specifying numeric user
Submitted:	2021-01-25 16:49 UTC	Modified:	2022-11-23 12:35 UTC
From:	andreas dot ley at kit dot edu	Assigned:	bukka (profile)
Status:	Closed	Package:	FPM related
PHP Version:	Irrelevant	OS:	Debian GNU/Linux
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	andreas dot ley at kit dot edu
New email:
PHP Version:		OS:

New Comment:

[2021-01-25 16:49 UTC] andreas dot ley at kit dot edu

Description:
------------
When using PHP-FPM, you can configure the "user" directive for a pool with either an (alphanumeric) username or a (numeric) uid. However, if you do the latter, initgroups() won't set supplementary groups.

This is due to fpm_unix_init_child() in sapi/fpm/fpm/fpm_unix.c calling "initgroups(wp->config->user, wp->set_gid)".

One possible solution would be changing this to "initgroups(wp->user, wp->set_gid)" which would require to set wp->user from getpwuid(wp->set_uid) in fpm_unix_conf_wp() in the very same file, which currently is only done when is_root is false.

One objection could be that a uid might not be unique, but the same applies to the non-root case. Another possibility then might be an explicit configuration directive for supplementary groups.

If you decide to go for the first solution, I'd volunteer to write a patch for that upon request.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2021-01-25 17:14 UTC] cmb@php.net

-Package: *Configuration Issues +Package: FPM related

[2022-11-23 10:41 UTC] git@php.net

Automatic comment on behalf of bukka
Revision: https://github.com/php/php-src/commit/94702c56e0cc98166b12ebc202e6aebf08b12b5e
Log: Fix bug #80669: FPM numeric user fails to set groups

[2022-11-23 10:41 UTC] git@php.net

-Status: Open +Status: Closed

[2022-11-23 12:35 UTC] bukka@php.net

-Assigned To: +Assigned To: bukka

[2022-11-23 12:35 UTC] bukka@php.net

Just for the reference this was fixed by this PR: https://github.com/php/php-src/pull/9983


Except setting user from getpwuid, I also set a group which is a small BC break but the previous behavior (using root group) was not intended and seems wrong and not very secure... Anyway in case anyone relies on it, I merged it to 8.2 only.

I think we don't really need to worry about non unique uid as there are probably not many users that use them and as you say it doesn't work for non-root already.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Nov 21 12:01:29 2024 UTC