Hi All,
Thanks to Brad Powel form Titan project (http://www.fish.com/titan/) I found
the solution.
The problem was in the ownership of the TCP/IP devices.
The right ownership for those devices in /devices/pseudo have to be:
crw-rw-rw- 1 root 146, 1 May 1 17:51 tcp6@0:tcp6
crw-rw-rw- 1 root 42, 0 May 1 17:51 tcp@0:tcp
crw-rw---- 1 root 143, 1 May 1 17:51 ip6@0:ip6
crw-rw---- 1 root 3, 0 May 1 17:51 ip@0:ip
Thanks to all who spend their time to try to wind the solution!
Regards,
Rossen Raykov
----- Original Message -----
From: "Rossen Raykov" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, June 05, 2001 6:04 PM
Subject: Re: [error] (13)Permission denied: accept: (client socket)
> Hi,
>
> # uname -a
> SunOS MyHost 5.8 Generic_108528-07 sun4u sparc SUNW,Ultra-5_10
> # netstat -an | grep 80
> x.x.x.x.80 *.* 0 0 24576 0 LISTEN
> in /etc/syslog.conf I have a line:
> *.emerg;*.alert;*.crit;*.err;*.warning;*.info /var/log/all.log
> and there is nothing in it from apache or from the system during the
apache
> startup and it's live.
>
> #ps -axwu | grep http
> root 19919 0.0 1.2 4720 2880 ? S 07:46:17 0:00
> /u01/app/apache/product/current/bin/httpd -d /u01/app/apache/product/c
> root 19920 0.0 1.0 4784 2488 ? S 07:46:18 0:00
> /u01/app/apache/product/current/bin/httpd -d /u01/app/apache/product/c
> root 19921 0.0 1.0 4784 2488 ? S 07:46:18 0:00
> /u01/app/apache/product/current/bin/httpd -d /u01/app/apache/product/c
> root 19922 0.0 1.0 4784 2496 ? S 07:46:18 0:00
> /u01/app/apache/product/current/bin/httpd -d /u01/app/apache/product/c
> root 19923 0.0 1.0 4784 2496 ? S 07:46:18 0:00
> /u01/app/apache/product/current/bin/httpd -d /u01/app/apache/product/c
> root 19924 0.0 1.0 4784 2488 ? S 07:46:18 0:00
> /u01/app/apache/product/current/bin/httpd -d /u01/app/apache/product/c
> root 19928 0.0 1.0 4784 2488 ? S 07:47:54 0:00
> /u01/app/apache/product/current/bin/httpd -d /u01/app/apache/product/c
>
> This is working fine.
>
> When I change
> User root
> Group root
> to
> User www
> Group www
> the picture is:
> # ps -axuw | grep http
> root 20222 0.3 1.2 4720 2880 ? S 10:29:21 0:00
> /u01/app/apache/product/current/bin/httpd -d /u01/app/apache/product/c
> www 20224 0.1 0.6 4720 1432 ? S 10:29:22 0:00
> /u01/app/apache/product/current/bin/httpd -d /u01/app/apache/product/c
> www 20226 0.1 0.6 4720 1432 ? S 10:29:22 0:00
> /u01/app/apache/product/current/bin/httpd -d /u01/app/apache/product/c
> www 20223 0.0 0.6 4720 1440 ? S 10:29:22 0:00
> /u01/app/apache/product/current/bin/httpd -d /u01/app/apache/product/c
> www 20225 0.0 0.6 4720 1432 ? S 10:29:22 0:00
> /u01/app/apache/product/current/bin/httpd -d /u01/app/apache/product/c
> www 20227 0.0 0.6 4720 1432 ? S 10:29:22 0:00
> /u01/app/apache/product/current/bin/httpd -d /u01/app/apache/product/c
> # netstat -an | grep 80
> x.x.x.x.80 *.* 0 0 24576 0 LISTEN
> # ls -l /etc/passwd /etc/group
> -rw-r--r-- 1 root sys 305 Jun 5 07:35 /etc/group
> -r--r--r-- 1 root sys 669 Jun 5 07:34 /etc/passwd
> # grep www /etc/passwd /etc/group
> /etc/passwd:www:x:100:100:WWW user:/:/sbin/noshell
> /etc/group:www::100:
> # telnet x.x.x.x 80
> Trying x.x.x.x...
> Connected to x.x.x.x.
> Escape character is '^]'.
> Connection closed by foreign host.
> In truth the connection is established (I traced this with tcpdump and BW
it
> is seen from the telnet response).
> The problem is that immediately after that it is terminated and in the log
> is written only this error:
>
> [Tue Jun 5 10:29:10 2001] [info] removed PID file /var/run/sys.httpd.pid
> (pid=19919)
> [Tue Jun 5 10:29:10 2001] [notice] caught SIGTERM, shutting down
> [Tue Jun 5 10:29:20 2001] [info] mod_unique_id: using ip addr x.x.x.x
> [Tue Jun 5 10:29:21 2001] [info] mod_unique_id: using ip addr x.x.x.x
> [Tue Jun 5 10:29:22 2001] [notice] Apache configured -- resuming normal
> operations
> [Tue Jun 5 10:29:22 2001] [info] Server built: Jun 5 2001 07:09:49
> [Tue Jun 5 10:30:32 2001] [error] (13)Permission denied: accept: (client
> socket)
> Initialy I tried a binaries that are working on a different box with the
> same OS but on it Solaris is set different.
