Apache as non root with sudo

Ladner, Eric (Eric.Ladner) Eric.Ladner at ChevronTexaco.com
Tue Jan 6 11:53:10 EST 2004

What operating system is this?

As root:

  env | grep LIBRARY
  env | grep SHLIB

If something shows up (LD_LIBRARY_PATH in my example) try this:

sudo /bin/sh -c "LD_LIBRARY_PATH=/whatever:/shows:/up httpd"


-----Original Message-----
From: Jamie Bowden [mailto:jamiebowden at hotmail.com]
Sent: Tuesday, January 06, 2004 10:47
To: Ladner, Eric (Eric.Ladner); donald.ritchey at exeloncorp.com
Cc: sudo-users at sudo.ws
Subject: RE: Apache as non root with sudo

Here is something that may be interesting:

As the user I run:
# httpd
Ouch! ap_mm_create(1048576, "/opt/ebill/app/logs/httpd.mm.11004") failed
Error: MM: mm:core: failed to open semaphore file (Permission denied):
No such file or directory

When I run httpd with sudo - I get my error:
# sudo httpd
ld.so.1: httpd: fatal: libmm.so.11: open failed: No such file or

And if I run httpd as root:
# httpd
(bcsun26:  root) /

Is there something in the linking that root would have that the user


>From: "Ladner, Eric (Eric.Ladner)" <Eric.Ladner at ChevronTexaco.com>
>To: donald.ritchey at exeloncorp.com
>CC: jamiebowden at hotmail.com, sudo-users at sudo.ws
>Subject: RE: Apache as non root with sudo
>Date: Tue, 6 Jan 2004 10:10:14 -0600
>Also, depending on your operating system, you can do a chatr
>/opt/ebill/app/bin/httpd (as in HP-UX) or ldd /opt/ebill/app/bin/httpd
>(most other Unix's) to see what it's linked aginst.  That'll help, most
>-----Original Message-----
>From: sudo-users-bounces at sudo.ws [mailto:sudo-users-bounces at sudo.ws] On
>Behalf Of donald.ritchey at exeloncorp.com
>Sent: Tuesday, January 06, 2004 9:30 AM
>To: jamiebowden at hotmail.com; sudo-users at sudo.ws
>Subject: RE: Apache as non root with sudo
>This looks like an error in the shared library linkage with apachectl.
>Your apachectl is compiled with linkage to shared libraries that are
>part of the standard shared library loading environment (probably
>depending on a LD_LIBRARY_PATH variable to find the library in
>question).  As a security measure to prevent spoofing sensitive set-UID
>executables, LD_LIBRARY_PATH is cleared for setUID executables when the
>real user ID is not root.
>1.  Move the needed library into a library that is in the standard
>library search path (in Tru64 UNIX, the loader(5) man page tells you
>what those directories are, for your OS, you may have to do some
>research to find out where these are) or extend the standard library
>search path to include the needed directory.
>2.  You may compile in the location of the directory containing the
>missing shared library into the apachectl executable.  Again, this is
>dependent on the OS and compilers for your environment.  Check your man
>pages for cc(1) and ld(1) for the proper options.
>Best wishes,
>Donald L. (Don) Ritchey
>E-mail:  Donald.Ritchey at exeloncorp.com
>-----Original Message-----
>From: Jamie Bowden [mailto:jamiebowden at hotmail.com]
>Sent: Tuesday, January 06, 2004 9:10 AM
>To: sudo-users at sudo.ws
>Subject: Apache as non root with sudo
>I have installed sudo and am wondering why I cannot get non root users
>start apache when that user issues the command "sudo apachectl start"
>This user has been given 100% root access via sudo command.   They can
>any command root can.
>The error message I get is:
>ld.so.1: /opt/ebill/app/bin/httpd: fatal: libmm.so.11: open failed: No
>file or directory
>/opt/ebill/app/bin/apachectl start: httpd could not be started
>Does sudo not give the user the same paths as root?  Root does not get
>message - isn't Sudo supposed to make that user "behave" like root?
>Any suggestions on what else I could verify?
>Jamie Bowden
>Protect your PC - get McAfee.com VirusScan Online
>sudo-users mailing list <sudo-users at sudo.ws>
>For list information, options, or to unsubscribe, visit:
>This e-mail and any of its attachments may contain Exelon Corporation
>proprietary information, which is privileged, confidential, or subject
>to copyright belonging to the Exelon Corporation family of Companies.
>This e-mail is intended solely for the use of the individual or entity
>to which it is addressed.  If you are not the intended recipient of
>e-mail, you are hereby notified that any dissemination, distribution,
>copying, or action taken in relation to the contents of and attachments
>to this e-mail is strictly prohibited and may be unlawful.  If you have
>received this e-mail in error, please notify the sender immediately and
>permanently delete the original and any copy of this e-mail and any
>printout. Thank You.
>sudo-users mailing list <sudo-users at sudo.ws>
>For list information, options, or to unsubscribe, visit:

MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.  

More information about the sudo-users mailing list