hi all
i'm having a problem with apache on solaris 10 SPARC
I'm trying to start httpd as root
but it fails with the following error
/usr/local/apache2/bin/httpd -k start
httpd: Could not determine the server's fully qualified domain name, using 192.168.1.11 for ServerName
(20014)Error string not specified yet: Error retrieving pid file logs/httpd.pid
i checked the error log to see if i can get something more informative
[Sun Jun 14 16:04:31 2009] [notice] Digest: done
[Sun Jun 14 16:04:32 2009] [warn] pid file /usr/local/apache2/logs/httpd.pid overwritten -- Unclean shutdown of previous Apache run?
[Sun Jun 14 16:04:32 2009] [notice] Apache/2.0.58 (Unix) mod_jk/1.2.15 DAV/2 PHP/5.1.4 configured -- resuming normal operations
[Sun Jun 14 16:23:52 2009] [notice] suEXEC mechanism enabled (wrapper: /usr/local/apache2/bin/suexec)
[Sun Jun 14 16:23:53 2009] [notice] Digest: generating secret for digest authentication ...
[Sun Jun 14 16:23:53 2009] [notice] Digest: done
[Sun Jun 14 16:23:54 2009] [warn] pid file /usr/local/apache2/logs/httpd.pid overwritten -- Unclean shutdown of previous Apache run?
[Sun Jun 14 16:23:54 2009] [notice] Apache/2.0.58 (Unix) mod_jk/1.2.15 DAV/2 PHP/5.1.4 configured -- resuming normal operations
i ran ls to see directroris perm
bash-3.00# ls -l /usr/local/apache2/logs/
total 433398
-rw-r--r-- 1 root root 0 Mar 11 12:42 access_log
-rw-r--r-- 1 root root 3489021 Sep 3 2007 access_log.gz
-rw-r--r-- 1 root root 100248972 Jun 15 09:09 dummy-host.example.com-access_log
-rw-r--r-- 1 root root 87096852 Mar 5 23:11 dummy-host.example.com-access_log.gz
-rw-r--r-- 1 root root 13216739 Jun 15 04:48 dummy-host.example.com-error_log
-rw-r--r-- 1 root root 9175989 Mar 5 23:10 dummy-host.example.com-error_log.gz
-rw-r--r-- 1 root root 5902845 Jun 15 09:21 error_log
-rw-r--r-- 1 root root 2522824 Mar 5 23:09 error_log.gz
-rw-r--r-- 1 root root 0 Jun 15 09:21 httpd.pid
-rw-r--r-- 1 root root 67584 Jun 15 09:21 jk-runtime-status
-rw-r--r-- 1 root root 1 Jun 15 09:21 jk-runtime-status.lock
i'm stuck here with no idea what's going on
any ideas would be a great assist
thanks in advance
It should not be running as root, BTW, this is major security concern.
And, if it is not runnning as root, which it should not be, it can't write to the (your) httpd.pid (-rw-r--r-- 1 root root 0 Jun 15 09:21) httpd.pid file because that file (your file you posted) is only writable by root
Looks like you have a number of problems, and I have not discussed your DNS, FQDN issue.
The first thing I advise is to determine the non-root userid and groupid you are going to run apache under. Change all the files in your web directory (recursively) to that non-root userid and group.
Then configure Apache to run as your non-root user (above).
Regarding your FQDN error, that is something you can easily fix, if you know what your FQDN is for your server, but first you must fix your basic filesystem and process / file ownership issues with Apache.
yes its running as root
i haven't assigned the server a FQDN
-rw-r--r-- 1 root root 0 Jun 15 09:21 httpd.pid
httpd.pid is writable by root everything seems to be okay
you are right its security concern to run apache as root the server is local server
but if we skip FQDN problem and security issue
is there any fix to solve the problem
Just delete the old pid file, it would be unusual (but not unheard of) for Apache not to be started as root so that it can bind to port 80. However the apache configuration file should also specify the runtime user to use once the process has started.
@reborg thanks a lot
I deleted httpd.pid now it works fine
by the way is there any guide or document to set up apache server with non privileged user
Thanks again
With Solaris 10 it should be possible using pfexec and appropriate privileges, but it's more usual to start it as root and use the "User" and "Group" in the config file for normal runtime use as Neo suggested.
Any user can run Apache ( provided the pid file and logs can be written by the user ), but you need extra privileges to run it on the standard ports. If you set the port number > 1024 any normal user could start it. I have in the past allowed certain users to control the Apache server on certain servers without giving them root access by creating an IPFilter to forward from port 80 to an unprivileged port that apache was listening on. To an external user there is no difference but there is no need to grant any extra permissions to the user running the server.
I tend to like to confirm they exist (or do not exist), since they can be easily removed, especially when we don't fully know the history of the machine.
To be on the safe side, you can change the ownership of the httpd.pid file to nobody.nobody if you have issues in the future, but it does not seem to be an issue and it seems the httpd.pid file is written by apache when you start it as root before it forks (or execs, I can't recall which) to nobody.
We like to have all of our web files as the same ownership and group as the apache worker processes, BTW.