I recently installed httpd-2.2.9 (with LDAP and SSL) on my Mac OS X 10.5.4 box. Everything went very smoothly except for one thing; Apache keeps shutting down due to the following initgroups failures:
[Wed Oct 08 15:00:48 2008] [alert] (22)Invalid argument: initgroups: unable to set groups for User <user> and Group <gid>
After doing quite a bit of research, I found a few others who had also run into this problem (some of them dating back to 1995). However, I was unable to find a solution. The main difference I am noticing with the problem I'm having as compared to other users is that initgroups() seems to fail at what seems like random intervals for me. I read up a bit on how this error was getting thrown for some while trying to start httpd due to the user being a member of too many groups. However, I don't think that is the problem here and this error certainly has not been occurring when starting up httpd.
I tried to trace the code that was causing the issue and I found the following (httpd-2.2.9/os/unix/unixd.c):
if (initgroups(name, unixd_config.group_id) == -1) {
ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL,
"initgroups: unable to set groups for User %s "
"and Group %u", name, (unsigned)unixd_config.group_id);
return -1;
}
One of the posts I read involved trying to resolve the issue by comparing the initgroups() return value to 1. However, initgroups() returns a -1 for errors (or when not called by a super-user) so comparing it to 1 would not really be solving the problem. Lastly, I tried to set permissions for the httpd script which is owned by root (/bin/httpd) to 4755 to try to prevent initgroups from failing due to non-sudo calls. That seemed to fix it, but after 1 week, it has crashed again. The main problem is that it seems to crash very randomly.
The following is the ./configure command I used (if it helps):
./configure --prefix=/usr/local/httpd-2.2.9 --enable-mods-shared=most --enable-ssl --enable-ldap --with-ldap --with-included-apr --enable-auth-ldap --enable-authnz-ldap --enable-proxy
So after all this, I have a couple of questions. Can someone please point me in the right direction for reproducing this problem? It *seems* to be pretty random for me in terms of when it fails. Has anyone else run into this problem? Does this problem have anything to do with the modules that I am using or is it just something wrong with my Apache installation? And finally, since initgroups() needs to be called by a super-user, how does it ever return successfully at all?
I realize from all of the Googling I've done that this problem has been occurring for httpd customers since 1995, however, I have had no luck in finding a proper solution so any help would be greatly appreciated.
Thanks a bunch!
-AS
