Re: [users@httpd] Opening ErrorLog as root and overwriting any file on the system
- Original Message -
> Hi Igor,
>
> I think you are wrong.
>
> I wrote this simple program that does what I suggested:
> #include
> #include
> #include
>
> int main(int argc, char** argv){
>
> uid_t low_uid = 1000;
> uid_t high_uid = getuid();
>
> seteuid(low_uid); // drop privilege
> const char* fileName="test.txt";
> FILE* file = fopen(fileName, "w");
> if(file == NULL){
> printf("File doesn't exist or you don't have the right to write
> it\n");
> exit(1);
> }
> seteuid(high_uid); // regain privilege
> chown(fileName, high_uid, high_uid);
> fclose(file);
> }
>
> It drops temporarily root privileges and then gets them back.
>
> This is its output:
> $ ls -l test.txt
> -rw-rw-r-- 1 slv slv 0 2011-11-24 19:17 test.txt
> $ sudo ./uid //this is what the program above is compiled to
> $ ls -l test.txt
> -rw-rw-r-- 1 root root 0 2011-11-24 19:17 test.txt
> $ ./uid
> File doesn't exist or you don't have the right to write it
> $ ls -l test.txt
> -rw-rw-r-- 1 root root 0 2011-11-24 19:17 test.txt
>
> Best regards,
> Silviu
I was startled at first, but only because I didn't see exactly
what you were doing.
Fortunately I spend all day long on IRC, so rather thank actually
trying it out and thinking about it, I just asked ##posix:
19:31:41 < jMCg> so... setuid() works both ways?
19:31:45 < jMCg> How's that make sense?
19:34:41 < Wulf> what's the question?
19:37:19 < jMCg> Wulf: sec
19:38:14 < jMCg> Wulf:
http://mail-archives.apache.org/mod_mbox/httpd-users/20.mbox/%3cCAO7OZ=NAjM-_cA_w8WFXtF=wdwushy-vb3e+9utuogqedmn...@mail.gmail.com%3e
19:38:38 < jMCg> This doesn't make sense to me, why is possible to *regain*
privileges once you dropped them?
19:42:41 < Wulf> saved user id
19:42:59 < woggle> jMCg: POSIX keeps track of three uids per process; the
effective UID, the real UID and the saved UID. Either the latter two can be
copied into the
first.
19:44:44 < woggle> You'll notice that the example that person gave did _not_
use setuid().
19:57:07 < jMCg> True.
19:57:17 < jMCg> woggle: I missed that in my mail client.
So long,
i
> 2011/11/24 Igor Galić < i.ga...@brainsware.org >
>
>
>
>
>
> - Original Message -
> > >
> > > What would it do when the file already exists and is owned by
> > > root?
> > > :)
> > >
> > >
> > > It is hard to distinguish between "file owned by root, but we
> > > should
> > > append to it" and "file owned by root and the admin made a
> > > mistake
> > > in
> > > the conf file". The former is the usual case when starting a
> > > server
> > > with pre-existing log files, the latter is the case you are
> > > trying
> > > to
> > > avoid.
> > >
> > True. However, assuming that when Apache terminates, the owner of
> > the
> > error log is set to be ${APACHE_RUN_USER}, then the problem of not
> > being able to access the file manifests only on the first run.
> >
> > Dear httpd admin, the ${ErrorLog} file can be opened only by root.
> > Wanna continue?
> > If yes, raise privileges this time only. There's not going to be a
> > next time.
>
> To repeat this again, just in case:
>
> Privileges can only ever be *dropped*
> Privileges can *never* be raised. This is by design.
>
>
> >
> >
> > All in all, I see your point. It's more of a maintenance issue.
> >
> > Thanks for the answers,
> > Silviu
> > > Cheers
> > >
> > > Tom
> > >
> > > -
> > > The official User-To-User support forum of the Apache HTTP Server
> > > Project.
> > > See http://httpd.apache.org/userslist.html > for more info.
> > > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> > > " from the digest: users-digest-unsubscr...@httpd.apache.org
> > > For additional commands, e-mail: users-h...@httpd.apache.org
> > >
> >
> >
> > -
> > The official User-To-User support forum of the Apache HTTP Server
> > Project.
> > See http://httpd.apache.org/userslist.html > for more info.
> > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> > " from the digest: users-digest-unsubscr...@httpd.apache.org
> > For additional commands, e-mail: users-h...@httpd.apache.org
> >
> >
>
>
> --
> Igor Galić
>
> Tel: +43 (0) 664 886 22 883
> Mail: i.ga...@brainsware.org
> URL: http://brainsware.org/
> GPG: 6880 4155 74BD FD7C B515 2EA5 4B1D 9E08 A097 C9AE
>
>
>
>
> -
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See http://httpd.apache.org/userslist.html > for more info.
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> " from the digest: users-digest-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
>
--
Igor Galić
Tel: +43 (0) 664 886 22 883
Mail: i.ga...@brainsware.org
URL: http://brainsware.org/
GPG: 6880 4155 74BD FD7C B515 2EA5 4B1D 9E08 A097 C9AE
--
Re: [users@httpd] Opening ErrorLog as root and overwriting any file on the system
Hi Igor,
I think you are wrong.
I wrote this simple program that does what I suggested:
#include
#include
#include
int main(int argc, char** argv){
uid_t low_uid = 1000;
uid_t high_uid = getuid();
seteuid(low_uid); // drop privilege
const char* fileName="test.txt";
FILE* file = fopen(fileName, "w");
if(file == NULL){
printf("File doesn't exist or you don't have the right to write it\n");
exit(1);
}
seteuid(high_uid); // regain privilege
chown(fileName, high_uid, high_uid);
fclose(file);
}
It drops temporarily root privileges and then gets them back.
This is its output:
$ ls -l test.txt
-rw-rw-r-- 1 slv slv 0 2011-11-24 19:17 test.txt
$ sudo ./uid //this is what the program above is compiled to
$ ls -l test.txt
-rw-rw-r-- 1 root root 0 2011-11-24 19:17 test.txt
$ ./uid
File doesn't exist or you don't have the right to write it
$ ls -l test.txt
-rw-rw-r-- 1 root root 0 2011-11-24 19:17 test.txt
Best regards,
Silviu
2011/11/24 Igor Galić
>
>
> - Original Message -
> > >
> > > What would it do when the file already exists and is owned by root?
> > > :)
> > >
> > >
> > > It is hard to distinguish between "file owned by root, but we
> > > should
> > > append to it" and "file owned by root and the admin made a mistake
> > > in
> > > the conf file". The former is the usual case when starting a server
> > > with pre-existing log files, the latter is the case you are trying
> > > to
> > > avoid.
> > >
> > True. However, assuming that when Apache terminates, the owner of the
> > error log is set to be ${APACHE_RUN_USER}, then the problem of not
> > being able to access the file manifests only on the first run.
> >
> > Dear httpd admin, the ${ErrorLog} file can be opened only by root.
> > Wanna continue?
> > If yes, raise privileges this time only. There's not going to be a
> > next time.
>
> To repeat this again, just in case:
>
> Privileges can only ever be *dropped*
> Privileges can *never* be raised. This is by design.
>
> >
> >
> > All in all, I see your point. It's more of a maintenance issue.
> >
> > Thanks for the answers,
> > Silviu
> > > Cheers
> > >
> > > Tom
> > >
> > > -
> > > The official User-To-User support forum of the Apache HTTP Server
> > > Project.
> > > See http://httpd.apache.org/userslist.html> for more info.
> > > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> > > " from the digest: users-digest-unsubscr...@httpd.apache.org
> > > For additional commands, e-mail: users-h...@httpd.apache.org
> > >
> >
> >
> > -
> > The official User-To-User support forum of the Apache HTTP Server
> > Project.
