That's the way apache works. The first process starts up as root so it can
read the config files, write to logs, etc. It hands the requests that come
in to the child processes, which run as nobody so that they have very
limited access rights to files, and can't serve up things like executables,
password files, etc.
The problem is that the main process, when it starts up, is supposed to
chown the files so that they're owned by user nobody. However, in some
circumstances, it seems that the filename it's trying to chown is wrong (see
my previous post about this; it's a build-time configuration issue,
basically), so chown() fails -- and the return values for chown() are never
checked, so it just goes blithely on its way asssuming everything is hunky
dory . . .
Dave Neuer
-----Original Message-----
From: Jason Terry <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Thursday, July 08, 1999 1:09 PM
Subject: Re: Permission.
>My system does this same thing. But, I believe it is due to the
>following...
>
>ps -aux reveals the following httpd processes (edited for readability)
>root S< Jun28 0:03 /usr/local/apache_1.3.6/bin/httpd
>nobody S< Jun28 0:20 /usr/local/apache_1.3.6/bin/httpd
>nobody S< Jun28 0:04 /usr/local/apache_1.3.6/bin/httpd
>nobody S< Jun28 0:03 /usr/local/apache_1.3.6/bin/httpd
>etc...
>
>Notice how the first process is owned by root. and all of its children are
>nobody. Perhaps your system is running the same way....
>
>----- Original Message -----
>From: Brian Schau <[EMAIL PROTECTED]>
>To: .L modssl <[EMAIL PROTECTED]>
>Sent: Thursday, July 08, 1999 1:40 AM
>Subject: Permission.
>
>
>>Hello,
>>
>>
>>I've been playing around with mod-ssl. I wonder about the following
>>entries in the general error.log:
>>
>>[Thu Jul 8 09:12:05 1999] [error] mod_ssl: Cannot open SSLSessionCache
>>DBM file `/var/run/ssl.dbm' for writing (store) (System error follows)
>>[Thu Jul 8 09:12:05 1999] [error] System: Permission denied (errno: 13)
>>
>>
>>I can see why it fails:
>>
>>root@dps-1:/log/error # cd /var/run
>>root@dps-1:/var/run # ll ssl*
>>-rw------- 2 root root 12288 jul 8 09:13 ssl.dbm.dir
>>-rw------- 2 root root 12288 jul 8 09:13 ssl.dbm.pag
>>-rw------- 1 nobody root 0 jul 8 09:13 ssl.sem.1113
>>
>>
>>So my question is:
>>
>>Why is the *.dbm files owned by root, when the webserver runs as nobody
>>- that is like asking for trouble! ;o)
>>
>>
>>Kind regards,
>>
>>
>>Brian
>>______________________________________________________________________
>>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>>User Support Mailing List [EMAIL PROTECTED]
>>Automated List Manager [EMAIL PROTECTED]
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>User Support Mailing List [EMAIL PROTECTED]
>Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
