Bookmarks

Yahoo Gmail Google Facebook Delicious Twitter Reddit Stumpleupon Myspace Digg

Search queries



Links

Issociate
Impressum

#1: Apache in chroot on Solaris 9

Posted on 2009-08-06 02:06:56 by Igor Cicimov

--000e0cd2e57cda47de04706de500
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

Hi all,

I have built and install apache2.2.11 on solaris 9 and all is working fine
but when I put the server in chroot I faced some problems. More specifically
the server complains about the user I'm running apache under and says "can't
find the user with the given UID". My chroot is /chroot and when i built it
I have transfered the /etc/passwd, /etc/group, /etc/netconfig,
/etc/resolv.conf and /etc/hosts files into /chroot/etc directory and I have
transfered all the libraries linked to the httpd process that I could find
with ldd and truss. Any idea what am I still missing?

Thanks a lot for any help.

Igor

--000e0cd2e57cda47de04706de500
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Hi all,<br><br>I have built and install apache2.2.11 on solaris 9 and all i=
s working fine but when I put the server in chroot I faced some problems. M=
ore specifically the server complains about the user I&#39;m running apache=
under and says &quot;can&#39;t find the user with the given UID&quot;. My =
chroot is /chroot and when i built it I have transfered the /etc/passwd, /e=
tc/group, /etc/netconfig, /etc/resolv.conf and /etc/hosts files into /chroo=
t/etc directory and I have transfered all the libraries linked to the httpd=
process that I could find with ldd and truss. Any idea what am I still mis=
sing?<br>
<br>Thanks a lot for any help.<br><br>Igor<br>

--000e0cd2e57cda47de04706de500--

Report this message

Mr Ad

Google

#2: Re: Apache in chroot on Solaris 9

Posted on 2009-08-06 02:30:16 by Nick Kew

On 6 Aug 2009, at 01:06, Igor Cicimov wrote:

> Hi all,
>
> I have built and install apache2.2.11 on solaris 9 and all is
> working fine but when I put the server in chroot I faced some
> problems. More specifically the server complains about the user I'm
> running apache under and says "can't find the user with the given
> UID". My chroot is /chroot and when i built it I have transfered
> the /etc/passwd, /etc/group, /etc/netconfig, /etc/resolv.conf and /
> etc/hosts files into /chroot/etc directory and I have transfered
> all the libraries linked to the httpd process that I could find
> with ldd and truss. Any idea what am I still missing?

man chroot

What happens when (in a shell) you perform the same chroot then su
to the apache user/group?

If that doesn't tell you anything useful, tell us whether you're apache
within a chroot, or using Apache's ChrootDir.

--
Nick Kew

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Report this message

#3: Re: Apache in chroot on Solaris 9

Posted on 2009-08-06 04:27:02 by Igor Cicimov

--00151750dd4ee17e0a04706fdab1
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

Thanks Nick, that was a good pointer. I enabled the su command in chroot and
copied over some of the libraries linked to it:

cp /usr/lib/libbsm.so.1 /chroot/usr/lib/libbsm.so.1
cp /usr/lib/libproject.so.1 /chroot/usr/lib/libproject.so.1
cp /usr/lib/libpam.so.1 /chroot/usr/lib/libpam.so.1
cp /usr/lib/libproc.so.1 /chroot/usr/lib/libproc.so.1
cp /usr/lib/librtld_db.so.1 /chroot/usr/lib/librtld_db.so.1
cp /usr/lib/libelf.so.1 /chroot/usr/lib/libelf.so.1


and that did the trick. I guess the libpam was missing and that was the
reason for authentication not working properly.

Now I have some other problems. When I try to start the server with SSL
enabled I get the following error:


[Thu Aug 06 12:04:31 2009] [info] Init: Seeding PRNG with 136 bytes of
entropy
[Thu Aug 06 12:04:31 2009] [info] Init: Generating temporary RSA private
keys (512/1024 bits)
[Thu Aug 06 12:04:32 2009] [info] Init: Generating temporary DH parameters
(512/1024 bits)
[Thu Aug 06 12:04:32 2009] [error] (2)No such file or directory: Cannot
create SSLMutex


Also the mod_rewrite complains too:

[Thu Aug 06 12:21:35 2009] [crit] (2)No such file or directory: mod_rewrite:
could not create rewrite_log_lock
Configuration Failed

I have the following devices created in chroot:

# ls -l /chroot/dev
total 0
crw-rw-rw- 1 root other 13, 2 Aug 5 18:02 null
crw-r--r-- 1 root other 190, 0 Aug 5 18:03 random
crw-rw-rw- 1 root other 41, 0 Aug 5 17:27 udp
crw-r--r-- 1 root other 190, 1 Aug 5 18:03 urandom
crw-rw-rw- 1 root other 13, 12 Aug 5 18:02 zero


Thanks again for your help.

