NGINX Unit - universal web app server - a lightweight and versatile open source server that simplifies the application stack by natively executing application code across eight different programming language runtimes.
2f23923e44
Now the nxt_user_groups_get() function uses getgrouplist(3) when available (except MacOS, see below). For some platforms, getgrouplist() supports a method of probing how much groups the user has but the behavior is not consistent. The method used here consists of optimistically trying to get up to min(256, NGROUPS_MAX) groups; only if ngroups returned exceeds the original value, we do a second call. This method can block main's process if LDAP/NDIS+ is in use. MacOS has getgrouplist(3) but it's buggy. It doesn't update ngroups if the value passed is smaller than the number of groups the user has. Some projects (like Go stdlib) call getgrouplist() in a loop, increasing ngroups until it exceeds the number of groups user belongs to or fail when a limit is reached. For performance reasons, this is to be avoided and MacOS is handled in the fallback implementation. The fallback implementation is the old Unit approach. It saves main's user groups (getgroups(2)) and then calls initgroups(3) to load application's groups in main, then does a second getgroups(2) to store the gids and restore main's groups in the end. Because of initgroups(3)' call to setgroups(2), this method requires root capabilities. In the case of OSX, which has small NGROUPS_MAX by default (16), it's not possible to restore main's groups if it's large; if so, this method fallbacks again: user_cred gids aren't stored, and the worker process calls initgroups() itself and may block for some time if LDAP/NDIS+ is in use. |
||
---|---|---|
auto | ||
docs | ||
pkg | ||
src | ||
test | ||
.hgtags | ||
CHANGES | ||
configure | ||
LICENSE | ||
NOTICE | ||
README | ||
version |
NGINX Unit ---------- The documentation and binary packages are available online: http://unit.nginx.org The source code is provided under the terms of Apache License 2.0: http://hg.nginx.org/unit Please ask questions, report issues, and send patches to the mailing list: unit@nginx.org (http://mailman.nginx.org/mailman/listinfo/unit) or via Github: https://github.com/nginx/unit -- NGINX, Inc. http://nginx.com