Apache as non root with sudo

Jamie Bowden jamiebowden at hotmail.com
Tue Jan 6 12:40:34 EST 2004 

That worked! - my first attempt i added the missing lib directory to the 
LD_LIBRARY_PATH variable - thinking it would carry through (i guess I didn't 
read your reply deep enough).

So for the solution -  I modified the apachectl script and added the 
following:

LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/path/to/missing library
export LD_LIBRARY_PATH



The thing to remember: sudo  erases or clear variables

Thanks for all your help guys.

Jamie




>From: donald.ritchey at exeloncorp.com
>To: jamiebowden at hotmail.com
>CC: sudo-users at sudo.ws, Eric.Ladner at ChevronTexaco.com,        
>donald.ritchey at exeloncorp.com
>Subject: RE: Apache as non root with sudo
>Date: Tue, 6 Jan 2004 10:56:25 -0600
>
>Jamie:
>
>As stated earlier, when you run apachectl as 'user' through sudo, the
>LD_LIBRARY_PATH variable is cleared, so apachectl has no way to find the
>libmm.so.11 shared library.
>
>1.  You can create a symbolic link from /opt/ebill/app/lib/libmm.so.11 to
>/usr/lib, so that normal shared library linkage will find it
>
>or
>
>2.  You can compile apachectl so that the path to libmm.so.11 is included 
>in
>the linkage information.  The steps for that depend on your OS and your
>compiler.
>
>Don
>
>-----Original Message-----
>From: Jamie Bowden [mailto:jamiebowden at hotmail.com]
>Sent: Tuesday, January 06, 2004 10:40 AM
>To: Eric.Ladner at ChevronTexaco.com; donald.ritchey at exeloncorp.com
>Cc: sudo-users at sudo.ws
>Subject: RE: Apache as non root with sudo
>
>
>Here is what I have:
>
>ldd /opt/ebill/app/bin/httpd
>       libsocket.so.1 =>        /usr/lib/libsocket.so.1
>       libnsl.so.1 =>   /usr/lib/libnsl.so.1
>       libpthread.so.1 =>       /usr/lib/libpthread.so.1
>       libmm.so.11 =>   /opt/ebill/app/lib/libmm.so.11
>       libdl.so.1 =>    /usr/lib/libdl.so.1
>       libc.so.1 =>     /usr/lib/libc.so.1
>       libmp.so.2 =>    /usr/lib/libmp.so.2
>       libthread.so.1 =>        /usr/lib/libthread.so.1
>       /usr/platform/SUNW,UltraAX-i2/lib/libc_psr.so.1
>
>I checked the LD_LIBRARY_PATH for both the user and root - they are
>identical.
>root user:
># echo $LD_LIBRARY_PATH
>/opt/oracle/release/9.2.1/jdbc/lib:/opt/oracle/release/9.2.1/lib:/usr/local/
>lib/:/opt/ebill/app/lib:/opt/ebill/app/lib
>
>user
># echo $LD_LIBRARY_PATH
>/opt/oracle/release/9.2.1/jdbc/lib:/opt/oracle/release/9.2.1/lib:/usr/local/
>lib/:/opt/ebill/app/lib:/opt/ebill/app/lib
>
>Any ideas on what/how root is finding this and the user isn't?
>
>Thanks
>
>Jamie
>
>
>
> >From: "Ladner, Eric (Eric.Ladner)" <Eric.Ladner at ChevronTexaco.com>
> >To: donald.ritchey at exeloncorp.com
> >CC: jamiebowden at hotmail.com, sudo-users at sudo.ws
> >Subject: RE: Apache as non root with sudo
> >Date: Tue, 6 Jan 2004 10:10:14 -0600
> >
> >
> >Also, depending on your operating system, you can do a chatr
> >/opt/ebill/app/bin/httpd (as in HP-UX) or ldd /opt/ebill/app/bin/httpd
> >(most other Unix's) to see what it's linked aginst.  That'll help, most
> >likely.
> >
> >Eric
> >
> >-----Original Message-----
> >From: sudo-users-bounces at sudo.ws [mailto:sudo-users-bounces at sudo.ws] On
> >Behalf Of donald.ritchey at exeloncorp.com
> >Sent: Tuesday, January 06, 2004 9:30 AM
> >To: jamiebowden at hotmail.com; sudo-users at sudo.ws
> >Subject: RE: Apache as non root with sudo
> >
> >
> >Jamie:
> >
> >This looks like an error in the shared library linkage with apachectl.
> >Your apachectl is compiled with linkage to shared libraries that are not
> >part of the standard shared library loading environment (probably
> >depending on a LD_LIBRARY_PATH variable to find the library in
> >question).  As a security measure to prevent spoofing sensitive set-UID
> >executables, LD_LIBRARY_PATH is cleared for setUID executables when the
> >real user ID is not root.
> >
> >Responses:
> >
> >1.  Move the needed library into a library that is in the standard
> >library search path (in Tru64 UNIX, the loader(5) man page tells you
> >what those directories are, for your OS, you may have to do some
> >research to find out where these are) or extend the standard library
> >search path to include the needed directory.
> >
> >2.  You may compile in the location of the directory containing the
