Apache as non root with sudo

Jamie Bowden jamiebowden at hotmail.com
Tue Jan 6 11:39:51 EST 2004


Here is what I have:

ldd /opt/ebill/app/bin/httpd
      libsocket.so.1 =>        /usr/lib/libsocket.so.1
      libnsl.so.1 =>   /usr/lib/libnsl.so.1
      libpthread.so.1 =>       /usr/lib/libpthread.so.1
      libmm.so.11 =>   /opt/ebill/app/lib/libmm.so.11
      libdl.so.1 =>    /usr/lib/libdl.so.1
      libc.so.1 =>     /usr/lib/libc.so.1
      libmp.so.2 =>    /usr/lib/libmp.so.2
      libthread.so.1 =>        /usr/lib/libthread.so.1
      /usr/platform/SUNW,UltraAX-i2/lib/libc_psr.so.1

I checked the LD_LIBRARY_PATH for both the user and root - they are 
identical.
root user:
# echo $LD_LIBRARY_PATH
/opt/oracle/release/9.2.1/jdbc/lib:/opt/oracle/release/9.2.1/lib:/usr/local/lib/:/opt/ebill/app/lib:/opt/ebill/app/lib

user
# echo $LD_LIBRARY_PATH
/opt/oracle/release/9.2.1/jdbc/lib:/opt/oracle/release/9.2.1/lib:/usr/local/lib/:/opt/ebill/app/lib:/opt/ebill/app/lib

Any ideas on what/how root is finding this and the user isn't?

Thanks

Jamie



>From: "Ladner, Eric (Eric.Ladner)" <Eric.Ladner at ChevronTexaco.com>
>To: donald.ritchey at exeloncorp.com
>CC: jamiebowden at hotmail.com, sudo-users at sudo.ws
>Subject: RE: Apache as non root with sudo
>Date: Tue, 6 Jan 2004 10:10:14 -0600
>
>
>Also, depending on your operating system, you can do a chatr
>/opt/ebill/app/bin/httpd (as in HP-UX) or ldd /opt/ebill/app/bin/httpd
>(most other Unix's) to see what it's linked aginst.  That'll help, most
>likely.
>
>Eric
>
>-----Original Message-----
>From: sudo-users-bounces at sudo.ws [mailto:sudo-users-bounces at sudo.ws] On
>Behalf Of donald.ritchey at exeloncorp.com
>Sent: Tuesday, January 06, 2004 9:30 AM
>To: jamiebowden at hotmail.com; sudo-users at sudo.ws
>Subject: RE: Apache as non root with sudo
>
>
>Jamie:
>
>This looks like an error in the shared library linkage with apachectl.
>Your apachectl is compiled with linkage to shared libraries that are not
>part of the standard shared library loading environment (probably
>depending on a LD_LIBRARY_PATH variable to find the library in
>question).  As a security measure to prevent spoofing sensitive set-UID
>executables, LD_LIBRARY_PATH is cleared for setUID executables when the
>real user ID is not root.
>
>Responses:
>
>1.  Move the needed library into a library that is in the standard
>library search path (in Tru64 UNIX, the loader(5) man page tells you
>what those directories are, for your OS, you may have to do some
>research to find out where these are) or extend the standard library
>search path to include the needed directory.
>
>2.  You may compile in the location of the directory containing the
>missing shared library into the apachectl executable.  Again, this is
>dependent on the OS and compilers for your environment.  Check your man
>pages for cc(1) and ld(1) for the proper options.
>
>Best wishes,
>
>Donald L. (Don) Ritchey
>E-mail:  Donald.Ritchey at exeloncorp.com
>
>-----Original Message-----
>From: Jamie Bowden [mailto:jamiebowden at hotmail.com]
>Sent: Tuesday, January 06, 2004 9:10 AM
>To: sudo-users at sudo.ws
>Subject: Apache as non root with sudo
>
>
>Hello,
>
>I have installed sudo and am wondering why I cannot get non root users
>to
>start apache when that user issues the command "sudo apachectl start"
>
>This user has been given 100% root access via sudo command.   They can
>run
>any command root can.
>
>The error message I get is:
>ld.so.1: /opt/ebill/app/bin/httpd: fatal: libmm.so.11: open failed: No
>such
>file or directory
>Killed
>/opt/ebill/app/bin/apachectl start: httpd could not be started
>
>Does sudo not give the user the same paths as root?  Root does not get
>this
>message - isn't Sudo supposed to make that user "behave" like root?
>
>Any suggestions on what else I could verify?
>
>Thanks
>
>Jamie Bowden
>www.atl.bluecross.ca
>
>_________________________________________________________________
>Protect your PC - get McAfee.com VirusScan Online
>http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
>
>____________________________________________________________
>sudo-users mailing list <sudo-users at sudo.ws>
>For list information, options, or to unsubscribe, visit:
>http://www.sudo.ws/mailman/listinfo/sudo-users
>
>
>************************************************************************
>This e-mail and any of its attachments may contain Exelon Corporation
>proprietary information, which is privileged, confidential, or subject
>to copyright belonging to the Exelon Corporation family of Companies.
>This e-mail is intended solely for the use of the individual or entity
>to which it is addressed.  If you are not the intended recipient of this
>
>e-mail, you are hereby notified that any dissemination, distribution,
>copying, or action taken in relation to the contents of and attachments
>to this e-mail is strictly prohibited and may be unlawful.  If you have
>received this e-mail in error, please notify the sender immediately and
>permanently delete the original and any copy of this e-mail and any
>printout. Thank You.
>************************************************************************
>
>____________________________________________________________
>sudo-users mailing list <sudo-users at sudo.ws>
>For list information, options, or to unsubscribe, visit:
>http://www.sudo.ws/mailman/listinfo/sudo-users
>
>

_________________________________________________________________
MSN 8 with e-mail virus protection service: 2 months FREE*  
http://join.msn.com/?page=features/virus&pgmarket=en-ca&RU=http%3a%2f%2fjoin.msn.com%2f%3fpage%3dmisc%2fspecialoffers%26pgmarket%3den-ca



More information about the sudo-users mailing list