Christine,
The "ZONE" privilege is shorthand for all zone privileges (which is
a subset of "ALL" privileges found in the global zone). Are you
talking about Apache or Apache 2? If Apache 2, check out:
http://www.sun.com/blueprints/0505/819-2680.pdf
By default, Apache2 wants to create/write files in directories that
are owned by root which would lead to the need for all zone privileges.
The BluePrint mentioned above discusses the 2 (I believe) changes that
are needed to allow you to run Apache 2 as a non-root user in a zone.
g
Christine Tran wrote:
I am attempting to run apache as a non-root user in a non-global zone. I'm
not able to start apache, my error_log says:
Permission denied: mod_rewrite: could not create rewrite_log_lock
Thinking that this may be related to a privilege issue, I ran ppriv -e -D and
got:
httpsd.worker[14906]: missing privilege "ZONE" (euid = 170, syscall = 5) needed
at tdirenter+0x300
Server start FAILED
What is "ZONE"? There is proc_zone but that doesn't sound right, "allow a process
to send signals to processes in other zones"? Googling gives me some info on mod_rewrite,
that I'm hitting some semaphore limits, shm and ipcs.
This works fine when I start apache as a non-root user in the global zone. I would like
to make this work in a non-global zone. What is privilege "ZONE"? Has anyone
seen this? What should I do next? (OK, privdebug is a given.)
CT
___
zones-discuss mailing list
zones-discuss@opensolaris.org
--
Glenn Brunette
Distinguished Engineer
Director, GSS Security Office
Sun Microsystems, Inc.
___
zones-discuss mailing list
zones-discuss@opensolaris.org
