I want to restart linux services such as apache, bind, proftpd and other in c and cgi code.
i use system() to do this, for example :
system ("service httpd reload");
also i set suid on compiled program and run it. but don't work and return error on permissions.
what should i do ?
edit:
my apache logs error :
[Wed Dec 21 21:07:13 2011] [error] [client *] cannot remove `/var/run/httpd.pid'
[Wed Dec 21 21:07:13 2011] [error] [client *] : Permission denied
[Wed Dec 21 21:07:13 2011] [error] [client *]
[Wed Dec 21 21:07:13 2011] [error] [client *] touch:
[Wed Dec 21 21:07:13 2011] [error] [client *] cannot touch `/var/lock/subsys/httpd'
[Wed Dec 21 21:07:13 2011] [error] [client *] : Permission denied
and same logs for named, proftpd, etc.
Here is a couple of things to check:
Make sure the compiled program has suid root (that is, the owner of the program is root).
Make sure the partition you are executing the program from is mounted without "noexec" option.
You need to be root to run successfully the /usr/sbin/service command.
So your question is how can your application gain root privileges.
If your application is a CGI to which you (legitimately) don't want to give root access, you could code a wrapper program which is setuid root and which can only be run from you CGI (or at least, from the uid under which it is running).
But are you sure that you really want to run such things from CGI? (You could study how webmin works).
Related
I upgraded from ubuntu 21.04 to 21.10.
apache2 does not change to php8 even after a2dismod php7.4 (...).
I get the following error.
I checked the config files in apache/ but could not find a line for it.
[Fri Jan 07 13:04:04.231832 2022] [proxy:error] [pid 1320] (2)No such file or directory: AH02454: FCGI: attempt to connect to Unix domain socket /run/php/php7.4-fpm.sock (*) failed
[Fri Jan 07 13:04:04.231889 2022] [proxy_fcgi:error] [pid 1320] [client 127.0.0.1:50726] AH01079: failed to make connection to backend: httpd-UDS, referer: http://localhost/oodb...
[Fri Jan 07 13:04:04.780393 2022] [proxy:error] [pid 1319] (2)No such file or directory: AH02454: FCGI: attempt to connect to Unix domain socket /run/php/php7.4-fpm.sock (*) failed
[Fri Jan 07 13:04:04.780431 2022] [proxy_fcgi:error] [pid 1319] [client 127.0.0.1:50728] AH01079: failed to make connection to backend: httpd-UDS, referer: http://localhost/...
[Fri Jan 07 13:04:06.829607 2022] [proxy:error] [pid 1318] (2)No such file or directory: AH02454: FCGI: attempt to connect to Unix domain socket /run/php/php7.4-fpm.sock (*) failed
Even after using commands like below the problem remained.
sudo systemctl enable php8-fpm
sudo systemctl disable php7.4-fpm
Only after manually deleting the link conf-enabled/php7.4-fpm.conf (/etc/apache2) and setting symoblic link (sudo ln -s ../conf-available/php8.0-fpm.conf) apache worked (after restart).
The webapp is deployed on EC2 and following error is faced randomly once or twice a day making the webapp inaccessible for some period of time. It is automatically corrected after some time.
(2)No such file or directory: [client xxx.xx.xx.xxx:xxxxx] mod_wsgi (pid=xxxxx): Unable to connect to WSGI daemon process 'web2py' on '/var/run/apache2/wsgi.30303.0.1.sock'.
Application Stack
web2py
mod_wsgi
Apache2
The logs are different every time before the error:
[Thu Sep 28 06:25:01.528334 2017] [mpm_event:notice] [pid 30303:tid 140438078609280] AH00493: SIGUSR1 received. Doing graceful restart
[Thu Sep 28 06:25:02.318551 2017] [ssl:warn] [pid 30303:tid 140438078609280] AH01906: ip-172-31-0-91.eu-west-1.compute.internal:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Sep 28 06:25:02.318574 2017] [ssl:warn] [pid 30303:tid 140438078609280] AH01909: ip-172-31-0-91.eu-west-1.compute.internal:443:0 server certificate does NOT include an ID which matches the server name
[Thu Sep 28 06:25:02.318664 2017] [wsgi:warn] [pid 30303:tid 140438078609280] mod_wsgi: Compiled for Python/2.7.11.
[Thu Sep 28 06:25:02.318669 2017] [wsgi:warn] [pid 30303:tid 140438078609280] mod_wsgi: Runtime using Python/2.7.12.
[Thu Sep 28 06:25:02.319205 2017] [mpm_event:notice] [pid 30303:tid 140438078609280] AH00489: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g mod_wsgi/4.3.0 Python/2.7.12 configured -- resuming normal operations
[Thu Sep 28 06:25:02.319225 2017] [core:notice] [pid 30303:tid 140438078609280] AH00094: Command line: '/usr/sbin/apache2'
[Thu Sep 28 06:25:09.327495 2017] [mpm_event:error] [pid 30303:tid 140438078609280] AH00485: scoreboard is full, not at MaxRequestWorkers
[Thu Sep 28 06:28:39.560285 2017] [mpm_event:error] [pid 30303:tid 140438078609280] AH00485: scoreboard is full, not at MaxRequestWorkers
[Thu Sep 28 06:45:27.583870 2017] [wsgi:error] [pid 30307:tid 140437629064960] (2)No such file or directory: [client 172.31.32.163:24210] mod_wsgi (pid=30307): Unable to connect to WSGI daemon process 'web2py' on '/var/run/apache2/wsgi.30303.0.1.sock'.