Cheers,

Igor


On Thu, Aug 6, 2009 at 10:30 AM, Nick Kew <nick@webthing.com> wrote:

>
> On 6 Aug 2009, at 01:06, Igor Cicimov wrote:
>
> Hi all,
>>
>> I have built and install apache2.2.11 on solaris 9 and all is working fine
>> but when I put the server in chroot I faced some problems. More specifically
>> the server complains about the user I'm running apache under and says "can't
>> find the user with the given UID". My chroot is /chroot and when i built it
>> I have transfered the /etc/passwd, /etc/group, /etc/netconfig,
>> /etc/resolv.conf and /etc/hosts files into /chroot/etc directory and I have
>> transfered all the libraries linked to the httpd process that I could find
>> with ldd and truss. Any idea what am I still missing?
>>
>
> man chroot
>
> What happens when (in a shell) you perform the same chroot then su
> to the apache user/group?
>
> If that doesn't tell you anything useful, tell us whether you're apache
> within a chroot, or using Apache's ChrootDir.
>
> --
> Nick Kew
>
> ------------------------------------------------------------ ---------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

--00151750dd4ee17e0a04706fdab1
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Thanks Nick, that was a good pointer. I enabled the su command in chroot an=
d copied over some of the libraries linked to it:<br><br>cp /usr/lib/libbsm=
..so.1 /chroot/usr/lib/libbsm.so.1<br>cp /usr/lib/libproject.so.1 /chroot/us=
r/lib/libproject.so.1<br>
cp /usr/lib/libpam.so.1 /chroot/usr/lib/libpam.so.1<br>cp /usr/lib/libproc.=
so.1 /chroot/usr/lib/libproc.so.1<br>cp /usr/lib/librtld_db.so.1 /chroot/us=
r/lib/librtld_db.so.1<br>cp /usr/lib/libelf.so.1 /chroot/usr/lib/libelf.so.=
1<br>
<br><br>and that did the trick. I guess the libpam was missing and that was=
the reason for authentication not working properly.<br><br>Now I have some=
other problems. When I try to start the server with SSL enabled I get the =
following error: <br>
<br><br>[Thu Aug 06 12:04:31 2009] [info] Init: Seeding PRNG with 136 bytes=
of entropy<br>[Thu Aug 06 12:04:31 2009] [info] Init: Generating temporary=
RSA private keys (512/1024 bits)<br>[Thu Aug 06 12:04:32 2009] [info] Init=
: Generating temporary DH parameters (512/1024 bits)<br>
[Thu Aug 06 12:04:32 2009] [error] (2)No such file or directory: Cannot cre=
ate SSLMutex<br><br><br>Also the mod_rewrite complains too:<br><br>[Thu Aug=
06 12:21:35 2009] [crit] (2)No such file or directory: mod_rewrite: could =
not create rewrite_log_lock<br>
Configuration Failed<br><br>I have the following devices created in chroot:=
<br><br># ls -l /chroot/dev<br>total 0<br>crw-rw-rw-   1 root  =A0=
=A0 other     13,=A0 2 Aug=A0 5 18:02 null<br>crw-r--r--   1 ro=
ot     other  =A0 190,=A0 0 Aug=A0 5 18:03 random<br>
crw-rw-rw-   1 root     other     41,=A0 0 Aug=A0 5 17:=
27 udp<br>crw-r--r--   1 root     other  =A0 190,=A0 1 Aug=
=A0 5 18:03 urandom<br>crw-rw-rw-   1 root     other  =A0=
=A0 13, 12 Aug=A0 5 18:02 zero<br><br><br>Thanks again for your help.<br>
<br>Cheers,<br><br>Igor<br><br><br><div class=3D"gmail_quote">On Thu, Aug 6=
, 2009 at 10:30 AM, Nick Kew <span dir=3D"ltr">&lt;<a href=3D"mailto:nick@w=
ebthing.com">nick@webthing.com</a>&gt;</span> wrote:<br><blockquote class=
=3D"gmail_quote" style=3D"border-left: 1px solid rgb(204, 204, 204); margin=
: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class=3D"im"><br>
On 6 Aug 2009, at 01:06, Igor Cicimov wrote:<br>
<br>
<blockquote class=3D"gmail_quote" style=3D"border-left: 1px solid rgb(204, =
204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Hi all,<br>
<br>
I have built and install apache2.2.11 on solaris 9 and all is working fine =
but when I put the server in chroot I faced some problems. More specificall=
y the server complains about the user I&#39;m running apache under and says=
&quot;can&#39;t find the user with the given UID&quot;. My chroot is /chro=
ot and when i built it I have transfered the /etc/passwd, /etc/group, /etc/=
netconfig, /etc/resolv.conf and /etc/hosts files into /chroot/etc directory=
and I have transfered all the libraries linked to the httpd process that I=
could find with ldd and truss. Any idea what am I still missing?<br>

