You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Vincent Blondel <vi...@xtra-net.org> on 2005/10/03 15:00:37 UTC

[users@httpd] apache Read/Write permissions problems ???

Hello all,

My society needs a package containing apache that must meet next requirements :

- all data , software and configuration must be isolated in /opt/apache
- the package needs to run on FreeBSD
- /opt/apache ( and all files in it ) must be owned by user:group apache:apache <--> 0755
- httpd must run as user:group www:apache

The advantage of such a configuration is that

- we can easily update our software on all of our servers
- we can give the System Administration to this branch of our IT services to a dedicated team without giving them the root password
- httpd process can run safely with only write access on the directories where it is absolutely needed ( log, run , ... )

...

The package is now ready but I get some problems. When I run apachectl as root user, process httpd runs correctly but when I run it as
user apache , I get next error :

[emerg] (2)No such file or directory: Couldn't create accept lock

The problem is I don't know what file cannot be read ?

Regards
Vincent


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] apache Read/Write permissions problems ???

Posted by Vincent Blondel <vi...@xtra-net.org>.

This is not my case because "Listen" is configured with port 8080 to bypass this problem and when I run it with root it is correctly
listening on port 8080.

> Vincent Blondel wrote:
>> Hello all,
>>
>> My society needs a package containing apache that must meet next requirements :
>>
>> - all data , software and configuration must be isolated in /opt/apache
>> - the package needs to run on FreeBSD
>> - /opt/apache ( and all files in it ) must be owned by user:group apache:apache <--> 0755
>> - httpd must run as user:group www:apache
>>
>> The advantage of such a configuration is that
>>
>> - we can easily update our software on all of our servers
>> - we can give the System Administration to this branch of our IT services to a dedicated team without giving them the root password
>> - httpd process can run safely with only write access on the directories where it is absolutely needed ( log, run , ... )
>>
>> ...
>>
>> The package is now ready but I get some problems. When I run apachectl as root user, process httpd runs correctly but when I run it
>> as
>> user apache , I get next error :
>>
>> [emerg] (2)No such file or directory: Couldn't create accept lock
>>
>> The problem is I don't know what file cannot be read ?
> If you don't run apachectl as root, the parent process is unable to open
> port for listening. You need root privileges for opening <1024 port that
>   is.
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] apache Read/Write permissions problems ???

Posted by Eimantas Vaičiūnas <ei...@unit.lt>.

Vincent Blondel wrote:
> Hello all,
> 
> My society needs a package containing apache that must meet next requirements :
> 
> - all data , software and configuration must be isolated in /opt/apache
> - the package needs to run on FreeBSD
> - /opt/apache ( and all files in it ) must be owned by user:group apache:apache <--> 0755
> - httpd must run as user:group www:apache
> 
> The advantage of such a configuration is that
> 
> - we can easily update our software on all of our servers
> - we can give the System Administration to this branch of our IT services to a dedicated team without giving them the root password
> - httpd process can run safely with only write access on the directories where it is absolutely needed ( log, run , ... )
> 
> ...
> 
> The package is now ready but I get some problems. When I run apachectl as root user, process httpd runs correctly but when I run it as
> user apache , I get next error :
> 
> [emerg] (2)No such file or directory: Couldn't create accept lock
> 
> The problem is I don't know what file cannot be read ?
If you don't run apachectl as root, the parent process is unable to open 
port for listening. You need root privileges for opening <1024 port that 
  is.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] apache Read/Write permissions problems ???

Posted by Dmitriy Kirhlarov <dk...@oilspace.com>.

On Mon, Oct 03, 2005 at 03:00:37PM +0200, Vincent Blondel wrote:
> 
> My society needs a package containing apache that must meet next requirements :
> 
> - all data , software and configuration must be isolated in /opt/apache
> - the package needs to run on FreeBSD
ports(7) about PREFIX

> - /opt/apache ( and all files in it ) must be owned by user:group apache:apache <--> 0755
> - httpd must run as user:group www:apache

Try use your own Makefile.inc or Makefile.local

> The advantage of such a configuration is that
> 
> - we can easily update our software on all of our servers
ports

> - we can give the System Administration to this branch of our IT services to a dedicated team without giving them the root password
ports

> - httpd process can run safely with only write access on the directories where it is absolutely needed ( log, run , ... )

All this can be configured and used over ports(7). Don't forget -- it's FreeBSD.

WBR
-- 
Dmitriy Kirhlarov
OILspace, 26 Leninskaya sloboda, bld. 2, 2nd floor, 115280 Moscow, Russia
P:+7 095 105 7247 ext.203 F:+7 095 105 7246 E:DmitriyKirhlarov@oilspace.com
OILspace - The resource enriched - www.oilspace.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] apache Read/Write permissions problems ???

Posted by Vincent Blondel <vi...@xtra-net.org>.

I "chmod 777" ( just for the test) all "run" and "log"  directories so that I am sure all *.pid *.log and all running stuffs can be
created but what is suprising me is that the log file does not mention this filename.

Even when I truss the httpd process I get thousands of lines corresponding to all the files and libraries loaded but last lines do not
mention any filename that cannot be read.

> Vincent,
> 	Apache wants to create a file httpd.pid (usually in the logs
> directory) - check entry from httpd.conf. This directory is often
> owned by root, which means user apache cannot wite the file at
> startup.
>
> rgds
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] apache Read/Write permissions problems ???

Posted by Dave Floyd <da...@pa.press.net>.

Vincent,
	Apache wants to create a file httpd.pid (usually in the logs 
directory) - check entry from httpd.conf. This directory is often 
owned by root, which means user apache cannot wite the file at 
startup.

rgds

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org