One solution might be to control it with CoreDumpDirectory. If that's in the config file, one would assume the admin wants coredumps on failures.
Once more, I have to agree - I only have CoreDumpDirectory enabled when I'm
actually chasing down problems - I never enable it for production servers.
However, we should document very clearly and obviously that setting CoreDumpDirectory will now produce cores even as root; it's entirely
possible that some admins don't remove the directive because they *know*
that we don't produce cores when running as root.
yep.
I'm also curious about how admins with Linux production sites are dealing with seg faults etc. today if they are not getting coredumps.
generally i run apache as a different user on a different port but with the
exact config I want for >48 hours before taking it live, that usually sorts
out any problems one way or another - if I do start seeing segfaults as
root then the only usual recourse is firing up gdb and running in single
process mode.
ouch!
This patch would be very useful in that respect. +1 from me to have CoreDumpDirectory be able to enable core dumps from root owned processes. Cheers, -Thom
Thanks much for the feedback, Thom. It's reassuring to hear from someone who is running a production site on Linux. I hate wasting time when debugging problems because we don't have first failure data capture, so I hope this will help.
I also heard from Ian H. He mentioned that iptables can forward port 80 to a high listening port so you can run as non-root. Interesting!
Greg