</blockquote>
<br></div>
man chroot<br>
<br>
What happens when (in a shell) you perform the same chroot then su<br>
to the apache user/group?<br>
<br>
If that doesn&#39;t tell you anything useful, tell us whether you&#39;re ap=
ache<br>
within a chroot, or using Apache&#39;s ChrootDir.<br>
<br>
-- <br>
Nick Kew<br>
<br>
------------------------------------------------------------ ---------<br>
The official User-To-User support forum of the Apache HTTP Server Project.<=
br>
See &lt;URL:<a href=3D"http://httpd.apache.org/userslist.html" target=3D"_b=
lank">http://httpd.apache.org/userslist.html</a>&gt; for more info.<br>
To unsubscribe, e-mail: <a href=3D"mailto:users-unsubscribe@httpd.apache.or=
g" target=3D"_blank">users-unsubscribe@httpd.apache.org</a><br>
=A0&quot; =A0 from the digest: <a href=3D"mailto:users-digest-unsubscribe@=
httpd.apache.org" target=3D"_blank">users-digest-unsubscribe@httpd.apache.o=
rg</a><br>
For additional commands, e-mail: <a href=3D"mailto:users-help@httpd.apache.=
org" target=3D"_blank">users-help@httpd.apache.org</a><br>
<br>
</blockquote></div><br>

--00151750dd4ee17e0a04706fdab1--

Report this message

#4: Re: Apache in chroot on Solaris 9

Posted on 2009-08-06 04:40:48 by Igor Cicimov

--000e0cd6a89a2139690470700c59
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

As addition to the said above I can see the following error when I run truss
on the process:

stat("/usr/local/ssl/lib/libc.so.1", 0xFFBFEE30) Err#2 ENOENT
stat("/usr/local/ssl/lib/libgcc_s.so.1", 0xFFBFEE30) Err#2 ENOENT

and those libraries really don't exist. Any idea how to get around this?

Igor


On Thu, Aug 6, 2009 at 12:27 PM, Igor Cicimov <icicimov@gmail.com> wrote:

