Bug 64172 - Error 'user doesn't appear in group file'
Summary: Error 'user doesn't appear in group file'
Status: RESOLVED FIXED
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_authz_groupfile (show other bugs)
Version: 2.4.41
Hardware: PC All
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords: FixedInTrunk
Depends on:
Blocks:
 
Reported: 2020-02-23 13:08 UTC by tm8544
Modified: 2020-04-19 08:25 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description tm8544 2020-02-23 13:08:54 UTC
Consider the following Auth container:

<RequireAny>
   Require group MY_USERS
   Require user User_X
</RequireAny>

User_X is not included in group file MY_USERS.
When I access the site as User_X, access is granted but there is an error in Apache log.

module authz_groupfile logs the following error:
authz_groupfile:error pid 3448:tid 4880 client XXX.XXX.XXX.XXX:53607 AH01666: Authorization of user User_X to access /index.php failed, reason: user doesn't appear in group file (XXXXXXXXX_MY_GROUP).

But considering the container there is no error, so why log it as an error?
Would a notice do?
Comment 1 Eric Covener 2020-02-23 13:26:21 UTC
(In reply to tm8544 from comment #0)
> Consider the following Auth container:
> 
> <RequireAny>
>    Require group MY_USERS
>    Require user User_X
> </RequireAny>
> 
> User_X is not included in group file MY_USERS.
> When I access the site as User_X, access is granted but there is an error in
> Apache log.
> 
> module authz_groupfile logs the following error:
> authz_groupfile:error pid 3448:tid 4880 client XXX.XXX.XXX.XXX:53607
> AH01666: Authorization of user User_X to access /index.php failed, reason:
> user doesn't appear in group file (XXXXXXXXX_MY_GROUP).
> 
> But considering the container there is no error, so why log it as an error?
> Would a notice do?

notice is quite high too.  There were a handful of these kinds of things that cropped up in early 2.4 that were suppressed.
Comment 2 Eric Covener 2020-02-23 13:31:42 UTC
Dropped to INFO in trunk and proposed for 2.4.x

http://svn.apache.org/r1874424
Comment 3 Eric Covener 2020-02-23 13:32:22 UTC
For posterity, maybe you can add the user w/ no groups to the groupfile to suppress the message.
Comment 4 tm8544 2020-02-23 15:50:40 UTC
I did that as a temporaty solution.
Comment 5 Christophe JAILLET 2020-04-19 08:25:00 UTC
Backported in 2.4.x in r1874907

This is part of 2.4.42