Christine,

The "ZONE" privilege is shorthand for all zone privileges (which is
a subset of "ALL" privileges found in the global zone).  Are you
talking about Apache or Apache 2?  If Apache 2, check out:

   http://www.sun.com/blueprints/0505/819-2680.pdf

By default, Apache2 wants to create/write files in directories that
are owned by root which would lead to the need for all zone privileges.
The BluePrint mentioned above discusses the 2 (I believe) changes that
are needed to allow you to run Apache 2 as a non-root user in a zone.

g


Christine Tran wrote:
I am attempting to run apache as a  non-root user in a non-global zone.  I'm 
not able to start apache, my error_log says:

Permission denied: mod_rewrite: could not create rewrite_log_lock

Thinking that this may be related to a privilege issue, I ran ppriv -e -D and 
got:

httpsd.worker[14906]: missing privilege "ZONE" (euid = 170, syscall = 5) needed 
at tdirenter+0x300
Server start FAILED

What is "ZONE"?  There is proc_zone but that doesn't sound right, "allow a process 
to send signals to processes in other zones"?  Googling gives me some info on mod_rewrite, 
that I'm hitting some semaphore limits, shm and ipcs.

This works fine when I start apache as a non-root user in the global zone.  I would like 
to make this work in a non-global zone.  What is privilege "ZONE"?  Has anyone 
seen this? What should I do next? (OK, privdebug is a given.)

CT
_______________________________________________
zones-discuss mailing list
zones-discuss@opensolaris.org


--
Glenn Brunette
Distinguished Engineer
Director, GSS Security Office
Sun Microsystems, Inc.
_______________________________________________
zones-discuss mailing list
zones-discuss@opensolaris.org

Reply via email to