The Apache process runs as the user specified in httpd.conf; it also
runs with the group id specified there too. This poses an interesting
problem, when the web user appears in the /etc/group file. Should you
actually login as the web user (or use su), you get access to all
files to which the web user is a group member of. Should you access
the file from the Apache server daemon -- you don't. Surprise -
things look broken.
Apache needs to execute the initgroups() function, but this critical
function is wrapped in #ifdef MULTIPLE_GROUPS, which means before you
compile the software you need to somehow tell your environment you
want that compiler directive.
One hack is to edit your Makefile in apache_1.3.22/src/main. This
however is ultra ugly.
By tracing things back, I've found that I can edit
apache_1.3.22/src/apaci and append the following line before doing a
build:
echo '-DMULTIPLE_GROUPS'
This has the interesting effect of passing the directive as needed,
when needed.
I notice the other lines in this file tend to come from the
./configure script. Yet no where in any book, documentation, faq, or
web search have I found a clean way for a simple mortal to request
this very important option. (Part of the reason for documenting it
here and now -- to save others time.)
Does anyone know any special directive, command, or option that's
Apache blessed to get additional options and compiler directives
passed along?
-Walt Stoneburner,
<w...@wwco.com>