Apache as non root with sudo

Jamie Bowden jamiebowden at hotmail.com
Tue Jan 6 11:46:57 EST 2004 


Here is something that may be interesting:

As the user I run:
# httpd
Ouch! ap_mm_create(1048576, "/opt/ebill/app/logs/httpd.mm.11004") failed
Error: MM: mm:core: failed to open semaphore file (Permission denied): OS: 
No such file or directory

When I run httpd with sudo - I get my error:
# sudo httpd
ld.so.1: httpd: fatal: libmm.so.11: open failed: No such file or directory
Killed


And if I run httpd as root:
# httpd
(bcsun26:  root) /

Is there something in the linking that root would have that the user would 
not?

Jamie

>From: "Ladner, Eric (Eric.Ladner)" <Eric.Ladner at ChevronTexaco.com>
>To: donald.ritchey at exeloncorp.com
>CC: jamiebowden at hotmail.com, sudo-users at sudo.ws
>Subject: RE: Apache as non root with sudo
>Date: Tue, 6 Jan 2004 10:10:14 -0600
>
>
>Also, depending on your operating system, you can do a chatr
>/opt/ebill/app/bin/httpd (as in HP-UX) or ldd /opt/ebill/app/bin/httpd
>(most other Unix's) to see what it's linked aginst.  That'll help, most
>likely.
>
>Eric
>
>-----Original Message-----
>From: sudo-users-bounces at sudo.ws [mailto:sudo-users-bounces at sudo.ws] On
>Behalf Of donald.ritchey at exeloncorp.com
>Sent: Tuesday, January 06, 2004 9:30 AM
>To: jamiebowden at hotmail.com; sudo-users at sudo.ws
>Subject: RE: Apache as non root with sudo
>
>
>Jamie:
>
>This looks like an error in the shared library linkage with apachectl.
>Your apachectl is compiled with linkage to shared libraries that are not
>part of the standard shared library loading environment (probably
>depending on a LD_LIBRARY_PATH variable to find the library in
>question).  As a security measure to prevent spoofing sensitive set-UID
>executables, LD_LIBRARY_PATH is cleared for setUID executables when the
>real user ID is not root.
>
>Responses:
>
>1.  Move the needed library into a library that is in the standard
>library search path (in Tru64 UNIX, the loader(5) man page tells you
>what those directories are, for your OS, you may have to do some
>research to find out where these are) or extend the standard library
>search path to include the needed directory.
>
>2.  You may compile in the location of the directory containing the
>missing shared library into the apachectl executable.  Again, this is
>dependent on the OS and compilers for your environment.  Check your man
>pages for cc(1) and ld(1) for the proper options.
>
>Best wishes,
>
>Donald L. (Don) Ritchey
>E-mail:  Donald.Ritchey at exeloncorp.com
>
>-----Original Message-----
>From: Jamie Bowden [mailto:jamiebowden at hotmail.com]
>Sent: Tuesday, January 06, 2004 9:10 AM
>To: sudo-users at sudo.ws
>Subject: Apache as non root with sudo
>
>
>Hello,
>
>I have installed sudo and am wondering why I cannot get non root users
>to
>start apache when that user issues the command "sudo apachectl start"
>
>This user has been given 100% root access via sudo command.   They can
>run
>any command root can.
>
>The error message I get is:
>ld.so.1: /opt/ebill/app/bin/httpd: fatal: libmm.so.11: open failed: No
>such
>file or directory
>Killed
>/opt/ebill/app/bin/apachectl start: httpd could not be started
>
>Does sudo not give the user the same paths as root?  Root does not get
>this
>message - isn't Sudo supposed to make that user "behave" like root?
>
>Any suggestions on what else I could verify?
>
>Thanks
>
>Jamie Bowden
>www.atl.bluecross.ca
>
>_________________________________________________________________
>Protect your PC - get McAfee.com VirusScan Online
>http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
>
>____________________________________________________________
>sudo-users mailing list <sudo-users at sudo.ws>
>For list information, options, or to unsubscribe, visit:
>http://www.sudo.ws/mailman/listinfo/sudo-users
>
>
>************************************************************************
>This e-mail and any of its attachments may contain Exelon Corporation
>proprietary information, which is privileged, confidential, or subject
>to copyright belonging to the Exelon Corporation family of Companies.
>This e-mail is intended solely for the use of the individual or entity
>to which it is addressed.  If you are not the intended recipient of this
>
>e-mail, you are hereby notified that any dissemination, distribution,
>copying, or action taken in relation to the contents of and attachments
>to this e-mail is strictly prohibited and may be unlawful.  If you have
>received this e-mail in error, please notify the sender immediately and
>permanently delete the original and any copy of this e-mail and any
>printout. Thank You.
>************************************************************************
>
>____________________________________________________________
>sudo-users mailing list <sudo-users at sudo.ws>
>For list information, options, or to unsubscribe, visit:
>http://www.sudo.ws/mailman/listinfo/sudo-users
>
>

_________________________________________________________________
MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.  
http://join.msn.com/?page=features/virus&pgmarket=en-ca&RU=http%3a%2f%2fjoin.msn.com%2f%3fpage%3dmisc%2fspecialoffers%26pgmarket%3den-ca

More information about the sudo-users mailing list