Re: [Mod-fcgid-users] apache2-mpm-itk different php versions per user php.ini / mod_fcgid

2013-02-22 Thread mrg
Thanks, but it does not work:

 

srwx-- 1 wwwrun wwwrun 0 23. Feb 02:26 10055.6

 

error_log: (13)Permission denied: mod_fcgid: can't lock process table in pid

 

patch and compile without error

 

greets martin

 

Von: Josiah Purtlebaugh [mailto:josiah.purtleba...@gmail.com] 
Gesendet: Freitag, 22. Februar 2013 21:08
An: mod-fcgid-users@lists.sourceforge.net
Betreff: Re: [Mod-fcgid-users] apache2-mpm-itk different php versions per
user php.ini / mod_fcgid

 

No promises this will work as I am not a maintainer nor developer of
mod_fcgid, but I have prepared a patch for you that should achieve the same
effect. I'm not able to test compilation with mpm-itk (mainly because I'm
not sure which package you're using), but it compiles cleanly without
mpm-itk libraries installed.

 

Go ahead and give it a shot, I guess; make sure you compile this against an
apache where MPM_ITK is defined and hopefully it will do what you desire.

 

Apply the patch from the mod_fcgid/modules/fcgid directory with patch -p1 
mpm-itk_mod-fcgid.patch

 

Josiah

 

On Thu, Feb 21, 2013 at 7:45 AM, m...@unimx.de mailto:m...@unimx.de
m...@unimx.de mailto:m...@unimx.de  wrote:

Hello Group,

the problem using ITK+mod_fcgid is the fcgid socket. the socket is
owned by wwwuser (wwwrun / www-data) of apache.
ITK set vhost to user1, so fcgid says:

Permission denied: mod_fcgid: can't lock process table in pid

socket dir:

srwx-- 1 wwwrun wwwrun 0 21. Feb 14:11 11585.0
srwx-- 1 wwwrun wwwrun 0 21. Feb 13:12 2666.0
srwx-- 1 wwwrun wwwrun 0 21. Feb 13:12 2666.1
srwx-- 1 wwwrun wwwrun 0 21. Feb 13:17 3083.0
srwx-- 1 wwwrun wwwrun 0 21. Feb 13:25 3938.0

The way using fcgi is, we have different php-versions and per user
php.ini
The way we use ITK is, we want to safe homedirs of all user not have
to be readable by wwwrun (f.e. remember symlink problem)

So we think, we must patch mod_fcgid (source
http://httpd.apache.org/mod_fcgid/)
May like modwsgi:
http://code.google.com/p/modwsgi/issues/detail?id=187

if (!geteuid()) {
+#if defined(MPM_ITK)
+if (chown(process-socket, process-uid, -1)  0) {
+#else
   if (chown(process-socket, ap_unixd_config.user_id, -1)  0) {
+#endif
   ap_log_error(APLOG_MARK, WSGI_LOG_ALERT(errno),
wsgi_server,
mod_wsgi (pid=%d): Couldn't change owner of
unix 
domain socket '%s'., getpid(),

Thus, set UNIX listener socket to be owned by the same user as daemon
process runs as.


Any ideas how to PATCH mod_fcgid ?
mpm-itk with mod_fcgid would be more than great :)


OR: Any way to user mpm-itk and different php-versions / per user
php.ini ?

Thanks
Martin



--
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb
___
Mod-fcgid-users mailing list
Mod-fcgid-users@lists.sourceforge.net
mailto:Mod-fcgid-users@lists.sourceforge.net 
https://lists.sourceforge.net/lists/listinfo/mod-fcgid-users

 

--
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb___
Mod-fcgid-users mailing list
Mod-fcgid-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-fcgid-users


Re: [Mod-fcgid-users] apache2-mpm-itk different php versions per user php.ini / mod_fcgid

2013-02-22 Thread mrg
We test:

 

/* Correct the file owner */

 

if (!geteuid()) {

 

 

//#if defined(MPM_ITK)

//if (chown(unix_addr.sun_path, procnode-uid, -1)  0) {

if (chown(unix_addr.sun_path, web589, -1)  0) {

//#else

//if (chown(unix_addr.sun_path, ap_unixd_config.user_id, -1)  0) {

//#endif

ap_log_error(APLOG_MARK, APLOG_ERR, errno, main_server,

 mod_fcgid: couldn't change owner of unix domain
socket %s,

 unix_addr.sun_path);

close(unix_socket);

return errno;

}

}

 

But the same:

 

srwx-- 1 wwwrun wwwrun 0 23. Feb 02:44 5690.2

 

(13)Permission denied: mod_fcgid: can't lock process table in pid

 

 