> Thanks Nick, that was a good pointer. I enabled the su command in chroot
> and copied over some of the libraries linked to it:
>
> cp /usr/lib/libbsm.so.1 /chroot/usr/lib/libbsm.so.1
> cp /usr/lib/libproject.so.1 /chroot/usr/lib/libproject.so.1
> cp /usr/lib/libpam.so.1 /chroot/usr/lib/libpam.so.1
> cp /usr/lib/libproc.so.1 /chroot/usr/lib/libproc.so.1
> cp /usr/lib/librtld_db.so.1 /chroot/usr/lib/librtld_db.so.1
> cp /usr/lib/libelf.so.1 /chroot/usr/lib/libelf.so.1
>
>
> and that did the trick. I guess the libpam was missing and that was the
> reason for authentication not working properly.
>
> Now I have some other problems. When I try to start the server with SSL
> enabled I get the following error:
>
>
> [Thu Aug 06 12:04:31 2009] [info] Init: Seeding PRNG with 136 bytes of
> entropy
> [Thu Aug 06 12:04:31 2009] [info] Init: Generating temporary RSA private
> keys (512/1024 bits)
> [Thu Aug 06 12:04:32 2009] [info] Init: Generating temporary DH parameters
> (512/1024 bits)
> [Thu Aug 06 12:04:32 2009] [error] (2)No such file or directory: Cannot
> create SSLMutex
>
>
> Also the mod_rewrite complains too:
>
> [Thu Aug 06 12:21:35 2009] [crit] (2)No such file or directory:
> mod_rewrite: could not create rewrite_log_lock
> Configuration Failed
>
> I have the following devices created in chroot:
>
> # ls -l /chroot/dev
> total 0
> crw-rw-rw- 1 root other 13, 2 Aug 5 18:02 null
> crw-r--r-- 1 root other 190, 0 Aug 5 18:03 random
> crw-rw-rw- 1 root other 41, 0 Aug 5 17:27 udp
> crw-r--r-- 1 root other 190, 1 Aug 5 18:03 urandom
> crw-rw-rw- 1 root other 13, 12 Aug 5 18:02 zero
>
>
> Thanks again for your help.
>
> Cheers,
>
> Igor
>
>
>
> On Thu, Aug 6, 2009 at 10:30 AM, Nick Kew <nick@webthing.com> wrote:
>
>>
>> On 6 Aug 2009, at 01:06, Igor Cicimov wrote:
>>
>> Hi all,
>>>
>>> I have built and install apache2.2.11 on solaris 9 and all is working
>>> fine but when I put the server in chroot I faced some problems. More
>>> specifically the server complains about the user I'm running apache under
>>> and says "can't find the user with the given UID". My chroot is /chroot and
>>> when i built it I have transfered the /etc/passwd, /etc/group,
>>> /etc/netconfig, /etc/resolv.conf and /etc/hosts files into /chroot/etc
>>> directory and I have transfered all the libraries linked to the httpd
>>> process that I could find with ldd and truss. Any idea what am I still
>>> missing?
>>>
>>
>> man chroot
>>
>> What happens when (in a shell) you perform the same chroot then su
>> to the apache user/group?
>>
>> If that doesn't tell you anything useful, tell us whether you're apache
>> within a chroot, or using Apache's ChrootDir.
>>
>> --
>> Nick Kew
>>
>> ------------------------------------------------------------ ---------
>> The official User-To-User support forum of the Apache HTTP Server Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>

--000e0cd6a89a2139690470700c59
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

As addition to the said above I can see the following error when I run trus=
s on the process:<br><br>stat(&quot;/usr/local/ssl/lib/libc.so.1&quot;, 0xF=
FBFEE30) Err#2 ENOENT<br>stat(&quot;/usr/local/ssl/lib/libgcc_s.so.1&quot;,=
0xFFBFEE30) Err#2 ENOENT<br>
<br>and those libraries really don&#39;t exist. Any idea how to get around =
this?<br><br>Igor<br><br><br><div class=3D"gmail_quote">On Thu, Aug 6, 2009=
at 12:27 PM, Igor Cicimov <span dir=3D"ltr">&lt;<a href=3D"mailto:icicimov=
@gmail.com">icicimov@gmail.com</a>&gt;</span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"border-left: 1px solid rgb(204, =
204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Thanks Nick, that=
was a good pointer. I enabled the su command in chroot and copied over som=
e of the libraries linked to it:<br>
<br>cp /usr/lib/libbsm.so.1 /chroot/usr/lib/libbsm.so.1<br>cp /usr/lib/libp=
roject.so.1 /chroot/usr/lib/libproject.so.1<br>
cp /usr/lib/libpam.so.1 /chroot/usr/lib/libpam.so.1<br>cp /usr/lib/libproc.=
so.1 /chroot/usr/lib/libproc.so.1<br>cp /usr/lib/librtld_db.so.1 /chroot/us=
r/lib/librtld_db.so.1<br>cp /usr/lib/libelf.so.1 /chroot/usr/lib/libelf.so.=
1<br>

<br><br>and that did the trick. I guess the libpam was missing and that was=
the reason for authentication not working properly.<br><br>Now I have some=
other problems. When I try to start the server with SSL enabled I get the =
following error: <br>

