[mod-security-users] Re: problems with apache2 + chroot + httpd.pid

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi Raphael and everyone,

I had the same issue with the pid file, but I solved it by making a change to
the etc/rc.d/httpd file which starts and stops Apache. The change makes this
script aware of the chroot, and also adds code to check that the pid
does point to a running httpd process. This covers the case where Apache dies,
or power is cut etc, leaving a pid which might point to a running process other
than Apache when the server is restarted

The entire script is below. You can compare to the standard one that comes with
Apache to see the changes.

Regards,

David.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/etc/rc.d/httpd
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#!/bin/sh

ARGV="$@"
#
# |||||||||||||||||||| START CONFIGURATION SECTION  ||||||||||||||||||||
# --------------------                              --------------------
# 
# the path to your PID file, prior to chroot set-up, if any
PIDFILE=/usr/local/apache/logs/httpd.pid
# the path to your httpd binary, including options if necessary
HTTPD='/usr/local/apache/bin/httpd'
# the path to the chroot created by mod_security, otherwise leave empty
CHROOT='/chroot/apache'
#
# pick up any necessary environment variables
if test -f /usr/local/apache/bin/envvars; then
  . /usr/local/apache/bin/envvars
fi
#
# a command that outputs a formatted text version of the HTML at the
# url given on the command line.  Designed for lynx, however other
# programs may work.  
LYNX="lynx -dump"
#
# the URL to your server's mod_status status page.  If you do not
# have one, then status and fullstatus will not work.
STATUSURL="http://localhost:80/server-status"
#
# Set this variable to a command that increases the maximum
# number of file descriptors allowed per child process. This is
# critical for configurations that use many file descriptors,
# such as mass vhosting, or a multithreaded server.
ULIMIT_MAX_FILES="ulimit -S -n `ulimit -H -n`"
# --------------------                              --------------------
# ||||||||||||||||||||   END CONFIGURATION SECTION  ||||||||||||||||||||

# Set the maximum number of file descriptors allowed per child process.
if [ "x$ULIMIT_MAX_FILES" != "x" ] ; then
    $ULIMIT_MAX_FILES
fi

ERROR=0
if [ "x$ARGV" = "x" ] ; then 
    ARGV="-h"
fi

#Check that an old PID file in chroot has got left after power outage etc.
#If a PID file exists, check it points to a running httpd
if [ -f $CHROOT$PIDFILE ] ; then
    PID=`cat $CHROOT$PIDFILE`
    PIDPROC=`ps -p $PID -o comm --no-headers 2>/dev/null`
    if [ "x$PID" != "x" ] && [ "x$PIDPROC" != "xhttpd" ] ; then
        #pid points to a valid process, but it is not httpd
        rm $CHROOT$PIDFILE 2>/dev/null
    fi
fi

case $ARGV in
start|restart|graceful)
    $HTTPD -k $ARGV
    ERROR=$?
    ;;
stop)
    $HTTPD -k $ARGV -c "PidFile $CHROOT$PIDFILE"
    ERROR=$?
    ;;
startssl|sslstart|start-SSL)
    $HTTPD -k start -DSSL
    ERROR=$?
    ;;
configtest)
    $HTTPD -t
    ERROR=$?
    ;;
status)
    $LYNX $STATUSURL | awk ' /process$/ { print; exit } { print } '
    ;;
fullstatus)
    $LYNX $STATUSURL
    ;;
*)
    $HTTPD $ARGV
    ERROR=$?
esac

exit $ERROR

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-- 
---------------------------------------
Email da...@me...
---------------------------------------