Apache as non root with sudo

Jamie Bowden jamiebowden at hotmail.com
Tue Jan 6 11:58:28 EST 2004 

# cat /etc/release
                       Solaris 8 2/02 s28s_u7wos_08a SPARC
           Copyright 2002 Sun Microsystems, Inc.  All Rights Reserved.
                           Assembled 18 December 2001


Here is the output of the command you had mentioned:

# env |grep LIBRARY
LD_LIBRARY=/opt/oracle/release/9.2.1/lib:/lib:/usr/openwin/lib:/usr/dt/lib:/usr/lib
LD_LIBRARY_PATH=/opt/oracle/release/9.2.1/jdbc/lib:/opt/oracle/release/9.2.1/lib:/usr/local/lib/:/opt/ebill/app/lib:/opt/ebill/app/lib
(bcsun26: root )/

# env |grep SHLIB
(bcsun26: root )/

So what you are saying is I should make the users LD_LIBRARY_PATH = to roots 
LD_LIBRARY_PATH & LD_LIBRARY?

Thanks for your help

Jamie

>From: "Ladner, Eric (Eric.Ladner)" <Eric.Ladner at ChevronTexaco.com>
>To: "Jamie Bowden" <jamiebowden at hotmail.com>, donald.ritchey at exeloncorp.com
>CC: sudo-users at sudo.ws
>Subject: RE: Apache as non root with sudo
>Date: Tue, 6 Jan 2004 10:53:10 -0600
>
>What operating system is this?
>
>As root:
>
>   env | grep LIBRARY
>   env | grep SHLIB
>
>If something shows up (LD_LIBRARY_PATH in my example) try this:
>
>sudo /bin/sh -c "LD_LIBRARY_PATH=/whatever:/shows:/up httpd"
>
>Eric
>
>-----Original Message-----
>From: Jamie Bowden [mailto:jamiebowden at hotmail.com]
>Sent: Tuesday, January 06, 2004 10:47
>To: Ladner, Eric (Eric.Ladner); donald.ritchey at exeloncorp.com
>Cc: sudo-users at sudo.ws
>Subject: RE: Apache as non root with sudo
>
>
>
>
>Here is something that may be interesting:
>
>As the user I run:
># httpd
>Ouch! ap_mm_create(1048576, "/opt/ebill/app/logs/httpd.mm.11004") failed
>Error: MM: mm:core: failed to open semaphore file (Permission denied):
>OS:
>No such file or directory
>
>When I run httpd with sudo - I get my error:
># sudo httpd
>ld.so.1: httpd: fatal: libmm.so.11: open failed: No such file or
>directory
>Killed
>
>
>And if I run httpd as root:
># httpd
>(bcsun26:  root) /
>
>Is there something in the linking that root would have that the user
>would
>not?
>
>Jamie
>
> >From: "Ladner, Eric (Eric.Ladner)" <Eric.Ladner at ChevronTexaco.com>
> >To: donald.ritchey at exeloncorp.com
> >CC: jamiebowden at hotmail.com, sudo-users at sudo.ws
> >Subject: RE: Apache as non root with sudo
> >Date: Tue, 6 Jan 2004 10:10:14 -0600
> >
> >
> >Also, depending on your operating system, you can do a chatr
> >/opt/ebill/app/bin/httpd (as in HP-UX) or ldd /opt/ebill/app/bin/httpd
> >(most other Unix's) to see what it's linked aginst.  That'll help, most
> >likely.
> >
> >Eric
> >
> >-----Original Message-----
> >From: sudo-users-bounces at sudo.ws [mailto:sudo-users-bounces at sudo.ws] On
> >Behalf Of donald.ritchey at exeloncorp.com
> >Sent: Tuesday, January 06, 2004 9:30 AM
> >To: jamiebowden at hotmail.com; sudo-users at sudo.ws
> >Subject: RE: Apache as non root with sudo
> >
> >
> >Jamie:
> >
> >This looks like an error in the shared library linkage with apachectl.
> >Your apachectl is compiled with linkage to shared libraries that are
>not
> >part of the standard shared library loading environment (probably
> >depending on a LD_LIBRARY_PATH variable to find the library in
> >question).  As a security measure to prevent spoofing sensitive set-UID
> >executables, LD_LIBRARY_PATH is cleared for setUID executables when the
> >real user ID is not root.
> >
> >Responses:
> >
> >1.  Move the needed library into a library that is in the standard
> >library search path (in Tru64 UNIX, the loader(5) man page tells you
> >what those directories are, for your OS, you may have to do some
