I too have been trying to configure apache2 with reduced privileges
according to document: "Limiting service privileges in the Solaris 10
operating system". I have done everything from the document but there is a
problem with apache restarting...
# cat /etc/release
Solaris 10 11/06 s10s_u3wos_10 SPARC
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved.
Use is subject to license terms.
Assembled 14 November 2006
# uname -a
SunOS sunny.si10.com 5.10 Generic_118833-36 sun4u sparc
SUNW,UltraSPARC-IIi-cEngine
# svcs -x
svc:/application/print/server:default (LP print server)
State: disabled since Tue Mar 27 02:15:44 2007
Reason: Disabled by an administrator.
See: http://sun.com/msg/SMF-8000-05
See: lpsched(1M)
Impact: 1 dependent service is not running. (Use -v for list.)
svc:/network/http:apache2 (Apache 2 HTTP server)
State: maintenance since Tue Mar 27 02:16:41 2007
Reason: Start method failed repeatedly, last exited with status 1.
See: http://sun.com/msg/SMF-8000-KS
See: httpd(8)
See: /var/svc/log/network-http:apache2.log
Impact: This service is not running.
# svcprop -v -p start apache2
start/exec astring /lib/svc/method/http-apache2\ start
start/timeout_seconds count 60
start/type astring method
start/user astring webservd
start/group astring webservd
start/privileges astring
basic,!proc_session,!proc_info,!file_link_any,net_privaddr
start/limit_privileges astring :default
start/use_profile boolean false
start/supp_groups astring :default
start/working_directory astring :default
start/project astring :default
start/resource_pool astring :default
# svcs -l apache2
fmri svc:/network/http:apache2
name Apache 2 HTTP server
enabled true
state maintenance
next_state none
state_time Tue Mar 27 02:16:41 2007
logfile /var/svc/log/network-http:apache2.log
restarter svc:/system/svc/restarter:default
contract_id
dependency require_all/error svc:/milestone/network:default (online)
dependency require_all/none svc:/system/filesystem/local:default (online)
dependency optional_all/error svc:/system/filesystem/autofs:default
(online)
# tail /var/svc/log/network-http:apache2.log
[ Mar 27 02:14:11 Leaving maintenance because clear requested. ]
[ Mar 27 02:14:11 Enabled. ]
[ Mar 27 02:14:11 Executing start method ("/lib/svc/method/http-apache2
start") ]
[ Mar 27 02:14:15 Method "start" exited with status 1 ]
[ Mar 27 02:16:06 Executing start method ("/lib/svc/method/http-apache2
start") ]
[ Mar 27 02:16:27 Method "start" exited with status 1 ]
[ Mar 27 02:16:27 Executing start method ("/lib/svc/method/http-apache2
start") ]
[ Mar 27 02:16:37 Method "start" exited with status 1 ]
[ Mar 27 02:16:37 Executing start method ("/lib/svc/method/http-apache2
start") ]
[ Mar 27 02:16:41 Method "start" exited with status 1 ]
Any ideas where to turn. I have been playing with permissions on log files
and directories but am lost at this point...
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://mail.opensolaris.org/pipermail/security-discuss/attachments/20070327/da6f812a/attachment.html>
