[Koha-bugs] [Bug 14774] Task Scheduler not working on Ubuntu/Apache2.4

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Thu Oct 8 04:11:39 CEST 2015


http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14774

Craig Miskell <craig at catalyst.net.nz> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |craig at catalyst.net.nz

--- Comment #1 from Craig Miskell <craig at catalyst.net.nz> ---
It appears based on some debugging that when running under apache-mpm-itk,
setuid binaries like 'at' don't have quite enough permissions to do what they
need. While it does end up running as daemon.daemon, and can write to files in
/var/spool/cron/atjobs/, it fails at the fchown step with EPERM.  From the docs
for fchown, that means "The effective UID does not match the owner of the file,
and the process is not privileged (Linux: it does not have the CAP_FOWNER
capability))". 

Without going deeper, I expect this is a result of mpm-itk dropping
capabilities or privileges to get down to the run-time user, and not being able
to elevate back up as a result. This would affect any other setuid programs
too.

Converting to some sort of app-layer (starman? plack?) may solve it, where
apache runs as normal, and the application runs out of app processes that run
as the correct user from the start, and which can therefore setuid back up.

-- 
You are receiving this mail because:
You are watching all bug changes.


More information about the Koha-bugs mailing list