> > See http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> >" from the digest: users-digest-unsubscr...@httpd.apache.org
> > For additional commands, e-mail: users-h...@httpd.apache.org
> >
> >
>
> --
> Igor Galić
>
> Tel: +43 (0) 664 886 22 883
> Mail: i.ga...@brainsware.org
> URL: http://brainsware.org/
> GPG: 6880 4155 74BD FD7C B515 2EA5 4B1D 9E08 A097 C9AE
>
>
> -
> The official User-To-User support forum of the Apache HTTP Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> " from the digest: users-digest-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
Re: [users@httpd] Directory Index not displaying
I tried editing the closing tags and the +SuppressHTMLPreamble edit but nothing is changing. The module man pages are confusing for me and I don't fully understand how I need to enter the edits. I am in the process of un-installing Apache and will re-install the thing because I'm not certain any longer what is original and what I have edited incorrectly. Thanks for the suggestions. I appreciate the attempts to assist me. If I can figure it out I will update this note. I am now discovering yet another mess involved in attempting to uninstall Apache. It looks like I will have to re-install Ubuntu to get an honestly clean Apache re-install. Man, the fun never stops. Thanks again for the assistance. Be well. stan 2011/11/24 Igor Galić > > > - Original Message - > > Stan, > > > > Stan Laughlin schrieb (23.11.2011 22:26 Uhr): > > > > > This is the HEADER.html > > > > > > > > > "STAN'S DOC INDEX" > > > > > > > > > > > > > > > This is the README.html > > > > > > > > > "README FILE > > > > > > > > > README FILE > > > p>This is the readme file > > > > > > > > "If the file specified by HeaderName contains the beginnings of an > > HTML > > document (, , etc.) then you will probably want to set > > IndexOptions +SuppressHTMLPreamble, so that these tags are not > > repeated." > > http://httpd.apache.org/docs/2.0/mod/mod_autoindex.html > > Also you might want to actually *not* close the or the > tags. In either case. > > > > > Marc > > i > > -- > Igor Galić > > Tel: +43 (0) 664 886 22 883 > Mail: i.ga...@brainsware.org > URL: http://brainsware.org/ > GPG: 6880 4155 74BD FD7C B515 2EA5 4B1D 9E08 A097 C9AE > > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > -- stan.laugh...@gmail.com "*Beer is always in season*"
Re: [users@httpd] Opening ErrorLog as root and overwriting any file on the system
- Original Message -
> >
> > What would it do when the file already exists and is owned by root?
> > :)
> >
> >
> > It is hard to distinguish between "file owned by root, but we
> > should
> > append to it" and "file owned by root and the admin made a mistake
> > in
> > the conf file". The former is the usual case when starting a server
> > with pre-existing log files, the latter is the case you are trying
> > to
> > avoid.
> >
> True. However, assuming that when Apache terminates, the owner of the
> error log is set to be ${APACHE_RUN_USER}, then the problem of not
> being able to access the file manifests only on the first run.
>
> Dear httpd admin, the ${ErrorLog} file can be opened only by root.
> Wanna continue?
> If yes, raise privileges this time only. There's not going to be a
> next time.
To repeat this again, just in case:
Privileges can only ever be *dropped*
Privileges can *never* be raised. This is by design.
>
>
> All in all, I see your point. It's more of a maintenance issue.
>
> Thanks for the answers,
> Silviu
> > Cheers
> >
> > Tom
> >
> > -
> > The official User-To-User support forum of the Apache HTTP Server
> > Project.
> > See http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> > " from the digest: users-digest-unsubscr...@httpd.apache.org
> > For additional commands, e-mail: users-h...@httpd.apache.org
> >
>
>
> -
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>" from the digest: users-digest-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
--
Igor Galić
Tel: +43 (0) 664 886 22 883
Mail: i.ga...@brainsware.org
URL: http://brainsware.org/
GPG: 6880 4155 74BD FD7C B515 2EA5 4B1D 9E08 A097 C9AE
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Opening ErrorLog as root and overwriting any file on the system
> AFAIK, this solves the issue I raised. If I miss any > point, please let me know. Your procedure leaves the logfile deleteable by the unprivileged apache user since they were able to write to the directory to create it. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Opening ErrorLog as root and overwriting any file on the system
- Original Message -
> Hi Tom,
>
>
> thanks for the answer. It makes perfect sense.
>
>
> The solution I thought about is a bit more complex. I did not go
> through the Apache code, so below is just a sketch.
>
>
> seteuid(${APACHE_RUN_USER}); //drop privileges
> open(${ErrorLog}); //open file
> seteuid(0); // get back root privileges
That doesn't work. Once you drop privileges you cannot get them back.
> chown(${ErrorLog}, root, …); // change owner to root
>
>
> In this case, the ErrorLog will be opened and accessible as
> ${APACHE_RUN_USER} for only a brief moment of time, and after that
> it becomes owned by root. AFAIK, this solves the issue I raised. If
> I miss any point, please let me know.
