RE: [error] (13)Permission denied: accept: (client socket)

[McCaffity, Ray]

There is no reason that Solaris won't let you run child processes as someone
besides root.  All my servers are set up this way.  Which version of
Solaris?
x86 or Sparc? 64 or 32-bit?  Some places to look are /var/adm/messages
../path/to/apache/logs/error_log and dmesg.  Also when you do a netstat -a |
grep 80
or 443 do you see anything?  Dumb question, but are you sure the Apache
process
is running?  ps-ef | grep httpd | wc -l   Question? Why don't you want the
parent process
to run as root?  I'm pretty sure you'll also have to un-edit the #Listen and
#Port lines
and change these to a port higher than 1024 if you don't want to run the
parent process
as root.

-----Original Message-----
From: Rossen Raykov [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 05, 2001 1:45 PM
To: [EMAIL PROTECTED]
Subject: [error] (13)Permission denied: accept: (client socket)


Hi All,

The question is a little out of the list but I was not able to find answer
of this anywhere, so please excuse me and help me if you can.

When I�m accessing the apache server I�m getting the following error:

[error] (13)Permission denied: accept: (client socket)

I�m running apache 1.3.19 with mod_ssl 2.8.3 on Solaris 8 on spark.
There are no more messages even when LogLevel is set to debug.
When I make telnet connection the server it is closed immediately with the
message �Connection closed by foreign host.�.

BW The same compilation runs without any problem on a second box with the
same OS but with different system configuration.

I think there is an OS restriction that is preventing the server children to
make connections if they are owned from anyone but root.
I tried with default Solaris user nobody:nobody (60001:60001) and with
www:www (100:100) without success.
The httpd.conf is correct since when I compiled apache with
EXTRA_CFLAGS=-DBIG_SECURITY_HOLE and run it from root:root it is working
fine without any complaint.

I think there is something in the OS that is preventing the server to be run
by different than root user.

Do you have any Idea what I have to check/change or is there a better list
to which I can address this?

Regards,
Rosen




_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]