httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <Owen.Bo...@swx.com>
Subject RE: [users@httpd] More problems
Date Fri, 04 Oct 2002 08:47:30 GMT
What do you mean by the same problem? Do you mean the:

>>>setgid: unable to set group id to Group 4294967295

This is because the default config sets:

Group #-1

You have to set this to a real group, e.g.

Group apache

Did you do this? While you're at it, set "User" too, e.g.

User apache
Group apache

Just to be clear, the files which apache serves don't have to be owned by apache. They just
have to be readable. So a normal 644 permission:

-rw-r--r-- someuser somegroup myfile.html

is quite adequate to allow apache to read it. For a cgi, the mode should be 755:

-rwxr-xr-x someuser somegroup myprog.cgi

The point of the User and Group directives is to give ownership to the *processes* which apache
starts (i.e. the webserving daemons and any CGI scripts which are invoked). Also, if you ever
have a CGI which wants to *write* to a file, then that will be another story. You will have
to allow apache write-privileges in the directory that it wants to create the file. If the
file already exists, apache will need write-privileges on that file. Just imagine the apache
server as a distinct user and think of permissions from the point of that user and everything
should become clear.


>-----Original Message-----
>From: Alastair Roy [mailto:Alastair.Roy@Express.co.uk]
>Sent: Freitag, 4. Oktober 2002 10:31
>To: 'users@httpd.apache.org'
>Subject: RE: [users@httpd] More problems
>
>
>OK I have created a user called apache as well as a group 
>called apache,
>changed all the files in apache2 so they are owned by apache 
>with the group
>as apache, I get the same problem, so just as a test I changed 
>all files so
>they are owned by root, and I still get the same problem. What 
>am I missing
>??
>
>-----Original Message-----
>From: Boyle Owen [mailto:Owen.Boyle@swx.com]
>Sent: Wednesday, October 02, 2002 4:41 PM
>To: users@httpd.apache.org
>Subject: RE: [users@httpd] More problems
>
>
>Not quite...
>
>I'm not sure about apache2 (which is multi-threaded) but in 
>apache 1.3.x,
>you start the parent process as root. This then spawns the 
>various httpd
>servers as "apache" (assuming you have defined "User apache").
>
>All the apache processes (servers) which actually interact 
>with the internet
>(and are hence open to attack) have only the limited privileges of this
>user. 
>
>If you start apache as root, apache can listen to any port 
>(usually 80). If
>you start apache as a less user, you have to define the Listen port as
>>1024.
>
>Read the docs on User and Group to get a clearer idea of 
>what's going on.
>
>>-----Original Message-----
>>From: Alastair Roy [mailto:Alastair.Roy@Express.co.uk]
>>Sent: Mittwoch, 2. Oktober 2002 17:36
>>To: 'users@httpd.apache.org'
>>Subject: RE: [users@httpd] More problems
>>
>>
>>So I create a new user say apache and then change all files in apache2
>>directory so they are owned by the new user ???? 
>>
>>can I change all files so the are owned by root so in essence 
>>apache will
>>run as root ???
>>
>>-----Original Message-----
>>From: Boyle Owen [mailto:Owen.Boyle@swx.com]
>>Sent: Wednesday, October 02, 2002 4:24 PM
>>To: users@httpd.apache.org
>>Subject: RE: [users@httpd] More problems
>>
>>
>>This is a simple bug - nothing to do with your earlier lib 
>>error. Set User
>>and Group directives to an existing user id to fix this (if 
>>you like, create
>>a new user "apache").
>>
>>>-----Original Message-----
>>>From: Alastair Roy [mailto:Alastair.Roy@Express.co.uk]
>>>Sent: Mittwoch, 2. Oktober 2002 17:28
>>>To: 'users@httpd.apache.org'
>>>Subject: RE: [users@httpd] More problems
>>>
>>>
>>>Error log
>>>
>>>[Wed Oct 02 16:11:05 2002] [alert] (22)Invalid argument: 
>>>setgid: unable to
>>>set group id to Group 4294967295
>>>[Wed Oct 02 16:11:05 2002] [alert] (22)Invalid argument: 
>>>setgid: unable to
>>>set group id to Group 4294967295
>>>[Wed Oct 02 16:11:05 2002] [notice] Apache/2.0.35 (Unix) DAV/2 
>>>configured --
>>>resuming normal operations
>>>[Wed Oct 02 16:11:05 2002] [alert] Child 3763 returned a 
>>Fatal error...
>>>Apache is exiting!
>>>[Wed Oct 02 16:11:05 2002] [alert] (22)Invalid argument: 
>>>setgid: unable to
>>>set group id to Group 4294967295
>>>[Wed Oct 02 16:11:05 2002] [alert] (22)Invalid argument: 
>>>setgid: unable to
>>>set group id to Group 4294967295
>>>[Wed Oct 02 16:11:05 2002] [alert] (22)Invalid argument: 
>>>setgid: unable to
>>>set group id to Group 4294967295
>>>
>>>can't find any startup log
>>>
>>>-----Original Message-----
>>>From: Jose Correia (J) [mailto:CorreiJ@telkom.co.za]
>>>Sent: Wednesday, October 02, 2002 4:17 PM
>>>To: users@httpd.apache.org
>>>Subject: RE: [users@httpd] More problems
>>>
>>>
>>>When you do this though, what does your startup log say?? 
>>>
>>>
>>>-----Original Message-----
>>>From: Alastair Roy [mailto:Alastair.Roy@Express.co.uk]
>>>Sent: 02 October 2002 17:23
>>>To: 'users@httpd.apache.org'
>>>Subject: RE: [users@httpd] More problems
>>>
>>>
>>>Yes I have, but then what happens is this 
>>>
>>>express-ldap# apachectl start
>>>apachectl start: httpd started
>>>
>>>but when I get my web browser out and try http://<ip no>/index.html
>>>
>>>I get the error page 
>>>
>>>on doing a ps -ef | grep httpd
>>>
>>>I find this
>>>
>>>express-ldap# ps -ef | grep httpd
>>>  daemon   312     1  0 15:23:16 ?        0:00
>>>/usr/lib/ab2/dweb/sunos5/bin/dwhttpd /usr/lib/ab2/dweb/data
>>>  daemon   313   312  0 15:23:17 ?        0:01
>>>/usr/lib/ab2/dweb/sunos5/bin/dwhttpd /usr/lib/ab2/dweb/data
>>>    root  3880  1270  0 16:12:51 pts/2    0:00 grep httpd
>>>
>>>if I try apachectl stop I get this 
>>>
>>>express-ldap# apachectl stop
>>>apachectl stop: httpd (pid 3761?) not running
>>>
>>>so something is not right :-)