>
>
> Best regards,
> Silviu
>
>
>
>
>
> On Nov 24, 2011, at 17:52 , Tom Evans wrote:
>
>
>
> On Thu, Nov 24, 2011 at 3:53 PM, silviu andrica
> < silviu.andr...@gmail.com > wrote:
>
>
> Hi,
>
>
>
>
>
> I noticed that in Apache/2.2.20 (Ubuntu), the ErrorLog is opened as
> root,
>
>
> although the User is set to ${APACHE_RUN_USER}.
>
>
> My concern is that if I make a mistake in ErrorLog, then I can damage
> any
>
>
> file on my system because of a stupid copy-paste error.
>
>
>
>
>
> I was wondering what is the reason Apache doesn't drop root
> privileges
>
>
> before opening the ErrorLog file (to make sure that the user Apache
> will end
>
>
> up running as can access and modify that file) and then get back the
> root
>
>
> privileges, for the remaining operations that need be done as root?
>
>
>
>
> This is by design to do the exact opposite of what you are
> suggesting.
> If it waited until it gave up it's root privileges, then the file
> would be owned/modifiable by the less privileged apache user, and
> could be removed or truncated by any web script or exploit. In
> general, it's a good idea that your log files are owned by root, just
> like your html content should only be readable, not modifiable, by
> the
> apache user.
>
> Apache opens the file before forking, so non-root children will
> already have a file handle to the error log and will not have to open
> it again.
>
> The trade off is against an admin accidentally writing something like
> 'ErrorLog /etc/master.passwd'.
>
> Cheers
>
> Tom
>
> -
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> " from the digest: users-digest-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
>
--
Igor Galić
Tel: +43 (0) 664 886 22 883
Mail: i.ga...@brainsware.org
URL: http://brainsware.org/
GPG: 6880 4155 74BD FD7C B515 2EA5 4B1D 9E08 A097 C9AE
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Struggling to overcome the learning curve for Apache http server !!!!
On Thu, Nov 24, 2011 at 12:44 PM, rota regi wrote: > I am reading Pro Apache and feel completely lost at many times. What did u > start from ? > That question is too broad. Instead of trying to learn everything about Apache, I suggest that you write out what you are trying to accomplish and ask specific questions that enable you to reach the goals you set out. - Y
Re: [users@httpd] Opening ErrorLog as root and overwriting any file on the system
>
> What would it do when the file already exists and is owned by root? :)
>
>
> It is hard to distinguish between "file owned by root, but we should
> append to it" and "file owned by root and the admin made a mistake in
> the conf file". The former is the usual case when starting a server
> with pre-existing log files, the latter is the case you are trying to
> avoid.
>
True. However, assuming that when Apache terminates, the owner of the error log
is set to be ${APACHE_RUN_USER}, then the problem of not being able to access
the file manifests only on the first run.
Dear httpd admin, the ${ErrorLog} file can be opened only by root. Wanna
continue?
If yes, raise privileges this time only. There's not going to be a next time.
All in all, I see your point. It's more of a maintenance issue.
Thanks for the answers,
Silviu
> Cheers
>
> Tom
>
> -
> The official User-To-User support forum of the Apache HTTP Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> " from the digest: users-digest-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Struggling to overcome the learning curve for Apache http server !!!!
I am reading Pro Apache and feel completely lost at many times. What did u start from ?
Re: [users@httpd] Opening ErrorLog as root and overwriting any file on the system
On Thu, Nov 24, 2011 at 5:03 PM, Silviu Andrica
wrote:
> Hi Tom,
> thanks for the answer. It makes perfect sense.
> The solution I thought about is a bit more complex. I did not go through the
> Apache code, so below is just a sketch.
> seteuid(${APACHE_RUN_USER}); //drop privileges
> open(${ErrorLog}); //open file
> seteuid(0); // get back root privileges
> chown(${ErrorLog}, root, …); // change owner to root
> In this case, the ErrorLog will be opened and accessible
> as ${APACHE_RUN_USER} for only a brief moment of time, and after that it
> becomes owned by root. AFAIK, this solves the issue I raised. If I miss any
> point, please let me know.
What would it do when the file already exists and is owned by root? :)
It is hard to distinguish between "file owned by root, but we should
append to it" and "file owned by root and the admin made a mistake in
the conf file". The former is the usual case when starting a server
with pre-existing log files, the latter is the case you are trying to
avoid.
