|
|
bdaebd |
diff --git a/modules/md/mod_md_os.c b/modules/md/mod_md_os.c
|
|
|
bdaebd |
index f96d566..8df0248 100644
|
|
|
bdaebd |
--- a/modules/md/mod_md_os.c
|
|
|
bdaebd |
+++ b/modules/md/mod_md_os.c
|
|
|
bdaebd |
@@ -41,14 +41,20 @@
|
|
|
bdaebd |
|
|
|
bdaebd |
apr_status_t md_try_chown(const char *fname, unsigned int uid, int gid, apr_pool_t *p)
|
|
|
bdaebd |
{
|
|
|
bdaebd |
-#if AP_NEED_SET_MUTEX_PERMS
|
|
|
bdaebd |
- if (-1 == chown(fname, (uid_t)uid, (gid_t)gid)) {
|
|
|
bdaebd |
- apr_status_t rv = APR_FROM_OS_ERROR(errno);
|
|
|
bdaebd |
- if (!APR_STATUS_IS_ENOENT(rv)) {
|
|
|
bdaebd |
- ap_log_perror(APLOG_MARK, APLOG_ERR, rv, p, APLOGNO(10082)
|
|
|
bdaebd |
- "Can't change owner of %s", fname);
|
|
|
bdaebd |
+#if AP_NEED_SET_MUTEX_PERMS && HAVE_UNISTD_H
|
|
|
bdaebd |
+ /* Since we only switch user when running as root, we only need to chown directories
|
|
|
bdaebd |
+ * in that case. Otherwise, the server will ignore any "user/group" directives and
|
|
|
bdaebd |
+ * child processes have the same privileges as the parent.
|
|
|
bdaebd |
+ */
|
|
|
bdaebd |
+ if (!geteuid()) {
|
|
|
bdaebd |
+ if (-1 == chown(fname, (uid_t)uid, (gid_t)gid)) {
|
|
|
bdaebd |
+ apr_status_t rv = APR_FROM_OS_ERROR(errno);
|
|
|
bdaebd |
+ if (!APR_STATUS_IS_ENOENT(rv)) {
|
|
|
bdaebd |
+ ap_log_perror(APLOG_MARK, APLOG_ERR, rv, p, APLOGNO(10082)
|
|
|
bdaebd |
+ "Can't change owner of %s", fname);
|
|
|
bdaebd |
+ }
|
|
|
bdaebd |
+ return rv;
|
|
|
bdaebd |
}
|
|
|
bdaebd |
- return rv;
|
|
|
bdaebd |
}
|
|
|
bdaebd |
return APR_SUCCESS;
|
|
|
bdaebd |
#else
|
|
|
bdaebd |
@@ -58,11 +64,7 @@ apr_status_t md_try_chown(const char *fname, unsigned int uid, int gid, apr_pool
|
|
|
bdaebd |
|
|
|
bdaebd |
apr_status_t md_make_worker_accessible(const char *fname, apr_pool_t *p)
|
|
|
bdaebd |
{
|
|
|
bdaebd |
-#if AP_NEED_SET_MUTEX_PERMS
|
|
|
bdaebd |
return md_try_chown(fname, ap_unixd_config.user_id, -1, p);
|
|
|
bdaebd |
-#else
|
|
|
bdaebd |
- return APR_ENOTIMPL;
|
|
|
bdaebd |
-#endif
|
|
|
bdaebd |
}
|
|
|
bdaebd |
|
|
|
bdaebd |
#ifdef WIN32
|