>>>
>>>-----Original Message-----
>>>From: Jacob Coby [mailto:jcoby@listingbook.com]
>>>Sent: Wednesday, October 02, 2002 4:09 PM
>>>To: users@httpd.apache.org
>>>Subject: Re: [users@httpd] More problems
>>>
>>>
>>>
>>>
>>>> Ok more problems fixed the libsendfile.so.1 problem by 
>applying some
>>>patches
>>>> now when I run apachectl start I get the following, so I tried
>>>hashing out
>>>> the module in the httpd.conf file then I get the second error.
>>>
>>>Have you tried commenting out 'LoadModule mod_status.so'?
>>>
>>>
>>>---------------------------------------------------------------------
>>>The official User-To-User support forum of the Apache HTTP Server
>>>Project.
>>>See <URL:http://httpd.apache.org/userslist.html> for more info.
>>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>>For additional commands, e-mail: users-help@httpd.apache.org
>>>
>>>
>>>Visit Express Newspapers and OK Magazine online picture archive at
>>>http://www.expresspictures.com
>>>
>>>*************************************************************
>*********
>>>******
>>>Any views or opinions are solely those of the author 
>>>and do not necessarily represent those of Express Newspapers
>>>*************************************************************
>*********
>>>******
>>>The information transmitted is intended only for the person 
>>>or entity to which it is addressed and may contain confidential 
>>>and/or privileged material.If you are not the intended recipient
>>>of this message please do not read ,copy, use or disclose this 
>>>communication and notify the sender immediately. It should be 
>>>noted that any review, retransmission, dissemination or other 
>>>use of, or taking action in reliance upon, this information by 
>>>persons or entities other than the intended recipient is prohibited.
>>>Email communications may be monitored
>>>*************************************************************
>*********
>>>******
>>>
>>>
>>>##EXN2000##
>>>
>>>
>>>---------------------------------------------------------------------
>>>The official User-To-User support forum of the Apache HTTP Server
>>>Project.
>>>See <URL:http://httpd.apache.org/userslist.html> for more info.
>>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>>For additional commands, e-mail: users-help@httpd.apache.org
>>>
>>>
>>>---------------------------------------------------------------------
>>>The official User-To-User support forum of the Apache HTTP 
>>>Server Project.
>>>See <URL:http://httpd.apache.org/userslist.html> for more info.
>>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>>For additional commands, e-mail: users-help@httpd.apache.org
>>>
>>>---------------------------------------------------------------------
>>>The official User-To-User support forum of the Apache HTTP 
>>>Server Project.
>>>See <URL:http://httpd.apache.org/userslist.html> for more info.
>>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>>For additional commands, e-mail: users-help@httpd.apache.org
>>>
>>>
>>
>>---------------------------------------------------------------------
>>The official User-To-User support forum of the Apache HTTP 
>>Server Project.
>>See <URL:http://httpd.apache.org/userslist.html> for more info.
>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>>Visit Express Newspapers and OK Magazine online picture archive at
>>http://www.expresspictures.com
>>
>>***************************************************************
>>*************
>>Any views or opinions are solely those of the author 
>>and do not necessarily represent those of Express Newspapers
>>***************************************************************
>>*************
>>The information transmitted is intended only for the person 
>>or entity to which it is addressed and may contain confidential 
>>and/or privileged material.If you are not the intended recipient
>>of this message please do not read ,copy, use or disclose this 
>>communication and notify the sender immediately. It should be 
>>noted that any review, retransmission, dissemination or other 
>>use of, or taking action in reliance upon, this information by 
>>persons or entities other than the intended recipient is prohibited.
>>E-mail communications may be monitored.
>>***************************************************************
>>*************
>>
>>##EXN2000##
>>
>>
>>---------------------------------------------------------------------
>>The official User-To-User support forum of the Apache HTTP 
>>Server Project.
>>See <URL:http://httpd.apache.org/userslist.html> for more info.
>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP 
>Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>
>Visit Express Newspapers and OK Magazine online picture archive at
>http://www.expresspictures.com
>
>***************************************************************
>*************
>Any views or opinions are solely those of the author 
>and do not necessarily represent those of Express Newspapers
>***************************************************************
>*************
>The information transmitted is intended only for the person 
>or entity to which it is addressed and may contain confidential 
>and/or privileged material.If you are not the intended recipient
>of this message please do not read ,copy, use or disclose this 
>communication and notify the sender immediately. It should be 
>noted that any review, retransmission, dissemination or other 
>use of, or taking action in reliance upon, this information by 
>persons or entities other than the intended recipient is prohibited.
>E-mail communications may be monitored.
>***************************************************************
>*************
>
>##EXN2000##
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP 
>Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message