Cheers
Tom
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Opening ErrorLog as root and overwriting any file on the system
Hi Tom,
thanks for the answer. It makes perfect sense.
The solution I thought about is a bit more complex. I did not go through the
Apache code, so below is just a sketch.
seteuid(${APACHE_RUN_USER}); //drop privileges
open(${ErrorLog}); //open file
seteuid(0); // get back root privileges
chown(${ErrorLog}, root, …); // change owner to root
In this case, the ErrorLog will be opened and accessible as ${APACHE_RUN_USER}
for only a brief moment of time, and after that it becomes owned by root.
AFAIK, this solves the issue I raised. If I miss any point, please let me know.
Best regards,
Silviu
On Nov 24, 2011, at 17:52 , Tom Evans wrote:
> On Thu, Nov 24, 2011 at 3:53 PM, silviu andrica
> wrote:
>> Hi,
>>
>> I noticed that in Apache/2.2.20 (Ubuntu), the ErrorLog is opened as root,
>> although the User is set to ${APACHE_RUN_USER}.
>> My concern is that if I make a mistake in ErrorLog, then I can damage any
>> file on my system because of a stupid copy-paste error.
>>
>> I was wondering what is the reason Apache doesn't drop root privileges
>> before opening the ErrorLog file (to make sure that the user Apache will end
>> up running as can access and modify that file) and then get back the root
>> privileges, for the remaining operations that need be done as root?
>>
>
> This is by design to do the exact opposite of what you are suggesting.
> If it waited until it gave up it's root privileges, then the file
> would be owned/modifiable by the less privileged apache user, and
> could be removed or truncated by any web script or exploit. In
> general, it's a good idea that your log files are owned by root, just
> like your html content should only be readable, not modifiable, by the
> apache user.
>
> Apache opens the file before forking, so non-root children will
> already have a file handle to the error log and will not have to open
> it again.
>
> The trade off is against an admin accidentally writing something like
> 'ErrorLog /etc/master.passwd'.
>
> Cheers
>
> Tom
>
> -
> The official User-To-User support forum of the Apache HTTP Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> " from the digest: users-digest-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
Re: [users@httpd] Opening ErrorLog as root and overwriting any file on the system
On Thu, Nov 24, 2011 at 3:53 PM, silviu andrica
wrote:
> Hi,
>
> I noticed that in Apache/2.2.20 (Ubuntu), the ErrorLog is opened as root,
> although the User is set to ${APACHE_RUN_USER}.
> My concern is that if I make a mistake in ErrorLog, then I can damage any
> file on my system because of a stupid copy-paste error.
>
> I was wondering what is the reason Apache doesn't drop root privileges
> before opening the ErrorLog file (to make sure that the user Apache will end
> up running as can access and modify that file) and then get back the root
> privileges, for the remaining operations that need be done as root?
>
This is by design to do the exact opposite of what you are suggesting.
If it waited until it gave up it's root privileges, then the file
would be owned/modifiable by the less privileged apache user, and
could be removed or truncated by any web script or exploit. In
general, it's a good idea that your log files are owned by root, just
like your html content should only be readable, not modifiable, by the
apache user.
Apache opens the file before forking, so non-root children will
already have a file handle to the error log and will not have to open
it again.
The trade off is against an admin accidentally writing something like
'ErrorLog /etc/master.passwd'.
Cheers
Tom
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Opening ErrorLog as root and overwriting any file on the system
Hi,
I noticed that in Apache/2.2.20 (Ubuntu), the ErrorLog is opened as root,
although the User is set to ${APACHE_RUN_USER}.
My concern is that if I make a mistake in ErrorLog, then I can damage any
file on my system because of a stupid copy-paste error.
I was wondering what is the reason Apache doesn't drop root privileges
before opening the ErrorLog file (to make sure that the user Apache will
end up running as can access and modify that file) and then get back the
root privileges, for the remaining operations that need be done as root?