[Thu Sep 28 06:49:14.503732 2017] [wsgi:error] [pid 30307:tid 140437603886848] (2)No such file or directory: [client 172.31.14.173:37726] mod_wsgi (pid=30307): Unable to connect to WSGI daemon process 'web2py' on '/var/run/apache2/wsgi.30303.0.1.sock'.
Let me know if more information is required.
This is caused by doing a graceful restart of Apache when HTTP clients are using keep alive connections and issuing multiple requests over the same connection.
The problem is that the way Apache manages the mod_wsgi daemon process means they are shutdown straight away still even if is a graceful restart. In the meantime, the Apache child worker processes which accept the requests initially and proxy to the mod_wsgi daemon processes will keep running until all client connections drop. This means that when have keep alive connections and subsequent request over same client connection needs to go to the WSGI application, that it will fail as the prior incarnation of the mod_wsgi daemon processes are now gone.
In this situation one can't allow the old Apache child worker process to connect to new mod_wsgi daemon processes as the reason for a restart may have been a configuration change and allowing old child worker process to connect to new instances of daemon processes, could introduce a security problem if under the new configuration the request being handled in that way was not allowed.
Do accept this is a rare scenario, and likelihood of a security issue arising is slim. It is probably reasonable to consider a new option to mod_wsgi to say that connecting to newer daemon process in this case is okay, and not rotate the listener socket for the daemon processes on any restart.
That this can occur has been known all along (10 years), but an issue for it has been created on GitHub against mod_wsgi to consider such an option.
https://github.com/GrahamDumpleton/mod_wsgi/issues/229
I have configured tomcat to run on port 80 with apache2 and mod_jk and this work well. If i reboot the system then the site will be the standart site from apache2. If i restart apache2 (/etc/init.d/apache2 restart) the site will come from tomcat. But why first after restart of apache2?
Anyone an idea?
Log after reboot the system (in /var/log/apache2/):
> mod_jk.log <
[Mon Sep 22 16:24:40.296 2014] [2256:3075069696] [info] init_jk::mod_jk.c (3365): mod_jk/1.2.37 initialized
[Mon Sep 22 16:24:40.296 2014] [2256:3075069696] [error] extension_fix::jk_uri_worker_map.c (564): Could not find worker with name 'jk-manager' in uri map post processing.
[Mon Sep 22 16:24:40.296 2014] [2256:3075069696] [error] extension_fix::jk_uri_worker_map.c (564): Could not find worker with name 'jk-status' in uri map post processing.
[Mon Sep 22 16:24:40.298 2014] [2257:3075069696] [info] init_jk::mod_jk.c (3365): mod_jk/1.2.37 initialized
[Mon Sep 22 16:24:40.298 2014] [2257:3075069696] [error] extension_fix::jk_uri_worker_map.c (564): Could not find worker with name 'jk-manager' in uri map post processing.
[Mon Sep 22 16:24:40.298 2014] [2257:3075069696] [error] extension_fix::jk_uri_worker_map.c (564): Could not find worker with name 'jk-status' in uri map post processing.
> error.log <
[Mon Sep 22 16:24:40 2014] [notice] Apache/2.2.22 (Debian) mod_jk/1.2.37 configured -- resuming normal operations
[Mon Sep 22 16:26:50 2014] [notice] caught SIGTERM, shutting down
Log after restart apache (in /var/log/apache2/):
> mod_jk.log <
[Mon Sep 22 16:29:10.042 2014] [3599:3074443008] [info] init_jk::mod_jk.c (3365): mod_jk/1.2.37 initialized
[Mon Sep 22 16:29:10.042 2014] [3599:3074443008] [error] extension_fix::jk_uri_worker_map.c (564): Could not find worker with name 'jk-manager' in uri map post processing.
[Mon Sep 22 16:29:10.042 2014] [3599:3074443008] [error] extension_fix::jk_uri_worker_map.c (564): Could not find worker with name 'jk-status' in uri map post processing.
[Mon Sep 22 16:29:10.052 2014] [3600:3074443008] [info] init_jk::mod_jk.c (3365): mod_jk/1.2.37 initialized
[Mon Sep 22 16:29:10.052 2014] [3600:3074443008] [error] extension_fix::jk_uri_worker_map.c (564): Could not find worker with name 'jk-manager' in uri map post processing.
[Mon Sep 22 16:29:10.052 2014] [3600:3074443008] [error] extension_fix::jk_uri_worker_map.c (564): Could not find worker with name 'jk-status' in uri map post processing.