Von: m...@unimx.de [mailto:m...@unimx.de] 
Gesendet: Samstag, 23. Februar 2013 02:33
An: mod-fcgid-users@lists.sourceforge.net
Betreff: Re: [Mod-fcgid-users] apache2-mpm-itk different php versions per
user php.ini / mod_fcgid

 

Thanks, but it does not work:

 

srwx-- 1 wwwrun wwwrun 0 23. Feb 02:26 10055.6

 

error_log: (13)Permission denied: mod_fcgid: can't lock process table in pid

 

patch and compile without error

 

greets martin

 

Von: Josiah Purtlebaugh [mailto:josiah.purtleba...@gmail.com] 
Gesendet: Freitag, 22. Februar 2013 21:08
An: mod-fcgid-users@lists.sourceforge.net
mailto:mod-fcgid-users@lists.sourceforge.net 
Betreff: Re: [Mod-fcgid-users] apache2-mpm-itk different php versions per
user php.ini / mod_fcgid

 

No promises this will work as I am not a maintainer nor developer of
mod_fcgid, but I have prepared a patch for you that should achieve the same
effect. I'm not able to test compilation with mpm-itk (mainly because I'm
not sure which package you're using), but it compiles cleanly without
mpm-itk libraries installed.

 

Go ahead and give it a shot, I guess; make sure you compile this against an
apache where MPM_ITK is defined and hopefully it will do what you desire.

 

Apply the patch from the mod_fcgid/modules/fcgid directory with patch -p1 
mpm-itk_mod-fcgid.patch

 

Josiah

 

On Thu, Feb 21, 2013 at 7:45 AM, m...@unimx.de mailto:m...@unimx.de
m...@unimx.de mailto:m...@unimx.de  wrote:

Hello Group,

the problem using ITK+mod_fcgid is the fcgid socket. the socket is
owned by wwwuser (wwwrun / www-data) of apache.
ITK set vhost to user1, so fcgid says:

Permission denied: mod_fcgid: can't lock process table in pid

socket dir:

srwx-- 1 wwwrun wwwrun 0 21. Feb 14:11 11585.0
srwx-- 1 wwwrun wwwrun 0 21. Feb 13:12 2666.0
srwx-- 1 wwwrun wwwrun 0 21. Feb 13:12 2666.1
srwx-- 1 wwwrun wwwrun 0 21. Feb 13:17 3083.0
srwx-- 1 wwwrun wwwrun 0 21. Feb 13:25 3938.0

The way using fcgi is, we have different php-versions and per user
php.ini
The way we use ITK is, we want to safe homedirs of all user not have
to be readable by wwwrun (f.e. remember symlink problem)

So we think, we must patch mod_fcgid (source
http://httpd.apache.org/mod_fcgid/)
May like modwsgi:
http://code.google.com/p/modwsgi/issues/detail?id=187

if (!geteuid()) {
+#if defined(MPM_ITK)
+if (chown(process-socket, process-uid, -1)  0) {
+#else
   if (chown(process-socket, ap_unixd_config.user_id, -1)  0) {
+#endif
   ap_log_error(APLOG_MARK, WSGI_LOG_ALERT(errno),
wsgi_server,
mod_wsgi (pid=%d): Couldn't change owner of
unix 
domain socket '%s'., getpid(),

Thus, set UNIX listener socket to be owned by the same user as daemon
process runs as.


Any ideas how to PATCH mod_fcgid ?
mpm-itk with mod_fcgid would be more than great :)


OR: Any way to user mpm-itk and different php-versions / per user
php.ini ?

Thanks
Martin



--
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb
___
Mod-fcgid-users mailing list
Mod-fcgid-users@lists.sourceforge.net
mailto:Mod-fcgid-users@lists.sourceforge.net 
https://lists.sourceforge.net/lists/listinfo/mod-fcgid-users

 

--
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb___
Mod-fcgid-users mailing list
Mod-fcgid-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-fcgid-users


Re: [Mod-fcgid-users] apache2-mpm-itk different php versions per user php.ini / mod_fcgid

2013-02-22 Thread mrg
 

Yes the socket -i think- is created by apache with user root, only the child
get wwwrun and his child with mpm-itk get f.e. web589

 

So if we find the function create the socket, there it have to be created
with the user of mpm-itk. 

May at this time the user is unknown.

May it is possible to create socket with 0777 instead of 0700 (may sec issue
but in test cases).

 

But i did not find the create function

 

 

 

Von: Josiah Purtlebaugh [mailto:josiah.purtleba...@gmail.com] 
Gesendet: Samstag, 23. Februar 2013 02:51
An: mod-fcgid-users@lists.sourceforge.net
Betreff: Re: [Mod-fcgid-users] apache2-mpm-itk different php versions per
user php.ini / mod_fcgid

 

Right. The Unix socket is already owned by wwwrun and the chown is being
executed by a different uid, I think. We need to enforce not only the chown
but also the creation of the socket. It will be in another function. 

