On Mon, Mar 12, 2007 at 11:38:56AM +0100, przemolicc at poczta.fm wrote: > On Thu, Mar 08, 2007 at 10:03:45AM -0500, Christine Tran wrote: > > przemolicc at poczta.fm wrote: > > >Hello, > > > > > >I am going to change some properties of one service by: > > >svccfg -s <service> > > >svc ... >setprop ... > > >svc ... >setprop ... > > >... > > >svcadm -v refresh <service> > > > > > >There might be some problems after the change so in order to have > > >possibility to give up I would like to save the last working state of > > >this particular service. In short: > > > > > >[0] <current state> > > >[1] save the current state > > >[2] make changes > > >[3] if there is a problem with the service, change to state [1] > > > > > >What is the proper way (SMF-way) to do that ? > > > > > > > Here ya go: > > > > http://docs.sun.com/app/docs/doc/819-2379/6n4m1vlgm?a=view > > > > Although I'll add that you should see something called "previous" after > > listsnap as well. "previous" is the state immediately before the > > changes you made. I'd revert to that. > > > > There is no current ability to take snapshot at will, although I filed > > an RFE for it. > > Hello Christine, > > I wanted to test the whole procedure (changing service properties and revert) > so I did changes from page > http://www.sun.com/software/solaris/howtoguides/s10securityhowto.jsp#5 > It went ok (the whole apache2 service was running as webservd) but wanted to > revert to previous state. What I did is: > svccfg -s apache2 > ... revert initial > ... quit > svcadm -v refresh apache2 > (also removed the changes from /etc/apache2/http.conf) > > Now I have the following problem: > bash-3.00# tail -f /var/apache2/logs/error_log > [Mon Mar 12 11:30:10 2007] [alert] (22)Invalid argument: setgid: unable to > set group id to Group 4294967295 > [Mon Mar 12 11:30:11 2007] [notice] Digest: generating secret for digest > authentication ... > [Mon Mar 12 11:30:11 2007] [notice] Digest: done > [Mon Mar 12 11:30:12 2007] [alert] (22)Invalid argument: setgid: unable to > set group id to Group 4294967295 > [Mon Mar 12 11:30:12 2007] [alert] (22)Invalid argument: setgid: unable to > set group id to Group 4294967295 > [Mon Mar 12 11:30:12 2007] [alert] (22)Invalid argument: setgid: unable to > set group id to Group 4294967295 > [Mon Mar 12 11:30:12 2007] [notice] Apache/2.0.58 (Unix) DAV/2 configured -- > resuming normal operations > [Mon Mar 12 11:30:12 2007] [alert] Child 1878 returned a Fatal error... > Apache is exiting! > [Mon Mar 12 11:30:12 2007] [alert] (22)Invalid argument: setgid: unable to > set group id to Group 4294967295 > [Mon Mar 12 11:30:12 2007] [alert] (22)Invalid argument: setgid: unable to > set group id to Group 4294967295 > > ... > > Indeed: > bash-3.00# dtrace -n 'syscall::setgid:entry /execname == "httpd"/ {trace > (arg0);}' > dtrace: description 'syscall::setgid:entry ' matched 1 probe > CPU ID FUNCTION:NAME > 0 92 setgid:entry 4294967295 > 1 92 setgid:entry 4294967295 > 1 92 setgid:entry 4294967295 > 2 92 setgid:entry 4294967295 > 2 92 setgid:entry 4294967295 > 0 92 setgid:entry 4294967295 > 0 92 setgid:entry 4294967295 > 1 92 setgid:entry 4294967295 > 1 92 setgid:entry 4294967295 > 2 92 setgid:entry 4294967295 > 0 92 setgid:entry 4294967295 > 0 92 setgid:entry 4294967295 > 1 92 setgid:entry 4294967295 > 1 92 setgid:entry 4294967295 > 2 92 setgid:entry 4294967295 > > And: > bash-3.00# svcprop -v -p start apache2 > start/exec astring /lib/svc/method/http-apache2\ start > start/timeout_seconds count 60 > start/type astring method > > > Where is the problem ?
(answering my own e-mail ...) It turned out that, while playing with 'http.conf' file, I accidentally set 'Group #-1' in it. I would swear that I hadn't touched that line but ... Sorry. Regards przemol ---------------------------------------------------------------------- Jestes kierowca? To poczytaj! >>> http://link.interia.pl/f199e
