Thread: [Lxr-general] apache (httpd) on f8 vs. fc6 running LXR
Brought to you by:
ajlittoz
From: Gene S. <gd...@ch...> - 2008-02-03 05:26:55
|
I have a LXR setup on fc6 that works fine. When I moved it to f8 (which seems to have the same versions of httpd, perl, mysql etc) I can only get it to work if I change the user/group in httpd.conf from apache:apache to myusername:myusername. The files accessed by httpd, perl etc are world readable and executable but owned by root, as they were in fc6. These are in /usr/lib/perl5/site_perl/.... I have tried changing all the files to owner/group apache:apache but that does not help. I have disabled selinux and that makes no difference, but saw no errors before disabling. I have made httpd.conf user/group nobody:nobody and that does not work. Only when I use my own UID/GID in httpd.conf does LXR work. I have set-up LXR several times before with other fedora/rh versions with no problem this difficult. Why would the apache account not work in f8 but it did work with the same files in fc6? Or should I just run apache as myself and be happy. This is only really used from localhost for the most part, not on the internet. By "not work" what I mean is all I see when I go to a link in LXR is "The directory / does not exist." which is produced in the /usr/local/lxr/sources script. No errors appear in the httpd logs since the script is producing a valid page. Got no answer on Fedora list when I asked this. Hope this makes it through the spam. Thanks, -gene |
From: Gene Sm(i)t. <gd...@gm...> - 2008-02-19 02:30:31
|
Gene Smith wrote, On 02/03/2008 12:26 AM: > I have a LXR setup on fc6 that works fine. When I moved it to f8 (which > seems to have the same versions of httpd, perl, mysql etc) I can only > get it to work if I change the user/group in httpd.conf from > apache:apache to myusername:myusername. The files accessed by httpd, > perl etc are world readable and executable but owned by root, as they > were in fc6. These are in /usr/lib/perl5/site_perl/.... > > I have tried changing all the files to owner/group apache:apache but > that does not help. I have disabled selinux and that makes no > difference, but saw no errors before disabling. I have made httpd.conf > user/group nobody:nobody and that does not work. Only when I use my own > UID/GID in httpd.conf does LXR work. > > I have set-up LXR several times before with other fedora/rh versions > with no problem this difficult. Why would the apache account not work in > f8 but it did work with the same files in fc6? Or should I just run > apache as myself and be happy. This is only really used from localhost > for the most part, not on the internet. > > By "not work" what I mean is all I see when I go to a link in LXR is > "The directory / does not exist." which is produced in the > /usr/local/lxr/sources script. No errors appear in the httpd logs since > the script is producing a valid page. > > Got no answer on Fedora list when I asked this. Hope this makes it > through the spam. To answer my own post, the reason was because the files accessed by lxr were in my home directory with permission 700 and apache could not go there. Pretty simple actually but not much hint from apache or lxr as to what the problem was. Just was looking at the /home/me/lxr-file/ directory which was set to 755, I think, but was was overriden by the /home/me/ setting of 700. (Didn't realize the permission are inherited but I guess they are.) |
From: Jan-Benedict G. <jb...@lu...> - 2008-02-19 23:57:29
|
On Mon, 2008-02-18 21:30:28 -0500, Gene Sm(i)th <gd...@gm...> wrote: > Gene Smith wrote, On 02/03/2008 12:26 AM: > > I have a LXR setup on fc6 that works fine. When I moved it to f8 (which > > seems to have the same versions of httpd, perl, mysql etc) I can only > > get it to work if I change the user/group in httpd.conf from > > apache:apache to myusername:myusername. The files accessed by httpd, > > perl etc are world readable and executable but owned by root, as they > > were in fc6. These are in /usr/lib/perl5/site_perl/.... [...] > To answer my own post, the reason was because the files accessed by lxr > were in my home directory with permission 700 and apache could not go > there. Pretty simple actually but not much hint from apache or lxr as to > what the problem was. Just was looking at the /home/me/lxr-file/ > directory which was set to 755, I think, but was was overriden by the > /home/me/ setting of 700. (Didn't realize the permission are inherited > but I guess they are.) I hope you didn't need full two weeks to look at either strace output? Were there no error messages in apache's error.log? No specific error messages in HTTP output? MfG, JBG -- Jan-Benedict Glaw jb...@lu... +49-172-7608481 Signature of: Zensur im Internet? Nein danke! the second : |
From: Gene Sm(i)t. <gd...@gm...> - 2008-02-25 01:04:35
|
Malcolm Box wrote, On 02/19/2008 05:27 AM: > On Feb 19, 2008 2:30 AM, Gene Sm(i)th <gd...@gm...> wrote: >> To answer my own post, the reason was because the files accessed by lxr >> were in my home directory with permission 700 and apache could not go >> there. Pretty simple actually but not much hint from apache or lxr as to >> what the problem was. Just was looking at the /home/me/lxr-file/ >> directory which was set to 755, I think, but was was overriden by the >> /home/me/ setting of 700. (Didn't realize the permission are inherited >> but I guess they are.) > > Permissions aren't inherited, but apache needs to be able to traverse > the whole path. That requires permissions for apache on each > directory on the path. Otherwise the kernel will not allow the file > to be read. > > So you need apache to have permissions on /home, /home/me and /home/lxr-file > > Malcolm I created a user/group "test" and within test account I was unable to cat files or list files in /home/me/lxr-file (set to 755) unless I changed /home/me to 705 so permission seemed to be inherited for this simple case (unless I am missing something here). By the way, thanks for your excellent work on LXR. I use it constantly! -gene |
