You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Vincent Blondel <vi...@xtra-net.org> on 2005/10/03 15:00:37 UTC
[users@httpd] apache Read/Write permissions problems ???
Hello all,
My society needs a package containing apache that must meet next requirements :
- all data , software and configuration must be isolated in /opt/apache
- the package needs to run on FreeBSD
- /opt/apache ( and all files in it ) must be owned by user:group apache:apache <--> 0755
- httpd must run as user:group www:apache
The advantage of such a configuration is that
- we can easily update our software on all of our servers
- we can give the System Administration to this branch of our IT services to a dedicated team without giving them the root password
- httpd process can run safely with only write access on the directories where it is absolutely needed ( log, run , ... )
...
The package is now ready but I get some problems. When I run apachectl as root user, process httpd runs correctly but when I run it as
user apache , I get next error :
[emerg] (2)No such file or directory: Couldn't create accept lock
The problem is I don't know what file cannot be read ?
Regards
Vincent
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] apache Read/Write permissions problems ???
Posted by Vincent Blondel <vi...@xtra-net.org>.
This is not my case because "Listen" is configured with port 8080 to bypass this problem and when I run it with root it is correctly
listening on port 8080.
> Vincent Blondel wrote:
>> Hello all,
>>
>> My society needs a package containing apache that must meet next requirements :
>>
>> - all data , software and configuration must be isolated in /opt/apache
>> - the package needs to run on FreeBSD
>> - /opt/apache ( and all files in it ) must be owned by user:group apache:apache <--> 0755
>> - httpd must run as user:group www:apache
>>
>> The advantage of such a configuration is that
>>
>> - we can easily update our software on all of our servers
>> - we can give the System Administration to this branch of our IT services to a dedicated team without giving them the root password
>> - httpd process can run safely with only write access on the directories where it is absolutely needed ( log, run , ... )
>>
>> ...
>>
>> The package is now ready but I get some problems. When I run apachectl as root user, process httpd runs correctly but when I run it
>> as
>> user apache , I get next error :
>>
>> [emerg] (2)No such file or directory: Couldn't create accept lock
>>
>> The problem is I don't know what file cannot be read ?
> If you don't run apachectl as root, the parent process is unable to open
> port for listening. You need root privileges for opening <1024 port that
> is.
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] apache Read/Write permissions problems ???
Posted by Eimantas Vaičiūnas <ei...@unit.lt>.
Vincent Blondel wrote:
> Hello all,
>
> My society needs a package containing apache that must meet next requirements :
>
> - all data , software and configuration must be isolated in /opt/apache
> - the package needs to run on FreeBSD
> - /opt/apache ( and all files in it ) must be owned by user:group apache:apache <--> 0755
> - httpd must run as user:group www:apache
>
> The advantage of such a configuration is that
>
> - we can easily update our software on all of our servers
> - we can give the System Administration to this branch of our IT services to a dedicated team without giving them the root password
> - httpd process can run safely with only write access on the directories where it is absolutely needed ( log, run , ... )
>
> ...
>
> The package is now ready but I get some problems. When I run apachectl as root user, process httpd runs correctly but when I run it as
> user apache , I get next error :
>
> [emerg] (2)No such file or directory: Couldn't create accept lock
>
> The problem is I don't know what file cannot be read ?
If you don't run apachectl as root, the parent process is unable to open
port for listening. You need root privileges for opening <1024 port that
is.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] apache Read/Write permissions problems ???
Posted by Dmitriy Kirhlarov <dk...@oilspace.com>.
On Mon, Oct 03, 2005 at 03:00:37PM +0200, Vincent Blondel wrote:
>
> My society needs a package containing apache that must meet next requirements :
>
> - all data , software and configuration must be isolated in /opt/apache
> - the package needs to run on FreeBSD
ports(7) about PREFIX
> - /opt/apache ( and all files in it ) must be owned by user:group apache:apache <--> 0755
> - httpd must run as user:group www:apache
Try use your own Makefile.inc or Makefile.local
> The advantage of such a configuration is that
>
> - we can easily update our software on all of our servers
ports
> - we can give the System Administration to this branch of our IT services to a dedicated team without giving them the root password
ports
> - httpd process can run safely with only write access on the directories where it is absolutely needed ( log, run , ... )
All this can be configured and used over ports(7). Don't forget -- it's FreeBSD.
WBR
--
Dmitriy Kirhlarov
OILspace, 26 Leninskaya sloboda, bld. 2, 2nd floor, 115280 Moscow, Russia
P:+7 095 105 7247 ext.203 F:+7 095 105 7246 E:DmitriyKirhlarov@oilspace.com
OILspace - The resource enriched - www.oilspace.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] apache Read/Write permissions problems ???
Posted by Vincent Blondel <vi...@xtra-net.org>.
I "chmod 777" ( just for the test) all "run" and "log" directories so that I am sure all *.pid *.log and all running stuffs can be
created but what is suprising me is that the log file does not mention this filename.
Even when I truss the httpd process I get thousands of lines corresponding to all the files and libraries loaded but last lines do not
mention any filename that cannot be read.
> Vincent,
> Apache wants to create a file httpd.pid (usually in the logs
> directory) - check entry from httpd.conf. This directory is often
> owned by root, which means user apache cannot wite the file at
> startup.
>
> rgds
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] apache Read/Write permissions problems ???
Posted by Dave Floyd <da...@pa.press.net>.
Vincent,
Apache wants to create a file httpd.pid (usually in the logs
directory) - check entry from httpd.conf. This directory is often
owned by root, which means user apache cannot wite the file at
startup.
rgds
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org