From owner-freebsd-apache@freebsd.org Thu Aug 6 13:37:26 2020 Return-Path: Delivered-To: freebsd-apache@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 511BF3A2DC2 for ; Thu, 6 Aug 2020 13:37:26 +0000 (UTC) (envelope-from spil.oss@gmail.com) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 4BMqKx6jwZz48TK for ; Thu, 6 Aug 2020 13:37:25 +0000 (UTC) (envelope-from spil.oss@gmail.com) Received: by mailman.nyi.freebsd.org (Postfix) id E69453A2D71; Thu, 6 Aug 2020 13:37:25 +0000 (UTC) Delivered-To: apache@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E65D43A2DC1 for ; Thu, 6 Aug 2020 13:37:25 +0000 (UTC) (envelope-from spil.oss@gmail.com) Received: from mail-ej1-x62d.google.com (mail-ej1-x62d.google.com [IPv6:2a00:1450:4864:20::62d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4BMqKw50cXz48C5 for ; Thu, 6 Aug 2020 13:37:24 +0000 (UTC) (envelope-from spil.oss@gmail.com) Received: by mail-ej1-x62d.google.com with SMTP id d6so36511904ejr.5 for ; Thu, 06 Aug 2020 06:37:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:reply-to:from:date:message-id :subject:to:cc:content-transfer-encoding; bh=LOQwGomltb004Ui+VkLPBd+EjRHY/JfmegO4KfMRGPY=; b=HJrl0WY3YEmStbq+7qqs0p/M0eFrtvc2LjUZJ2lO8UMGLCEnSSPjpSLpTWTKINoA+U 9tN3wz3meTG4unF1BlvUhNJZS5V1lM3Kjq/fycDsfvouoesVbPrfkmKDEen5VoD13lah GcT6LzPh7UD9v/jJsRJP9bFkLeEYZY7CKCbGkPeU2a7OgxYMKRjJWr7OiGpT99xVAgsM bdC6aExh6NNrGxtRXCttLQbEeBat61BxP1Ffidfd7QAW3fvhpoVuIBb9MhGsjvyBUcrz oN3Rh4iUQyB4W3zE2sqtOI+jwtMkSJC0TLAJSFMgGUlbEitWtKfeAJEEmdPQmlW2CS+m tWVw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:reply-to :from:date:message-id:subject:to:cc:content-transfer-encoding; bh=LOQwGomltb004Ui+VkLPBd+EjRHY/JfmegO4KfMRGPY=; b=B+jDxOn09ssbGM8vZxsl1L94+VJdDR6oxbz4E3DvrChTyOoH24Nwwz8oq2u64Lhh0+ x4YQbKrBECTUzzCrqvxFW1eUTuKFpuErXbUIw+66lObT9nVOf5Z9ytvzoiQPaHn7/b/O 3hp1arpNHxIFi69UDwgMsA7ukaKi95QvmqVpJYsQh7eqCvSDw1Gp8EUOuTFGGlCYh8N1 PTu0Aza3ABhWnu3BkrqzVdEo5MTDAKmTQClYfYVawz1mX1+SG165lcB96W7CnRhXPFjq nCD+cOniwaIvBsxHdZt5vdJEjgzRn9kOGMQHNS4ipRstNDvdhI/BwC/uaxCbguPi3Fbn ksdA== X-Gm-Message-State: AOAM5328uVZJgBqzRCIWxzXHfMAGwV+Htfnbfas6MkwNO083tCtafHrY GbtAD5y29J2zfuZEU/i8NxaLS7zDEEwVg9LXIQ== X-Google-Smtp-Source: ABdhPJyRdUdiZ8BInKCExOHDJhv4faY4Va3ksuJ+qbdbTVc9WLSQsGPO4YZDxw5maZLEX7Tw7O7EGQX1LB23QixjTM4= X-Received: by 2002:a17:906:998f:: with SMTP id af15mr4221290ejc.461.1596721042951; Thu, 06 Aug 2020 06:37:22 -0700 (PDT) MIME-Version: 1.0 References: <00BA340A-F575-4B2F-ADB3-FBE5A1AA3F11@fluent.ltd.uk> <9EFA087D-1DB3-4041-A5B4-9F37D90290E1@fluent.ltd.uk> In-Reply-To: <9EFA087D-1DB3-4041-A5B4-9F37D90290E1@fluent.ltd.uk> Reply-To: spil.oss@gmail.com From: Spil Oss Date: Thu, 6 Aug 2020 15:37:12 +0200 Message-ID: Subject: Re: FreeBSD Port: www/apache24 To: Jonathan Gilpin Cc: "apache@freebsd.org" Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 4BMqKw50cXz48C5 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=HJrl0WY3; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of spiloss@gmail.com designates 2a00:1450:4864:20::62d as permitted sender) smtp.mailfrom=spiloss@gmail.com X-Spamd-Result: default: False [-3.00 / 