From: Jan-Benedict G. <jb...@lu...> - 2008-02-25 08:22:14
|
On Sun, 2008-02-24 20:04:27 -0500, Gene Smith <gd...@gm...> wrote: [...] > I created a user/group "test" and within test account I was unable to > cat files or list files in /home/me/lxr-file (set to 755) unless I > changed /home/me to 705 so permission seemed to be inherited for this > simple case (unless I am missing something here). > > By the way, thanks for your excellent work on LXR. I use it constantly! This is standard Unix behaviour: You can open any file with proper priviliges (knowing its filename beforehand), but to open a directory (needed for reading the filenames within), you need a complete chain of e'x'ecure rights for all directories back to / . MfG, JBG -- Jan-Benedict Glaw jb...@lu... +49-172-7608481 Signature of: What we do for ourselves dies with us. What we do for the second : others and the world remains and is immortal. (Albert Pine) |
From: Gene Sm(i)t. <gd...@gm...> - 2008-02-25 01:20:30
|
Jan-Benedict Glaw wrote, On 02/19/2008 06:57 PM: > On Mon, 2008-02-18 21:30:28 -0500, Gene Sm(i)th <gd...@gm...> wrote: >> Gene Smith wrote, On 02/03/2008 12:26 AM: >>> I have a LXR setup on fc6 that works fine. When I moved it to f8 (which >>> seems to have the same versions of httpd, perl, mysql etc) I can only >>> get it to work if I change the user/group in httpd.conf from >>> apache:apache to myusername:myusername. The files accessed by httpd, >>> perl etc are world readable and executable but owned by root, as they >>> were in fc6. These are in /usr/lib/perl5/site_perl/.... > [...] >> To answer my own post, the reason was because the files accessed by lxr >> were in my home directory with permission 700 and apache could not go >> there. Pretty simple actually but not much hint from apache or lxr as to >> what the problem was. Just was looking at the /home/me/lxr-file/ >> directory which was set to 755, I think, but was was overriden by the >> /home/me/ setting of 700. (Didn't realize the permission are inherited >> but I guess they are.) > > I hope you didn't need full two weeks to look at either strace output? > Were there no error messages in apache's error.log? No specific error > messages in HTTP output? > > MfG, JBG > Sorry, don't know much about strace. Didn't know it could be useful in debugging my problem. Also, saw no errors in apache logs since I think the "sources" script detected the error and generated OK html which just said file not found. No permission denied or such messages. Actually, didn't take 2 weeks to fix, just didn't reply immediately. Possibly you will say rtfm, but how do you use strace to debug lxr problems (if I dare ask). -gene |
From: Jan-Benedict G. <jb...@lu...> - 2008-02-25 08:19:37
|
On Sun, 2008-02-24 20:20:22 -0500, Gene Smith <gd...@gm...> wrote: > Jan-Benedict Glaw wrote, On 02/19/2008 06:57 PM: > > On Mon, 2008-02-18 21:30:28 -0500, Gene Smith <gd...@gm...> wrote: > > > Gene Smith wrote, On 02/03/2008 12:26 AM: > > > > I have a LXR setup on fc6 that works fine. When I moved it to f8 (which > > > > seems to have the same versions of httpd, perl, mysql etc) I can only > > > > get it to work if I change the user/group in httpd.conf from > > > > apache:apache to myusername:myusername. The files accessed by httpd, > > > > perl etc are world readable and executable but owned by root, as they > > > > were in fc6. These are in /usr/lib/perl5/site_perl/.... > > [...] > > > To answer my own post, the reason was because the files accessed by lxr > > > were in my home directory with permission 700 and apache could not go > > > there. Pretty simple actually but not much hint from apache or lxr as to > > > what the problem was. Just was looking at the /home/me/lxr-file/ > > > directory which was set to 755, I think, but was was overriden by the > > > /home/me/ setting of 700. (Didn't realize the permission are inherited > > > but I guess they are.) > > > > I hope you didn't need full two weeks to look at either strace output? > > Were there no error messages in apache's error.log? No specific error > > messages in HTTP output? > > Sorry, don't know much about strace. Didn't know it could be useful in > debugging my problem. Also, saw no errors in apache logs since I think > the "sources" script detected the error and generated OK html which just > said file not found. No permission denied or such messages. > Actually, didn't take 2 weeks to fix, just didn't reply immediately. > > Possibly you will say rtfm, but how do you use strace to debug lxr > problems (if I dare ask). strace traces system calls, the border between userland programs and the kernel. You can strace the whole apache processes from startup (strace -f -ff -F -s 200 -o xxxxxxx /etc/init.d/apache start) or attach to individual worker backends afterwards (-p PID). Apache is one of the harder programs to properly strace, because it does so much surrounding work, which all results in a lot of issued system calls, bloating the logs. It's kind of an art to read those, guessing what happens here and there :) However, you won't really notice suspicious stuff unless you're used to C programming. MfG, JBG -- Jan-Benedict Glaw jb...@lu... +49-172-7608481 Signature of: What we do for ourselves dies with us. What we do for the second : others and the world remains and is immortal. (Albert Pine) |