przemolicc at poczta.fm wrote: > bash-3.00# uname -a > start/privileges astring > basic,!proc_session,!proc_info,!file_link_any,net_privaddr
That looks okay. > bash-3.00# svcadm enable apache2 > bash-3.00# svcs -x Did you at any time do an 'svcadm refresh apache2' ? > svc:/network/http:apache2 (Apache 2 HTTP server) > State: maintenance since Fri Mar 02 12:24:40 2007 > Reason: Start method failed repeatedly, last exited with status 1. > See: http://sun.com/msg/SMF-8000-KS > See: httpd(8) > See: /var/svc/log/network-http:apache2.log > Impact: This service is not running. > bash-3.00# tail /var/svc/log/network-http:apache2.log > [ Mar 2 10:54:22 Method "start" exited with status 1 ] > [ Mar 2 12:13:52 Leaving maintenance because clear requested. ] > [ Mar 2 12:13:52 Enabled. ] > [ Mar 2 12:13:52 Executing start method ("/lib/svc/method/http-apache2 > start") ] > [ Mar 2 12:13:52 Method "start" exited with status 1 ] > [ Mar 2 12:24:10 Leaving maintenance because disable requested. ] > [ Mar 2 12:24:10 Disabled. ] > [ Mar 2 12:24:40 Enabled. ] > [ Mar 2 12:24:40 Executing start method ("/lib/svc/method/http-apache2 > start") ] > [ Mar 2 12:24:40 Method "start" exited with status 1 ] Looks like you aren't getting enough info there. I couple of things to look at. By default the PidFile I believe goes into /var/run/apache2, the method script attempts to create that directory but that will fail because /var/run is writable only by root. My recommendation is to update the httpd.conf and put the PidFile somewhere that webservd can write to. That might help. Failing that try using the privdebug tool and reading the blueprint on privilege debuging. > bash-3.00# su - webservd > $ ppriv -v $$ > 22854: -su > flags = <none> > E: file_link_any,proc_exec,proc_fork,proc_info,proc_session > I: file_link_any,proc_exec,proc_fork,proc_info,proc_session > P: file_link_any,proc_exec,proc_fork,proc_info,proc_session > L: > contract_event,contract_observer,file_chown,file_chown_self,file_dac_execute,file_dac_read,file_dac_search,file_dac_write,file_link_any,file_owner,file_setid,ipc_dac_read,ipc_dac_write,ipc_owner,net_icmpaccess,net_privaddr,proc_audit,proc_chroot,proc_exec,proc_fork,proc_info,proc_owner,proc_session,proc_setid,proc_taskid,sys_acct,sys_admin,sys_audit,sys_mount,sys_nfs,sys_resource > $ /lib/svc/method/http-apache2 start > (13)Permission denied: make_sock: could not bind to address [::]:80 > no listening sockets available, shutting down > Unable to open logs This isn't a valid comparison. The webservd user account doesn't have a user_attr(4) entry to give its initial shell the net_privaddr privilege so just running as webservd is not the same as running the SMF service. > Can anybody tell me what is wrong ? > > > BTW how can I see output of "/lib/svc/method/http-apache2" ? The output is in the log file you already looked at, so it looks like there is no verbose output from it by default. -- Darren J Moffat