Josiah 

On Feb 22, 2013 5:48 PM, m...@unimx.de mailto:m...@unimx.de  wrote:

We test:

 

/* Correct the file owner */

 

if (!geteuid()) {

 

 

//#if defined(MPM_ITK)

//if (chown(unix_addr.sun_path, procnode-uid, -1)  0) {

if (chown(unix_addr.sun_path, web589, -1)  0) {

//#else

//if (chown(unix_addr.sun_path, ap_unixd_config.user_id, -1)  0) {

//#endif

ap_log_error(APLOG_MARK, APLOG_ERR, errno, main_server,

 mod_fcgid: couldn't change owner of unix domain
socket %s,

 unix_addr.sun_path);

close(unix_socket);

return errno;

}

}

 

But the same:

 

srwx-- 1 wwwrun wwwrun 0 23. Feb 02:44 5690.2

 

(13)Permission denied: mod_fcgid: can't lock process table in pid

 

 

Von: m...@unimx.de mailto:m...@unimx.de  [mailto:m...@unimx.de
mailto:m...@unimx.de ] 
Gesendet: Samstag, 23. Februar 2013 02:33
An: mod-fcgid-users@lists.sourceforge.net
mailto:mod-fcgid-users@lists.sourceforge.net 
Betreff: Re: [Mod-fcgid-users] apache2-mpm-itk different php versions per
user php.ini / mod_fcgid

 

Thanks, but it does not work:

 

srwx-- 1 wwwrun wwwrun 0 23. Feb 02:26 10055.6

 

error_log: (13)Permission denied: mod_fcgid: can't lock process table in pid

 

patch and compile without error

 

greets martin

 

Von: Josiah Purtlebaugh [mailto:josiah.purtleba...@gmail.com] 
Gesendet: Freitag, 22. Februar 2013 21:08
An: mod-fcgid-users@lists.sourceforge.net
mailto:mod-fcgid-users@lists.sourceforge.net 
Betreff: Re: [Mod-fcgid-users] apache2-mpm-itk different php versions per
user php.ini / mod_fcgid

 

No promises this will work as I am not a maintainer nor developer of
mod_fcgid, but I have prepared a patch for you that should achieve the same
effect. I'm not able to test compilation with mpm-itk (mainly because I'm
not sure which package you're using), but it compiles cleanly without
mpm-itk libraries installed.

 

Go ahead and give it a shot, I guess; make sure you compile this against an
apache where MPM_ITK is defined and hopefully it will do what you desire.

 

Apply the patch from the mod_fcgid/modules/fcgid directory with patch -p1 
mpm-itk_mod-fcgid.patch

 

Josiah

 

On Thu, Feb 21, 2013 at 7:45 AM, m...@unimx.de mailto:m...@unimx.de
m...@unimx.de mailto:m...@unimx.de  wrote:

Hello Group,

the problem using ITK+mod_fcgid is the fcgid socket. the socket is
owned by wwwuser (wwwrun / www-data) of apache.
ITK set vhost to user1, so fcgid says:

Permission denied: mod_fcgid: can't lock process table in pid

socket dir:

srwx-- 1 wwwrun wwwrun 0 21. Feb 14:11 11585.0
srwx-- 1 wwwrun wwwrun 0 21. Feb 13:12 2666.0
srwx-- 1 wwwrun wwwrun 0 21. Feb 13:12 2666.1
srwx-- 1 wwwrun wwwrun 0 21. Feb 13:17 3083.0
srwx-- 1 wwwrun wwwrun 0 21. Feb 13:25 3938.0

The way using fcgi is, we have different php-versions and per user
php.ini
The way we use ITK is, we want to safe homedirs of all user not have
to be readable by wwwrun (f.e. remember symlink problem)

So we think, we must patch mod_fcgid (source
http://httpd.apache.org/mod_fcgid/)
May like modwsgi:
http://code.google.com/p/modwsgi/issues/detail?id=187

if (!geteuid()) {
+#if defined(MPM_ITK)
+if (chown(process-socket, process-uid, -1)  0) {
+#else
   if (chown(process-socket, ap_unixd_config.user_id, -1)  0) {
+#endif
   ap_log_error(APLOG_MARK, WSGI_LOG_ALERT(errno),
wsgi_server,
mod_wsgi (pid=%d): Couldn't change owner of
unix 
domain socket '%s'., getpid(),

Thus, set UNIX listener socket to be owned by the same user as daemon
process runs as.


Any ideas how to PATCH mod_fcgid ?
mpm-itk with mod_fcgid would be more than great :)


OR: Any way to user mpm-itk and different php-versions / per user
php.ini ?

Thanks
Martin



--
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free