Keith Chayer <[EMAIL PROTECTED]> wrote:
> > I have a test server running RH6.0 intel.
> > I have installed openssl-0.9.3-1.i386.rpm from the contrib area of
> > www.mod_ssl.org.
> > I have installed apache-mod_ssl-1.3.6.2.3.2-0.i386.rpm from the same place.
> >
> > I have edited httpd.conf just to alter the logging level, alter the user
> > Apache run's as.
>
> ...
>
> > BUT
> >
> > If I run `httpd -DSSL` as root the server does not start and all I get in
> > No core dumps are created.
>
> ...
>
> > The error logs are not helping me to solve this problem, so can anyone
> > suggest why this is not working?
>
> I have experienced similar troubles, and I discovered the culprit to be changing
> the user that Apache runs as. If you watch your processes, right after starting
> Apache -DSSL (I use 'ps wuax | grep httpd'), you may get a bunch of zombie httpd
> processes. I discovered that changing the user without changing the permissions
> on the Apache logfile directory, where the .pid file and such are also created,
> the server dies. I know that's vague, but check the permission on
> /usr/local/apache/logs (assuming that location--with the rpm, I would guess so)
> and tweak with them a bit.
Hi Keith,
Thanks for responding - I guess that could be a problem, but it's odd that
Apache will start so long as it's not SSL.
I guess mod_ssl will be opening other log files, but I though it was the
parent process which opened the log files, which always needs to be run as
root.
<later>
but that comment got me thinking... Having read a bit more of the strace man
page I did a `strace -f httpd -DSSL` and found where the forked process
died:
stat("/var/run/ssl_scache.db", {st_mode=S_ISGID|S_ISVTX|0407, st_size=0,
...}) = 0
open("/var/run/ssl_scache.db", O_RDWR|O_CREAT, 0600) = 4
fcntl(4, F_SETFD, FD_CLOEXEC) = 0
read(4, "\0\6\25a\0\0\0\2\0\0\4\322\0\0\20"..., 260) = 260
lseek(4, 0, SEEK_SET) = 0
write(4, "\0\6\25a\0\0\0\2\0\0\4\322\0\0\20"..., 260) = 260
close(4) = 0
geteuid() = 0
chown("/var/run/ssl_scache", 15, 4294967295) = -1 ENOENT (No such file or
directory)
chown("/var/run/ssl_scache.db", 15, 4294967295) = 0
chown("/var/run/ssl_scache.db", 15, 4294967295) = 0
fcntl(20, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
time(NULL) = 929998502
fcntl(20, F_SETLKW, {type=F_WRLCK, whence=SEEK_SET, start=0, len=0}) = 0
stat("/var/run/ssl_scache.db", {st_mode=S_ISGID|S_ISVTX|0407, st_size=0,
...}) = 0
open("/var/run/ssl_scache.db", O_RDWR) = 4
fcntl(4, F_SETFD, FD_CLOEXEC) = 0
read(4, "\0\6\25a\0\0\0\2\0\0\4\322\0\0\20"..., 260) = 260
lseek(4, 4096, SEEK_SET) = 4096
read(4, "\36\0\340\17Y\17I\17\363\16\343\16"..., 4096) = 4096
brk(0x80cb000) = 0x80cb000
lseek(4, 8192, SEEK_SET) = 8192
read(4, "\30\0\340\17Y\0179\17\262\16\222"..., 4096) = 4096
--- SIGSEGV (Segmentation fault) ---
I thought that was interesting so I did a
`mv /var/run/ssl_scache.db /var/run/ssl_scache.db.hide`
and re-ran `httpd -DSSL` and it ran!
If anyone is interested, the file is created with these permissions:
drwxr-xr-x 4 root root 2048 Jun 21 20:57 .
-rw------- 1 httpd root 16384 Jun 21 21:02 ssl_scache.db
and if I stop Apache I have to remove this file before I can restart it.
I run Apache as user httpd.httpd
All the log files are owned root.root but all the ssl files in /var/run are
owned httpd.root. I have the feeling that this is not correct.
Also, when Apache is up with SSL, accessing pages is about as flakey as my
previous description of https://www.modssl.org, in that lots of files are
not served because of seg faults:
[Mon Jun 21 21:11:10 1999] [notice] child pid 9842 exit signal Segmentation
fault (11)
[Mon Jun 21 21:11:10 1999] [notice] child pid 9841 exit signal Segmentation
fault (11)
[Mon Jun 21 21:11:10 1999] [notice] child pid 9840 exit signal Segmentation
fault (11)
[Mon Jun 21 21:11:11 1999] [notice] child pid 9843 exit signal Segmentation
fault (11)
Surly this is not usual, is it?
> Email me for more info.
>
> Keith Chayer
> Network Technician
> Baptist Bible College
> Springfield, MO
--
Mark Himsley.
Technical Director,
Clockwork Web.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
