Re: [mod-security-users] problems with apache2 + chroot + httpd.pid
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] problems with apache2 + chroot + httpd.pid
|
From: Ivan R. <iv...@we...> - 2004-12-13 12:15:09
|
Raphael Koifman wrote:
> Hello,
> The setup is as follows:
>
> - apache2 is located at /usr/local/sbin/apache2.0.52/
> - the jail is at /chroot/ust/local/sbin/apache2.0.52/logs
I think you should have a symbolic link from
/usr/local/sbin/apache2.0.52/ to /chroot/usr/local/sbin/apache2.0.52/
> in httpd.conf:
> - the pid location is PidFile /usr/local/sbin/apache2.0.52/logs/httpd.pid
> - chroot is SecChrootDir /chroot
>
> 1) First case
> If I use this configuration, Apache2 starts well and chroot is setup
> [taken from error.log]
>
> [Sun Dec 12 16:05:57 2004] [notice] mod_security: chroot checkpoint #1 (pid=18071
> ppid=18069)
> [Sun Dec 12 16:05:57 2004] [notice] mod_security: chroot checkpoint #2
> (pid=18072ppid=18071)
> [Sun Dec 12 16:05:57 2004] [notice] mod_security: chroot successful, path=/chroot
> [Sun Dec 12 16:05:57 2004] [notice] Apache configured -- resuming normal operations
>
> however, when I try to stop apache (bin/apachectl stop), I get the following error:
> httpd (no pid file) not running
In this case, the pidfile is created at the correct location, at
/chroot/usr/local/sbin/apache2.0.52/logs/httpd.pid (since it's done
after chroot takes place). The reason Apache can't find it later is
because it's looking for it at
/usr/local/sbin/apache2.0.52/logs/httpd.pid.
A symbolic link, as I suggested at the beginning of this email, would
make these two locations identical, solving your problem.
> 2) Second case
> If I modify httpd.conf to point the pid file to /chroot/usr/local/sbin/apache2.0.52/logs/httpd.pid
> I get the following error
>
> [Sun Dec 12 16:38:08 2004] [notice] mod_security: chroot checkpoint #1 (pid=18110
> ppid=18108)
> [Sun Dec 12 16:38:08 2004] [notice] mod_security: chroot checkpoint #2 (pid=18111
> ppid=18110)
> [Sun Dec 12 16:38:08 2004] [notice] mod_security: chroot successful, path=/chroot
> [Sun Dec 12 16:38:08 2004] [error] (2)No such file or directory: could not create
> /chroot/usr/local/sbin/apache2.0.52/logs/httpd.pid
> [Sun Dec 12 16:38:08 2004] [error] httpd: could not log pid to file
> /chroot/usr/local/sbin/apache2.0.52/logs/httpd.pid
>
> Can somebody please shed some light on the mistake I am making ? (is it a permission
> problem on the /chroot/usr/local/sbin/apache2.0.52/logs/ fodler ?)
No. After the chroot that location simply does not exist in the new
filesystem.
P.S. You need to subscribe to the mailing list if you wish to continue
to send emails.
--
Ivan Ristic (http://www.modsecurity.org)
|
