You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Stéphane Blondon <st...@gmail.com> on 2018/09/02 11:30:32 UTC

Re: Is it interesting to add some filepath checks to apachectl -t ?

Hello,

sorry to come back but I get no replies so I don't know if it has been ignored
because considered as not good or you were too busy with the last release.


Regards,
Stéphane

On 03/07/2018 22:57, Stéphane Blondon wrote:
> Hello,
> 
> `apachectl -t` checks the configuration files. The documentation
> explains it's not complete.
> It seems paths (for DocumentRoot for example) or the write access for
> log directory are not checked. (tested with apache v.2.4.25.)
> 
> Are you interested by such a feature?
> If I understand the code properly, the check is done by
> ap_run_test_config(), called in main.c. However, I don't find the
> definition of the function in the httpd-2.4.33 archive. I downloaded the
> archive at:
> 
> http://apache.mirrors.ovh.net/ftp.apache.org/dist//httpd/httpd-2.4.33.tar.bz2
> 
> I have no idea if I have the skills to implement that in C but I can
> look for it.
> 
> I susbcribed to the mailing list.
> 
> Regards,
> Stéphane
>

Re: Is it interesting to add some filepath checks to apachectl -t ?

Posted by Stéphane Blondon <st...@gmail.com>.

Le lun. 14 janv. 2019 à 18:33, William A Rowe Jr <wr...@rowe-clan.net> a écrit :
>
> There should not be a 'warn' level emit for a non-existent directory. Unlike the
> DocumentRoot or Alias, which are searched, <Directory > blocks describe
> protection. It's entirely reasonable to protect paths which aren't physically on
> the system at the current moment or in the current deployment. Something
> at the 'debug' level would be entirely reasonable, perhaps even at 'info' level.

`apachectl -t -e DEBUG` does not display a message about the
non-existent directory.
So I guess this check is not done. I will see if I can code the check
(as debug or info level) or I will add a wishlist bug in the
bugtracker.

Regards
-- 
Stéphane

Re: Is it interesting to add some filepath checks to apachectl -t ?

Posted by William A Rowe Jr <wr...@rowe-clan.net>.

There should not be a 'warn' level emit for a non-existent directory.
Unlike the
DocumentRoot or Alias, which are searched, <Directory > blocks describe
protection. It's entirely reasonable to protect paths which aren't
physically on
the system at the current moment or in the current deployment. Something
at the 'debug' level would be entirely reasonable, perhaps even at 'info'
level.


On Sun, Jan 13, 2019 at 3:39 PM Stéphane Blondon <st...@gmail.com>
wrote:

> Hello,
>
> sorry for the huge delay :/
>
> >>> On 03/07/2018 22:57, Stéphane Blondon wrote:
> >>>> Hello,
> >>>>
> >>>> `apachectl -t` checks the configuration files. The documentation
> >>>> explains it's not complete.
> >>>> It seems paths (for DocumentRoot for example) or the write access for
> >>>> log directory are not checked. (tested with apache v.2.4.25.)
>
> On 02/09/2018 13:56, Daniel Ferradal wrote:
> > but httpd is invoked from it and already checks if document root exists
> and
> > if does not it does not start, and log directory is always writable
>
>
> You're right: I tested with a more recent version (2.4.37) and
> 'DocumentRoot' path and logs directories ('ErrorLog' and 'CustomLog')
> are checked.
>
> I wonder if `apachectl -t` should provide a warning if the path for
> 'Directory' directive does not exist.
>
> For example, <Directory /var/www/demo>
> if /var/www/demo does not exist, `apachectl -t` does not complain. I
> though it would display a warning like AH00112 for DocumentRoot:
> Warning: DocumentRoot [/var/www/demo] does not exist
>
>
> Regards,
> Stéphane
>
>

Re: Is it interesting to add some filepath checks to apachectl -t ?

Posted by Stéphane Blondon <st...@gmail.com>.

Hello,

sorry for the huge delay :/

>>> On 03/07/2018 22:57, Stéphane Blondon wrote:
>>>> Hello,
>>>>
>>>> `apachectl -t` checks the configuration files. The documentation
>>>> explains it's not complete.
>>>> It seems paths (for DocumentRoot for example) or the write access for
>>>> log directory are not checked. (tested with apache v.2.4.25.)

On 02/09/2018 13:56, Daniel Ferradal wrote:
> but httpd is invoked from it and already checks if document root exists and
> if does not it does not start, and log directory is always writable

You're right: I tested with a more recent version (2.4.37) and
'DocumentRoot' path and logs directories ('ErrorLog' and 'CustomLog')
are checked.

I wonder if `apachectl -t` should provide a warning if the path for
'Directory' directive does not exist.

For example, <Directory /var/www/demo>
if /var/www/demo does not exist, `apachectl -t` does not complain. I
though it would display a warning like AH00112 for DocumentRoot:
Warning: DocumentRoot [/var/www/demo] does not exist

Regards,
Stéphane

Re: Is it interesting to add some filepath checks to apachectl -t ?

Posted by Daniel Ferradal <df...@apache.org>.

but httpd is invoked from it and already checks if document root exists and
if does not it does not start, and log directory is always writable unless
selinux is involved because those are written with root. So I am not sure
what is the gain here.

El dom., 2 sept. 2018 13:41, Yann Ylavic <yl...@gmail.com> escribió:

> Hi Stéphane,
>
> sorry for the delay.
>
> >
> > On 03/07/2018 22:57, Stéphane Blondon wrote:
> > > Hello,
> > >
> > > `apachectl -t` checks the configuration files. The documentation
> > > explains it's not complete.
> > > It seems paths (for DocumentRoot for example) or the write access for
> > > log directory are not checked. (tested with apache v.2.4.25.)
> > >
> > > Are you interested by such a feature?
>
> Sure, improvements are always welcome!
>
> > > If I understand the code properly, the check is done by
> > > ap_run_test_config(), called in main.c. However, I don't find the
> > > definition of the function in the httpd-2.4.33 archive.
>
> apr_run_*() functions run the hooks registered with ap_hook_*(), so
> you may want to search for "test_config" in the sources and see how
> such functions are implemented/hooked (and how hooks mechanism work in
> general for that case).
> Then possibly add your code in one of the hooks or create a new hook
> if that fits better.
>
> > >
> > > I have no idea if I have the skills to implement that in C but I can
> > > look for it.
>
> Thanks!
>
> Regards,
> Yann.
>

Re: Is it interesting to add some filepath checks to apachectl -t ?

Posted by Yann Ylavic <yl...@gmail.com>.

Hi Stéphane,

sorry for the delay.

>
> On 03/07/2018 22:57, Stéphane Blondon wrote:
> > Hello,
> >
> > `apachectl -t` checks the configuration files. The documentation
> > explains it's not complete.
> > It seems paths (for DocumentRoot for example) or the write access for
> > log directory are not checked. (tested with apache v.2.4.25.)
> >
> > Are you interested by such a feature?

Sure, improvements are always welcome!

> > If I understand the code properly, the check is done by
> > ap_run_test_config(), called in main.c. However, I don't find the
> > definition of the function in the httpd-2.4.33 archive.

apr_run_*() functions run the hooks registered with ap_hook_*(), so
you may want to search for "test_config" in the sources and see how
such functions are implemented/hooked (and how hooks mechanism work in
general for that case).
Then possibly add your code in one of the hooks or create a new hook
if that fits better.

> >
> > I have no idea if I have the skills to implement that in C but I can
> > look for it.

Thanks!

Regards,
Yann.