Thank you,
Silviu
Re: [users@httpd] apr_off_t mismatch
- Original Message - > > > Igor, > so you are saying this is a bug in the precompiled version of apr > 1.2.2 in sunfreeware.com ? Probably. There shouldn't be an apr_off_t mismatch in OpenCSW, we create Headers to match for 32/64bit systems like this: http://lists.opencsw.org/pipermail/maintainers/2011-September/015321.html > 2011/11/24 Igor Galić < i.ga...@brainsware.org > > > > > > > - Original Message - > > > > > > i am trying to ask this again: > > i supply an apache 2.2 module to my customers. naturally, i need to > > build my module for each OS, cpu architecture & bit scheme. So, if > > my customer has Apache 2.2 on solaris sparc 32 bit - that's what i > > need to build. > > > > however, from what i just discovered, there's another factor - LFS > > support. My module needs to be compiled with the LFS enabled or > > disabled - according to the specific apache of the specific > > customer. The problem is that i can't know what LFS support the > > apache was compiled with. > > > > This really shouts "bug" to me, but i would really like to know - > > who's bug and how to fix it. for example, if the packages of apache > > 2.2.0 with APR 1.2.2 on sunfreeware.com have a bug that was later > > fixed - then i can tell my customer to upgrade to a later version. > > > > ??? > > LFS is not a compile time feature starting 2.2, for one. > > For the other, my recommendation for high quality Solaris packages > is to use OpenCSW (Getting started: pkgadd -d > http://get.opencsw.org/now ) > > > > On Mon, Nov 21, 2011 at 11:44 PM, Asaf Dalet < asaf.da...@gmail.com > > > > > wrote: > > > > > > > > > > > > this means that apache modules for 2.2.0 32 bits, on solaris 9 are > > not compatible across differemt ./configure options. > > > Also note that Oracle has announced Solaris 9's EOS (or was it EOL?) > > > > > which actually means that if i want to check if my module will run > > on > > a given apache - i cannot do it (there's no way to know a priori > > the > > size of apr_off_t which apache was compiled with). am i right? > > > > > > > > by any chance, does anyone know what are the ./configure options > > that > > control the size of apr_off_t, (if there are any)? > > > > > > > > thanks > > > > asaf > > > > > > > > > > > > On Mon, Nov 21, 2011 at 7:23 PM, William A. Rowe Jr. < > > wr...@rowe-clan.net > wrote: > > > > > > > > On 11/21/2011 9:48 AM, Asaf Dalet wrote: > > > > > > > > Hi all, > > some interesting news: > > I downloaded apr-1.2.2-sol9-sparc-local from sunfreeware.com < > > http://sunfreeware.com > and > > > > installed it. > > the file apr/include/apr-1/apr.h contains this line: > > typedef long apr_off_t; > > > > does this mean apr 1.2.2 does not support LFS or is it some bug in > > this precompiled APR? > > appreciate any comment > > > > It means either 1) the builder deliberately forced this behavior > > through options to ./configure, or 2) apr fails to detect that > > LFS is available in the builder's environment. I suspect 1. > > > > > > > > > > i > > -- > Igor Galić > > Tel: +43 (0) 664 886 22 883 > Mail: i.ga...@brainsware.org > URL: http://brainsware.org/ > GPG: 6880 4155 74BD FD7C B515 2EA5 4B1D 9E08 A097 C9AE > > > > > - > The official User-To-User support forum of the Apache HTTP Server > Project. > See http://httpd.apache.org/userslist.html > for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > > -- Igor Galić Tel: +43 (0) 664 886 22 883 Mail: i.ga...@brainsware.org URL: http://brainsware.org/ GPG: 6880 4155 74BD FD7C B515 2EA5 4B1D 9E08 A097 C9AE - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] apr_off_t mismatch
Igor, so you are saying this is a bug in the precompiled version of apr 1.2.2 in sunfreeware.com? 2011/11/24 Igor Galić > > > - Original Message - > > > > > > i am trying to ask this again: > > i supply an apache 2.2 module to my customers. naturally, i need to > > build my module for each OS, cpu architecture & bit scheme. So, if > > my customer has Apache 2.2 on solaris sparc 32 bit - that's what i > > need to build. > > > > however, from what i just discovered, there's another factor - LFS > > support. My module needs to be compiled with the LFS enabled or > > disabled - according to the specific apache of the specific > > customer. The problem is that i can't know what LFS support the > > apache was compiled with. > > > > This really shouts "bug" to me, but i would really like to know - > > who's bug and how to fix it. for example, if the packages of apache > > 2.2.0 with APR 1.2.2 on sunfreeware.com have a bug that was later > > fixed - then i can tell my customer to upgrade to a later version. > > > > ??? > > LFS is not a compile time feature starting 2.2, for one. > > For the other, my recommendation for high quality Solaris packages > is to use OpenCSW (Getting started: pkgadd -d http://get.opencsw.org/now) > > > On Mon, Nov 21, 2011 at 11:44 PM, Asaf Dalet < asaf.da...