From 7b396c078cc8fef18f37cc9a22c437f13921e375 Mon Sep 17 00:00:00 2001 From: Jerome Loyet Date: Wed, 23 May 2012 09:49:13 +0200 Subject: [PATCH] - Fixed bug #61835 (php-fpm is not allowed to run as root) --- NEWS | 1 + sapi/fpm/fpm/fpm.c | 6 ++++-- sapi/fpm/fpm/fpm.h | 3 ++- sapi/fpm/fpm/fpm_main.c | 8 +++++++- sapi/fpm/fpm/fpm_unix.c | 10 +++++----- 5 files changed, 19 insertions(+), 9 deletions(-) diff --git a/NEWS b/NEWS index d6ac422541..c1d5f618b0 100644 --- a/NEWS +++ b/NEWS @@ -6,6 +6,7 @@ PHP NEWS - FPM . Fixed bug #61045 (fpm don't send error log to fastcgi clients). (fat) + . Fixed bug #61835 (php-fpm is not allowed to run as root). (fat) - XML Writer: . Fixed bug #62064 (memory leak in the XML Writer module). diff --git a/sapi/fpm/fpm/fpm.c b/sapi/fpm/fpm/fpm.c index 96aabbfc49..909902b71c 100644 --- a/sapi/fpm/fpm/fpm.c +++ b/sapi/fpm/fpm/fpm.c @@ -37,10 +37,11 @@ struct fpm_globals_s fpm_globals = { .max_requests = 0, .is_child = 0, .test_successful = 0, - .heartbeat = 0 + .heartbeat = 0, + .run_as_root = 0, }; -int fpm_init(int argc, char **argv, char *config, char *prefix, char *pid, int test_conf) /* {{{ */ +int fpm_init(int argc, char **argv, char *config, char *prefix, char *pid, int test_conf, int run_as_root) /* {{{ */ { fpm_globals.argc = argc; fpm_globals.argv = argv; @@ -49,6 +50,7 @@ int fpm_init(int argc, char **argv, char *config, char *prefix, char *pid, int t } fpm_globals.prefix = prefix; fpm_globals.pid = pid; + fpm_globals.run_as_root = run_as_root; if (0 > fpm_php_init_main() || 0 > fpm_stdio_init_main() || diff --git a/sapi/fpm/fpm/fpm.h b/sapi/fpm/fpm/fpm.h index bfeac4d67d..2a69cb229f 100644 --- a/sapi/fpm/fpm/fpm.h +++ b/sapi/fpm/fpm/fpm.h @@ -8,7 +8,7 @@ #include int fpm_run(int *max_requests); -int fpm_init(int argc, char **argv, char *config, char *prefix, char *pid, int test_conf); +int fpm_init(int argc, char **argv, char *config, char *prefix, char *pid, int test_conf, int run_as_root); struct fpm_globals_s { pid_t parent_pid; @@ -25,6 +25,7 @@ struct fpm_globals_s { int is_child; int test_successful; int heartbeat; + int run_as_root; }; extern struct fpm_globals_s fpm_globals; diff --git a/sapi/fpm/fpm/fpm_main.c b/sapi/fpm/fpm/fpm_main.c index 5767971911..e74986fa75 100644 --- a/sapi/fpm/fpm/fpm_main.c +++ b/sapi/fpm/fpm/fpm_main.c @@ -154,6 +154,7 @@ static const opt_struct OPTIONS[] = { {'t', 0, "test"}, {'p', 1, "prefix"}, {'g', 1, "pid"}, + {'R', 0, "allow-to-run-as-root"}, {'-', 0, NULL} /* end of args */ }; @@ -1557,6 +1558,7 @@ int main(int argc, char *argv[]) char *fpm_pid = NULL; int test_conf = 0; int php_information = 0; + int php_allow_to_run_as_root = 0; fcgi_init(); @@ -1670,6 +1672,10 @@ int main(int argc, char *argv[]) php_information = 1; break; + case 'R': /* allow to run as root */ + php_allow_to_run_as_root = 1; + break; + default: case 'h': case '?': @@ -1793,7 +1799,7 @@ consult the installation file that came with this distribution, or visit \n\ } } - if (0 > fpm_init(argc, argv, fpm_config ? fpm_config : CGIG(fpm_config), fpm_prefix, fpm_pid, test_conf)) { + if (0 > fpm_init(argc, argv, fpm_config ? fpm_config : CGIG(fpm_config), fpm_prefix, fpm_pid, test_conf, php_allow_to_run_as_root)) { return FAILURE; } diff --git a/sapi/fpm/fpm/fpm_unix.c b/sapi/fpm/fpm/fpm_unix.c index 17d0b8125c..fb61d63416 100644 --- a/sapi/fpm/fpm/fpm_unix.c +++ b/sapi/fpm/fpm/fpm_unix.c @@ -112,12 +112,12 @@ static int fpm_unix_conf_wp(struct fpm_worker_pool_s *wp) /* {{{ */ } } -#ifndef I_REALLY_WANT_ROOT_PHP - if (wp->set_uid == 0 || wp->set_gid == 0) { - zlog(ZLOG_ERROR, "[pool %s] please specify user and group other than root", wp->config->name); - return -1; + if (!fpm_globals.run_as_root) { + if (wp->set_uid == 0 || wp->set_gid == 0) { + zlog(ZLOG_ERROR, "[pool %s] please specify user and group other than root", wp->config->name); + return -1; + } } -#endif } else { /* not root */ if (wp->config->user && *wp->config->user) { zlog(ZLOG_WARNING, "[pool %s] 'user' directive is ignored when FPM is not running as root", wp->config->name); -- 2.40.0