> error.log <
[Mon Sep 22 16:29:10 2014] [notice] Apache/2.2.22 (Debian) mod_jk/1.2.37 configured -- resuming normal operations
EDIT 1:
Ok, i have tested this several times and find out that the apache2 / tomcat7 / mod_jk behavior is more crazy xD
I will show you my configurations:
> local: hosts <
192.168.84.129 migor
192.168.84.129 test.migor
> in tomcat server.xml <
<Host name="test.migor" appBase="myapps/test" unpackWARs="true" autoDeploy="true" />
> worker.properties <
workers.tomcat_home=/var/lib/tomcat7
workers.java_home=/usr/lib/jvm/java-7
ps=/
worker.list=ajp13_worker
worker.ajp13_worker.port=8009
worker.ajp13_worker.host=localhost
worker.ajp13_worker.type=ajp13
worker.ajp13_worker.lbfactor=1
> sitea-available/test.migor <
<Virtualhost test.migor>
JkMount /* ajp13_worker
ServerName test.migor
DocumentRoot /var/lib/tomcat7/myapps/test
ErrorLog /var/lib/tomcat7/logs/error.log
CustomLog /var/lib/tomcat7/logs/access.log common
<Directory /var/lib/tomcat7/myapps/test>
Options -Indexes
</Directory>
</Virtualhost>
Now the behavior:
After reboot under url: "test.migor/", "migor/" and my server ip 192.168.84.129 i will get the site from apache2
After restarting apache2 i will get on migor/ and 192.168.84.129 the tomcat page from webapps and on test.migor/ the page from myapps/test. Here the problem, i expected on 192.168.84.129 the page from apache2.
Any an idea?
EDIT 2:
Ok, i have forget to add "NameVirtualHost test.migor" to "sitea-available/test.migor" and my config have completly overwrite default settiong of apache. Now is the behavior ok for me. With url "migor/" i can call default apache site and with url "test.migor/" i can call the tomcat homepage which is in tomcat7/myapps/test.
But this behavior will be activated only after restart of apache2 (if i have rebooted my system before). I will show for the solution and post it here. Maybe in "EDIT 3" xD
The error clearly says that jk-manager and jk-status is not accurately defined in workers.property file.
Please check your workers.properties file and make following changes:
worker.list=jk-manager
worker.jk-manager.type=status
worker.list=jk-status
worker.jk-status.type=status
worker.jk-status.read_only=true
Cheers!!
I am trying to configure php 5.4.9 with apache 2.4 but when i include the lines below apache won't start.
LoadModule php5_module "c:/php/php5apache2_4.dll"
AddHandler application/x-httpd-php .php
PHPIniDir "C:/php"
I've checked all my file paths and they are all ok. I have the path set in environment to C:\php;c:\Apache24;c:\Apache24\bin;.
The error I'm actually getting is
Windows could not start the Apache2.4 on local computer. For more information, review the system eventlog. If this is a non-microsoft service, contact the service vendor, and refer to service-specific error code 1
Anybody else ever have this issue?
UPDATE
I do have php5apache2_4.dll in the php folder and my error logs in apache
[Sun Dec 09 11:19:16.502272 2012] [mpm_winnt:notice] [pid 5552:tid 316] AH00418: Parent: Created child process 5052
[Sun Dec 09 11:19:18.315156 2012] [mpm_winnt:notice] [pid 5052:tid 208] AH00354: Child: Starting 64 worker threads.
[Sun Dec 09 11:29:53.861913 2012] [mpm_winnt:notice] [pid 5552:tid 316] AH00422: Parent: Received shutdown signal -- Shutting down the server.
[Sun Dec 09 11:29:55.889916 2012] [mpm_winnt:notice] [pid 5052:tid 208] AH00364: Child: All worker threads have exited.
[Sun Dec 09 11:29:55.905516 2012] [mpm_winnt:notice] [pid 5552:tid 316] AH00430: Parent: Child process exited successfully.
I am having troubles with the current apache httpd (2.2.21) and mod_fcgid (2.3.6) versions. In my project, it is possible that the ScriptAlias directive in the httpd.conf can contain spaces because operating system paths can contain them. This use to work with older httpd and fcgid versions. But since we switched to the current versions, it doesn't work anymore. If the path of the ScriptAlias contain a space and mod_fcgid wants to start my fcgi process, I get the following error log:
326 [Fri Jan 06 11:30:01 2012] [notice] Apache/2.2.21 (Unix) mod_fcgid/2.3.6 configured -- resuming normal operations
327 [Fri Jan 06 11:30:03 2012] [warn] [client 77.58.246.206] (104)Connection reset by peer: mod_fcgid: error reading data from FastCGI server
328 [Fri Jan 06 11:30:03 2012] [error] [client 77.58.246.206] Premature end of script headers: somename.fcgi
Is this a known problem? I couldn't find anything on Google.
Best
David
Yes, unfortunately the copy of mod_fcgid for Apache 2.2.21 does not work with paths that have spaces. The bug has been committed and should be resolved in newer versions, so you can update, or you can use the 8.3 short-name of the path.