@gmail.com > > > wrote: > > > > > > > > > > > > this means that apache modules for 2.2.0 32 bits, on solaris 9 are > > not compatible across differemt ./configure options. > > > Also note that Oracle has announced Solaris 9's EOS (or was it EOL?) > > > > which actually means that if i want to check if my module will run on > > a given apache - i cannot do it (there's no way to know a priori the > > size of apr_off_t which apache was compiled with). am i right? > > > > > > > > by any chance, does anyone know what are the ./configure options that > > control the size of apr_off_t, (if there are any)? > > > > > > > > thanks > > > > asaf > > > > > > > > > > > > On Mon, Nov 21, 2011 at 7:23 PM, William A. Rowe Jr. < > > wr...@rowe-clan.net > wrote: > > > > > > > > On 11/21/2011 9:48 AM, Asaf Dalet wrote: > > > > > > > > Hi all, > > some interesting news: > > I downloaded apr-1.2.2-sol9-sparc-local from sunfreeware.com < > > http://sunfreeware.com > and > > > > installed it. > > the file apr/include/apr-1/apr.h contains this line: > > typedef long apr_off_t; > > > > does this mean apr 1.2.2 does not support LFS or is it some bug in > > this precompiled APR? > > appreciate any comment > > > > It means either 1) the builder deliberately forced this behavior > > through options to ./configure, or 2) apr fails to detect that > > LFS is available in the builder's environment. I suspect 1. > > > > > > > > > > i > > -- > Igor Galić > > Tel: +43 (0) 664 886 22 883 > Mail: i.ga...@brainsware.org > URL: http://brainsware.org/ > GPG: 6880 4155 74BD FD7C B515 2EA5 4B1D 9E08 A097 C9AE > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
Re: [users@httpd] Directory Index not displaying
- Original Message - > Stan, > > Stan Laughlin schrieb (23.11.2011 22:26 Uhr): > > > This is the HEADER.html > > > > > > "STAN'S DOC INDEX" > > > > > > > > > > This is the README.html > > > > > > "README FILE > > > > > > README FILE > > p>This is the readme file > > > > > "If the file specified by HeaderName contains the beginnings of an > HTML > document (, , etc.) then you will probably want to set > IndexOptions +SuppressHTMLPreamble, so that these tags are not > repeated." > http://httpd.apache.org/docs/2.0/mod/mod_autoindex.html Also you might want to actually *not* close the or the tags. In either case. > > Marc i -- Igor Galić Tel: +43 (0) 664 886 22 883 Mail: i.ga...@brainsware.org URL: http://brainsware.org/ GPG: 6880 4155 74BD FD7C B515 2EA5 4B1D 9E08 A097 C9AE - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] apr_off_t mismatch
- Original Message - > > > i am trying to ask this again: > i supply an apache 2.2 module to my customers. naturally, i need to > build my module for each OS, cpu architecture & bit scheme. So, if > my customer has Apache 2.2 on solaris sparc 32 bit - that's what i > need to build. > > however, from what i just discovered, there's another factor - LFS > support. My module needs to be compiled with the LFS enabled or > disabled - according to the specific apache of the specific > customer. The problem is that i can't know what LFS support the > apache was compiled with. > > This really shouts "bug" to me, but i would really like to know - > who's bug and how to fix it. for example, if the packages of apache > 2.2.0 with APR 1.2.2 on sunfreeware.com have a bug that was later > fixed - then i can tell my customer to upgrade to a later version. > > ??? LFS is not a compile time feature starting 2.2, for one. For the other, my recommendation for high quality Solaris packages is to use OpenCSW (Getting started: pkgadd -d http://get.opencsw.org/now) > On Mon, Nov 21, 2011 at 11:44 PM, Asaf Dalet < asaf.da...@gmail.com > > wrote: > > > > > > this means that apache modules for 2.2.0 32 bits, on solaris 9 are > not compatible across differemt ./configure options. Also note that Oracle has announced Solaris 9's EOS (or was it EOL?) > which actually means that if i want to check if my module will run on > a given apache - i cannot do it (there's no way to know a priori the > size of apr_off_t which apache was compiled with). am i right? > > > > by any chance, does anyone know what are the ./configure options that > control the size of apr_off_t, (if there are any)? > > > > thanks > > asaf > > > > > > On Mon, Nov 21, 2011 at 7:23 PM, William A. Rowe Jr. < > wr...