the S10 boxes are running as LDAP clients (using LDAP instead of NIS) in the proxy configuration, pam_unix.
With the PHP5 module loaded the Apache daemon user does not know of his secondary groups, only his primary group as defined in the httpd.conf plus any local groups in /etc/group if there are any. Which I don't want there to be, because that's the purpose of using the LDAP.
I took the Apache supplied printenv perl script in cgi-bin and added this info to demonstrate the problem:
print "Data about the running process:<BR>
<pre>
Real user id : $<
Effective user id : $>
Real group id : $(
Effective group id : $)
</pre><br>\n";
The output with PHP5 module loaded, where 99 is a local group and 42 is the default group (and in ldap):
Real user id : 10The output without PHP5 loaded:
Effective user id : 10
Real group id : 42 99 42
Effective group id : 42 99 42
Real user id : 10I've tried recompiling PHP with and without LDAP libraries, --enable-yp...
Effective user id : 10
Real group id : 42 7000 775 124 60010 602 60009 125 216 60008 42
Effective group id : 42 7000 775 124 60010 602 60009 125 216 60008 42
I played with the safe_mod and safe_mode_gid settings, setting them 0,1, 1,1, 0,0 and had no change.
I am running both Apache and PHP with full 64bit binaries. That was no small feat.
Any ideas or help?
--
-Kevin
