Is this on TX? If so, svc:/network/http:apache2> setprop start/privileges = astring: basic,!proc_session,!proc_info,!file_link_any,net_privaddr
On Mar 2, 2007, at 6:29 AM, przemolicc at poczta.fm wrote: > Hello, > > I am trying to configure apache2 with reduced privileges according to > document: "Limiting service privileges in the Solaris 10 operating > system". I have done everything from the document but there is a > problem with > apache start: > > bash-3.00# cat /etc/release > Solaris 10 6/06 s10x_u2wos_09a X86 > Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. > Use is subject to license terms. > Assembled 09 June 2006 > bash-3.00# uname -a > SunOS test 5.10 Generic_118855-19 i86pc i386 i86pc > bash-3.00# svcs -x > bash-3.00# svcs -a|grep apache2 > disabled 12:24:10 svc:/network/http:apache2 > bash-3.00# svcprop -v -p start apache2 > start/exec astring /lib/svc/method/http-apache2\ start > start/timeout_seconds count 60 > start/type astring method > start/user astring webservd > start/group astring webservd > start/privileges astring basic,!proc_session,!proc_info,! > file_link_any,net_privaddr > start/limit_privileges astring :default > start/use_profile boolean false > start/supp_groups astring :default > start/working_directory astring :default > start/project astring :default > start/resource_pool astring :default > bash-3.00# svcadm enable apache2 > bash-3.00# svcs -x > svc:/network/http:apache2 (Apache 2 HTTP server) > State: maintenance since Fri Mar 02 12:24:40 2007 > Reason: Start method failed repeatedly, last exited with status 1. > See: http://sun.com/msg/SMF-8000-KS > See: httpd(8) > See: /var/svc/log/network-http:apache2.log > Impact: This service is not running. > bash-3.00# tail /var/svc/log/network-http:apache2.log > [ Mar 2 10:54:22 Method "start" exited with status 1 ] > [ Mar 2 12:13:52 Leaving maintenance because clear requested. ] > [ Mar 2 12:13:52 Enabled. ] > [ Mar 2 12:13:52 Executing start method ("/lib/svc/method/http- > apache2 start") ] > [ Mar 2 12:13:52 Method "start" exited with status 1 ] > [ Mar 2 12:24:10 Leaving maintenance because disable requested. ] > [ Mar 2 12:24:10 Disabled. ] > [ Mar 2 12:24:40 Enabled. ] > [ Mar 2 12:24:40 Executing start method ("/lib/svc/method/http- > apache2 start") ] > [ Mar 2 12:24:40 Method "start" exited with status 1 ] > > bash-3.00# su - webservd > $ ppriv -v $$ > 22854: -su > flags = <none> > E: file_link_any,proc_exec,proc_fork,proc_info,proc_session > I: file_link_any,proc_exec,proc_fork,proc_info,proc_session > P: file_link_any,proc_exec,proc_fork,proc_info,proc_session > L: > contract_event,contract_observer,file_chown,file_chown_self,file_dac_e > xecute,file_dac_read,file_dac_search,file_dac_write,file_link_any,file > _owner,file_setid,ipc_dac_read,ipc_dac_write,ipc_owner,net_icmpaccess, > net_privaddr,proc_audit,proc_chroot,proc_exec,proc_fork,proc_info,proc > _owner,proc_session,proc_setid,proc_taskid,sys_acct,sys_admin,sys_audi > t,sys_mount,sys_nfs,sys_resource > $ /lib/svc/method/http-apache2 start > (13)Permission denied: make_sock: could not bind to address [::]:80 > no listening sockets available, shutting down > Unable to open logs > > Can anybody tell me what is wrong ? > > > BTW how can I see output of "/lib/svc/method/http-apache2" ? > > przemol > > > ---------------------------------------------------------------------- > Oficjalne konto pocztowe europejskich internautow! >>>> http://link.interia.pl/f19e8 > > _______________________________________________ > security-discuss mailing list > security-discuss at opensolaris.org -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.opensolaris.org/pipermail/security-discuss/attachments/20070302/c1b4c141/attachment.html>