@rowe-clan.net > wrote: > > > > On 11/21/2011 9:48 AM, Asaf Dalet wrote: > > > > Hi all, > some interesting news: > I downloaded apr-1.2.2-sol9-sparc-local from sunfreeware.com < > http://sunfreeware.com > and > > installed it. > the file apr/include/apr-1/apr.h contains this line: > typedef long apr_off_t; > > does this mean apr 1.2.2 does not support LFS or is it some bug in > this precompiled APR? > appreciate any comment > > It means either 1) the builder deliberately forced this behavior > through options to ./configure, or 2) apr fails to detect that > LFS is available in the builder's environment. I suspect 1. > > > > i -- Igor Galić Tel: +43 (0) 664 886 22 883 Mail: i.ga...@brainsware.org URL: http://brainsware.org/ GPG: 6880 4155 74BD FD7C B515 2EA5 4B1D 9E08 A097 C9AE - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Directory Index not displaying
Stan, Stan Laughlin schrieb (23.11.2011 22:26 Uhr): This is the HEADER.html "STAN'S DOC INDEX" This is the README.html "README FILE README FILE p>This is the readme file "If the file specified by HeaderName contains the beginnings of an HTML document (, , etc.) then you will probably want to set IndexOptions +SuppressHTMLPreamble, so that these tags are not repeated." http://httpd.apache.org/docs/2.0/mod/mod_autoindex.html Marc - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Ignore errors in .htaccess
On 22/11/2011 15:19, Sandro Tosi wrote: > Hello, > I'm a situation where I can can control the webserver configuration, but users > are free to use .htaccess, and so also write wrong/unsupported options in > there > (f.e. php_flag when we launch PHP via CGI). > > I'd like to simply skip those errors and go on with the other (valid) options > instead of erroring out. > > Is is possible? If so, how? If not, what can I do (ask the users is not an > option, sadly). > > Thanks in advance, Yes, just rewrite the .htaccess parsing code -- Simone Caruso IT Consultant +39 349 65 90 805 - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] apache setup questions
On 23.11.2011, at 21:22, Tim Streater wrote: > I'm looking at how apache is set up under OS X Lion and Snow Leopard. It > seems to me in both cases that, for the default apache config, fast-cgi is > disabled as the corresponding LoadModule is commented out. Is there a > particular reason why this should be? Well it's a default config, it is expected that you have to adapt it for your needs. FastCGI simply is a feature that many do not need. Even PHP is something that many do not need. > I notice that under SL, the fast-cgi module is a good bit older than other > modules, and under Lion, there isn't even one provided. Does this mean that > it has been integrated into apache or might there be some other reason? It means that mod_fastcgi has not seen any development for quite some time. It has never been part of httpd. An alternative fastc-cgi module, mod_fcgid, has been donated to the Apache Foundation, and is maintained as separate module within the httpd project. It is not by default included in httpd either. It is more actively developed, but has (at least) one drawback compared to mod_fastcgi: it needs to spawn the FastCGI processes itself and thus does not support the fcgi process manaement in recent PHP versions. I guess Apple simply moved to a "follow upstream" approach wrt FastCGI. > I'd like to run an instance of apache that *only* needs to respond to AJAX > requests from localhost (in fact, I'm already doing this). It won't be asked > to serve html pages, it will only be running PHP scripts. Is this a situation > where ideally apache would be doing fast-cgi? Are there any optimisations I > can do with the apache config in this situation? FastCGI has some advantages and some drawbacks compared to mod_php. In short: * a different user than apache, and even a different user than other PHP apps can be used per location * a non-threaded PHP runtime can be used with a threaded httpd MPM * a PHP crash or memory leak does not affect httpd But there is overhead, and more complex configuration and you need to install the module yourself. And the advantages sound rather academic in your setup, esp. if you're talking about a single PHP app. In this particular case it is even questionable whether apache is the best suited tool for the job. You might want to consider nginx or lighttpd for that, as it seems to be easier to set these up with support for PHPs own fcgi process management. Rainer Frey - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