15.00]; HAS_REPLYTO(0.00)[spil.oss@gmail.com]; TO_DN_EQ_ADDR_SOME(0.00)[]; TO_DN_SOME(0.00)[]; FREEMAIL_FROM(0.00)[gmail.com]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; NEURAL_HAM_SHORT(-0.03)[-0.029]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; TAGGED_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.97)[-0.970]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; FREEMAIL_REPLYTO(0.00)[gmail.com]; REPLYTO_DOM_EQ_FROM_DOM(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[apache@freebsd.org]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::62d:from]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-apache@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Support of apache-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Aug 2020 13:37:26 -0000 And I'd advise to use mod_fastcgi with PHP. This allows you to run PHP in a different user-context too. I don't see the numerical user- and group-id's documented in Apache's docs either. On Fri, Oct 18, 2019 at 2:40 PM Jonathan Gilpin wr= ote: > > Sorry I forgot to include this: > > # suexec -V > -D AP_DOC_ROOT=3D"/home" > -D AP_GID_MIN=3D1000 > -D AP_HTTPD_USER=3D"www" > -D AP_LOG_EXEC=3D"/var/log/httpd-suexec.log" > -D AP_SAFE_PATH=3D"/usr/local/bin:/usr/bin:/bin" > -D AP_UID_MIN=3D1000 > -D AP_USERDIR_SUFFIX=3D"public_html" > > > # httpd -V > Server version: Apache/2.4.41 (FreeBSD) > Server built: unknown > Server's Module Magic Number: 20120211:88 > Server loaded: APR 1.7.0, APR-UTIL 1.6.1 > Compiled using: APR 1.7.0, APR-UTIL 1.6.1 > Architecture: 64-bit > Server MPM: prefork > threaded: no > forked: yes (variable process count) > Server compiled with.... > -D APR_HAS_SENDFILE > -D APR_HAS_MMAP > -D APR_HAVE_IPV6 (IPv4-mapped addresses disabled) > -D APR_USE_FLOCK_SERIALIZE > -D APR_USE_PTHREAD_SERIALIZE > -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT > -D APR_HAS_OTHER_CHILD > -D AP_HAVE_RELIABLE_PIPED_LOGS > -D DYNAMIC_MODULE_LIMIT=3D256 > -D HTTPD_ROOT=3D"/usr/local" > -D SUEXEC_BIN=3D"/usr/local/sbin/suexec" > -D DEFAULT_PIDLOG=3D"/var/run/httpd.pid" > -D DEFAULT_SCOREBOARD=3D"/var/run/apache_runtime_status" > -D DEFAULT_ERRORLOG=3D"/var/log/httpd-error.log" > -D AP_TYPES_CONFIG_FILE=3D"etc/apache24/mime.types" > -D SERVER_CONFIG_FILE=3D"etc/apache24/httpd.conf" > > > > > > On 18 Oct 2019, at 13:38, Jonathan Gilpin wrot= e: > > > > Dear Sir, > > > > I have am using the FreeBSD Apache 2.4 with Suexec Port to run PHP. > > > > I have discovered that files uploaded in PHP using basic code are endin= g up owned by the group =E2=80=98wheel=E2=80=99 rather than the group speci= fied in > > > > SuexecUserGroup "#3008" "#3010" > > > > E.g. I end up with: > > > > -rw-r--r-- 1 marsecreview wheel 209166 Oct 18 13:12 Screensh= ot 2019-10-17 at 18.02.49.png > > > > # id marsecreview > > uid=3D3008(marsecreview) gid=3D3010(marsecreview) groups=3D3010(marsecr= eview) > > > > This is a standard installation so Apache runs as www on FreeBSD: > > > > id www > > uid=3D80(www) gid=3D80(www) groups=3D80(www) > > > > So I really do not understand where the =E2=80=98wheel=E2=80=99 group i= s coming into this.. > > > > entry from /etc/group is: > > > > wheel:*:0:root,jonathan > > > > > > Is this a bug? > > > > Kind Regards, > > > > Jonathan Gilpin > > > > > > > > > > _______________________________________________ > freebsd-apache@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-apache > To unsubscribe, send any mail to "freebsd-apache-unsubscribe@freebsd.org"