> >missing shared library into the apachectl executable.  Again, this is
> >dependent on the OS and compilers for your environment.  Check your man
> >pages for cc(1) and ld(1) for the proper options.
> >
> >Best wishes,
> >
> >Donald L. (Don) Ritchey
> >E-mail:  Donald.Ritchey at exeloncorp.com
> >
> >-----Original Message-----
> >From: Jamie Bowden [mailto:jamiebowden at hotmail.com]
> >Sent: Tuesday, January 06, 2004 9:10 AM
> >To: sudo-users at sudo.ws
> >Subject: Apache as non root with sudo
> >
> >
> >Hello,
> >
> >I have installed sudo and am wondering why I cannot get non root users
> >to
> >start apache when that user issues the command "sudo apachectl start"
> >
> >This user has been given 100% root access via sudo command.   They can
> >run
> >any command root can.
> >
> >The error message I get is:
> >ld.so.1: /opt/ebill/app/bin/httpd: fatal: libmm.so.11: open failed: No
> >such
> >file or directory
> >Killed
> >/opt/ebill/app/bin/apachectl start: httpd could not be started
> >
> >Does sudo not give the user the same paths as root?  Root does not get
> >this
> >message - isn't Sudo supposed to make that user "behave" like root?
> >
> >Any suggestions on what else I could verify?
> >
> >Thanks
> >
> >Jamie Bowden
> >www.atl.bluecross.ca
> >
> >_________________________________________________________________
> >Protect your PC - get McAfee.com VirusScan Online
> >http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
> >
> >____________________________________________________________
> >sudo-users mailing list <sudo-users at sudo.ws>
> >For list information, options, or to unsubscribe, visit:
> >http://www.sudo.ws/mailman/listinfo/sudo-users
> >
> >
> >************************************************************************
> >This e-mail and any of its attachments may contain Exelon Corporation
> >proprietary information, which is privileged, confidential, or subject
> >to copyright belonging to the Exelon Corporation family of Companies.
> >This e-mail is intended solely for the use of the individual or entity
> >to which it is addressed.  If you are not the intended recipient of this
> >
> >e-mail, you are hereby notified that any dissemination, distribution,
> >copying, or action taken in relation to the contents of and attachments
> >to this e-mail is strictly prohibited and may be unlawful.  If you have
> >received this e-mail in error, please notify the sender immediately and
> >permanently delete the original and any copy of this e-mail and any
> >printout. Thank You.
> >************************************************************************
> >
> >____________________________________________________________
> >sudo-users mailing list <sudo-users at sudo.ws>
> >For list information, options, or to unsubscribe, visit:
> >http://www.sudo.ws/mailman/listinfo/sudo-users
> >
> >
>
>_________________________________________________________________
>MSN 8 with e-mail virus protection service: 2 months FREE*
>http://join.msn.com/?page=features/virus&pgmarket=en-ca&RU=http%3a%2f%2fjoin
>.msn.com%2f%3fpage%3dmisc%2fspecialoffers%26pgmarket%3den-ca
>
>
>************************************************************************
>This e-mail and any of its attachments may contain Exelon Corporation
>proprietary information, which is privileged, confidential, or subject
>to copyright belonging to the Exelon Corporation family of Companies.
>This e-mail is intended solely for the use of the individual or entity
>to which it is addressed.  If you are not the intended recipient of this
>e-mail, you are hereby notified that any dissemination, distribution,
>copying, or action taken in relation to the contents of and attachments
>to this e-mail is strictly prohibited and may be unlawful.  If you have
>received this e-mail in error, please notify the sender immediately and
>permanently delete the original and any copy of this e-mail and any
>printout. Thank You.
>************************************************************************
>

_________________________________________________________________
Tired of spam? Get advanced junk mail protection with MSN 8.  
http://join.msn.com/?page=dept/bcomm&pgmarket=en-ca&RU=http%3a%2f%2fjoin.msn.com%2f%3fpage%3dmisc%2fspecialoffers%26pgmarket%3den-ca

More information about the sudo-users mailing list