> After some tests with different user names/ids (www and nobody) i
recompiled
> apache using the following configuration:
>
> EXTRA_CFLAGS=-DBIG_SECURITY_HOLE
> ./configure --with-apac
> e=../apache_1.3.19 --wit
> -ssl=../openssl-0.9.6
> --with-mm=../mm-1.1.
> --enable-module=all --e
> able-shared=max --prefix
> /u01/app/apache/product/
> .3.19 --enable-rule=EAP
> --server-uid=root --server-gid=root -DBIG_SECURITY_HOLE
> After that I was able to start the server like using user/group root in
the
> config file and it is working perfect!
> In the same installation if I change user/group to www the children are
not
> serving the requests!
> From the commands above is well seen that the server is running - there is
a
> master copy owned by root and children owned by www and also netstat is
> showing that it is listening to port 80.
> Also telnet is making connection to the server but ... it is immediately
> terminated!
> This drives me greasy and I almost ca not believe it but is thru!
> The only one that I can think is that somehow Solaris in this particular
> configuration/system settings is not allowing other users to use ports
under
> 1024.
> Never mind that they are actually reusing existing connection established
by
> the master!!!
> Attached is the config file.
> And since the directory /var/sys/proxy is mentioned there:
>
> # ls -l /var/sys/
> total 2
> drwxr-xr-x 2 www www 512 Jun 5 07:47 proxy
>
> BW the TCP/IP stack on the server is working since I'm using it to make
ssh
> connections and there is ntpd server running on it which is also proven to
> work.
> Actually even apache is working but only if it is set to work from root L
>
> Any ideas are appreciated!
>
> Regards,
> Rossen
>
> PS x.x.x.x stands for the same IP address in both the screen dumps and the
> httpd.conf file.
>
> ----- Original Message -----
> From: "McCaffity, Ray" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Tuesday, June 05, 2001 9:45 AM
> Subject: RE: [error] (13)Permission denied: accept: (client socket)
>
>
> > There is no reason that Solaris won't let you run child processes as
> someone
> > besides root. All my servers are set up this way. Which version of
> > Solaris?
> > x86 or Sparc? 64 or 32-bit? Some places to look are /var/adm/messages
> > ../path/to/apache/logs/error_log and dmesg. Also when you do a
netstat -a
> |
> > grep 80
> > or 443 do you see anything? Dumb question, but are you sure the Apache
> > process
> > is running? ps-ef | grep httpd | wc -l Question? Why don't you want
the
> > parent process
> > to run as root? I'm pretty sure you'll also have to un-edit the #Listen
> and
> > #Port lines
> > and change these to a port higher than 1024 if you don't want to run the
> > parent process
> > as root.
> >
> > -----Original Message-----
> > From: Rossen Raykov [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, June 05, 2001 1:45 PM
> > To: [EMAIL PROTECTED]
> > Subject: [error] (13)Permission denied: accept: (client socket)
> >
> >
> > Hi All,
> >
> > The question is a little out of the list but I was not able to find
answer
> > of this anywhere, so please excuse me and help me if you can.
> >
> > When I�m accessing the apache server I�m getting the following error:
> >
> > [error] (13)Permission denied: accept: (client socket)
> >
> > I�m running apache 1.3.19 with mod_ssl 2.8.3 on Solaris 8 on spark.
> > There are no more messages even when LogLevel is set to debug.
> > When I make telnet connection the server it is closed immediately with
the
> > message �Connection closed by foreign host.�.
> >
> > BW The same compilation runs without any problem on a second box with
the
> > same OS but with different system configuration.
> >
> > I think there is an OS restriction that is preventing the server
children
> to
> > make connections if they are owned from anyone but root.
> > I tried with default Solaris user nobody:nobody (60001:60001) and with
> > www:www (100:100) without success.
> > The httpd.conf is correct since when I compiled apache with
> > EXTRA_CFLAGS=-DBIG_SECURITY_HOLE and run it from root:root it is working
> > fine without any complaint.
> >
> > I think there is something in the OS that is preventing the server to be
> run
> > by different than root user.
> >
> > Do you have any Idea what I have to check/change or is there a better
list
> > to which I can address this?
> >
> > Regards,
> > Rosen
> >
> >
> >
> >
> > _________________________________________________________
> > Do You Yahoo!?
> > Get your free @yahoo.com address at http://mail.yahoo.com
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > User Support Mailing List [EMAIL PROTECTED]
> > Automated List Manager [EMAIL PROTECTED]
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > User Support Mailing List [EMAIL PROTECTED]
> > Automated List Manager [EMAIL PROTECTED]
>
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