<br><br>[Thu Aug 06 12:04:31 2009] [info] Init: Seeding PRNG with 136 bytes=
of entropy<br>[Thu Aug 06 12:04:31 2009] [info] Init: Generating temporary=
RSA private keys (512/1024 bits)<br>[Thu Aug 06 12:04:32 2009] [info] Init=
: Generating temporary DH parameters (512/1024 bits)<br>

[Thu Aug 06 12:04:32 2009] [error] (2)No such file or directory: Cannot cre=
ate SSLMutex<br><br><br>Also the mod_rewrite complains too:<br><br>[Thu Aug=
06 12:21:35 2009] [crit] (2)No such file or directory: mod_rewrite: could =
not create rewrite_log_lock<br>

Configuration Failed<br><br>I have the following devices created in chroot:=
<br><br># ls -l /chroot/dev<br>total 0<br>crw-rw-rw-   1 root  =A0=
=A0 other     13,=A0 2 Aug=A0 5 18:02 null<br>crw-r--r--   1 ro=
ot     other  =A0 190,=A0 0 Aug=A0 5 18:03 random<br>

crw-rw-rw-   1 root     other     41,=A0 0 Aug=A0 5 17:=
27 udp<br>crw-r--r--   1 root     other  =A0 190,=A0 1 Aug=
=A0 5 18:03 urandom<br>crw-rw-rw-   1 root     other  =A0=
=A0 13, 12 Aug=A0 5 18:02 zero<br><br><br>Thanks again for your help.<br>

<br>Cheers,<br><font color=3D"#888888"><br>Igor</font><div><div></div><div =
class=3D"h5"><br><br><br><div class=3D"gmail_quote">On Thu, Aug 6, 2009 at =
10:30 AM, Nick Kew <span dir=3D"ltr">&lt;<a href=3D"mailto:nick@webthing.co=
m" target=3D"_blank">nick@webthing.com</a>&gt;</span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"border-left: 1px solid rgb(204, =
204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div><br>
On 6 Aug 2009, at 01:06, Igor Cicimov wrote:<br>
<br>
<blockquote class=3D"gmail_quote" style=3D"border-left: 1px solid rgb(204, =
204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Hi all,<br>
<br>
I have built and install apache2.2.11 on solaris 9 and all is working fine =
but when I put the server in chroot I faced some problems. More specificall=
y the server complains about the user I&#39;m running apache under and says=
&quot;can&#39;t find the user with the given UID&quot;. My chroot is /chro=
ot and when i built it I have transfered the /etc/passwd, /etc/group, /etc/=
netconfig, /etc/resolv.conf and /etc/hosts files into /chroot/etc directory=
and I have transfered all the libraries linked to the httpd process that I=
could find with ldd and truss. Any idea what am I still missing?<br>


</blockquote>
<br></div>
man chroot<br>
<br>
What happens when (in a shell) you perform the same chroot then su<br>
to the apache user/group?<br>
<br>
If that doesn&#39;t tell you anything useful, tell us whether you&#39;re ap=
ache<br>
within a chroot, or using Apache&#39;s ChrootDir.<br>
<br>
-- <br>
Nick Kew<br>
<br>
------------------------------------------------------------ ---------<br>
The official User-To-User support forum of the Apache HTTP Server Project.<=
br>
See &lt;URL:<a href=3D"http://httpd.apache.org/userslist.html" target=3D"_b=
lank">http://httpd.apache.org/userslist.html</a>&gt; for more info.<br>
To unsubscribe, e-mail: <a href=3D"mailto:users-unsubscribe@httpd.apache.or=
g" target=3D"_blank">users-unsubscribe@httpd.apache.org</a><br>
=A0&quot; =A0 from the digest: <a href=3D"mailto:users-digest-unsubscribe@=
httpd.apache.org" target=3D"_blank">users-digest-unsubscribe@httpd.apache.o=
rg</a><br>
For additional commands, e-mail: <a href=3D"mailto:users-help@httpd.apache.=
org" target=3D"_blank">users-help@httpd.apache.org</a><br>
<br>
</blockquote></div><br>
</div></div></blockquote></div><br>

--000e0cd6a89a2139690470700c59--

Report this message