> >research to find out where these are) or extend the standard library
> >search path to include the needed directory.
> >
> >2.  You may compile in the location of the directory containing the
> >missing shared library into the apachectl executable.  Again, this is
> >dependent on the OS and compilers for your environment.  Check your man
> >pages for cc(1) and ld(1) for the proper options.
> >
> >Best wishes,
> >
> >Donald L. (Don) Ritchey
> >E-mail:  Donald.Ritchey at exeloncorp.com
> >
> >-----Original Message-----
> >From: Jamie Bowden [mailto:jamiebowden at hotmail.com]
> >Sent: Tuesday, January 06, 2004 9:10 AM
> >To: sudo-users at sudo.ws
> >Subject: Apache as non root with sudo
> >
> >
> >Hello,
> >
> >I have installed sudo and am wondering why I cannot get non root users
> >to
> >start apache when that user issues the command "sudo apachectl start"
> >
> >This user has been given 100% root access via sudo command.   They can
> >run
> >any command root can.
> >
> >The error message I get is:
> >ld.so.1: /opt/ebill/app/bin/httpd: fatal: libmm.so.11: open failed: No
> >such
> >file or directory
> >Killed
> >/opt/ebill/app/bin/apachectl start: httpd could not be started
> >
> >Does sudo not give the user the same paths as root?  Root does not get
> >this
> >message - isn't Sudo supposed to make that user "behave" like root?
> >
> >Any suggestions on what else I could verify?
> >
> >Thanks
> >
> >Jamie Bowden
> >www.atl.bluecross.ca
> >
> >_________________________________________________________________
> >Protect your PC - get McAfee.com VirusScan Online
> >http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
> >
> >____________________________________________________________
> >sudo-users mailing list <sudo-users at sudo.ws>
> >For list information, options, or to unsubscribe, visit:
> >http://www.sudo.ws/mailman/listinfo/sudo-users
> >
> >
> >***********************************************************************
>*
> >This e-mail and any of its attachments may contain Exelon Corporation
> >proprietary information, which is privileged, confidential, or subject
> >to copyright belonging to the Exelon Corporation family of Companies.
> >This e-mail is intended solely for the use of the individual or entity
> >to which it is addressed.  If you are not the intended recipient of
>this
> >
> >e-mail, you are hereby notified that any dissemination, distribution,
> >copying, or action taken in relation to the contents of and attachments
> >to this e-mail is strictly prohibited and may be unlawful.  If you have
> >received this e-mail in error, please notify the sender immediately and
> >permanently delete the original and any copy of this e-mail and any
> >printout. Thank You.
> >***********************************************************************
>*
> >
> >____________________________________________________________
> >sudo-users mailing list <sudo-users at sudo.ws>
> >For list information, options, or to unsubscribe, visit:
> >http://www.sudo.ws/mailman/listinfo/sudo-users
> >
> >
>
>_________________________________________________________________
>MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.
>http://join.msn.com/?page=features/virus&pgmarket=en-ca&RU=http%3a%2f%2f
>join.msn.com%2f%3fpage%3dmisc%2fspecialoffers%26pgmarket%3den-ca
>
>
>

_________________________________________________________________
Add photos to your messages with MSN 8. Get 2 months FREE*.  
http://join.msn.com/?page=dept/features&pgmarket=en-ca&RU=http%3a%2f%2fjoin.msn.com%2f%3fpage%3dmisc%2fspecialoffers%26pgmarket%3den-ca

More information about the sudo-users mailing list