php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #80669 Can't initgroups() when specifying numeric user
Submitted: 2021-01-25 16:49 UTC Modified: 2021-01-25 17:14 UTC
From: andreas dot ley at kit dot edu Assigned:
Status: Open Package: FPM related
PHP Version: Irrelevant OS: Debian GNU/Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: andreas dot ley at kit dot edu
New email:
PHP Version: OS:

 

 [2021-01-25 16:49 UTC] andreas dot ley at kit dot edu
Description:
------------
When using PHP-FPM, you can configure the "user" directive for a pool with either an (alphanumeric) username or a (numeric) uid. However, if you do the latter, initgroups() won't set supplementary groups.

This is due to fpm_unix_init_child() in sapi/fpm/fpm/fpm_unix.c calling "initgroups(wp->config->user, wp->set_gid)".

One possible solution would be changing this to "initgroups(wp->user, wp->set_gid)" which would require to set wp->user from getpwuid(wp->set_uid) in fpm_unix_conf_wp() in the very same file, which currently is only done when is_root is false.

One objection could be that a uid might not be unique, but the same applies to the non-root case. Another possibility then might be an explicit configuration directive for supplementary groups.

If you decide to go for the first solution, I'd volunteer to write a patch for that upon request.


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-01-25 17:14 UTC] cmb@php.net
-Package: *Configuration Issues +Package: FPM related
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Sat Apr 17 21:01:27 2021 UTC