AIX Open Source

AIX Open Source

Share your experiences and connect with fellow developers to discover how to build and manage open source software for the AIX operating system

 View Only
Back to discussions
Expand all | Collapse all

httpd start script changes /var/run permissions

  • 1.  httpd start script changes /var/run permissions

    Posted Tue June 08, 2021 09:25 AM
    Hi,
    Every time I start/restart httpd (installed from IBM repo, httpd-2.4.46-1.ppc) the /var/run directory permissions got changed, that makes it impossible for processes that write PID-files to subdirectories with non-root permissions to start. I made small investigation and found that it is caused by the line in /etc/rc.d/init.d/httpd script:

    $MKDIR -p /var/run

    I changed the script this way:

    if [ ! -d "/var/run" ]
    then
    $MKDIR -p /var/run
    fi

    Now the script does not re-write directory permissions. Is it possible to change the script in RPM package like that or maybe some other way, in order to make it check the /var/run directory permissions/existence and does not change them unnecessarily?

    ------------------------------
    Sincerely yours,
    Pavlo Greenberg
    ------------------------------


  • 2.  RE: httpd start script changes /var/run permissions

    Posted Wed June 09, 2021 10:01 AM
    Thank you Pavlo. We will look into it.

    ------------------------------
    SANKET RATHI
    ------------------------------

    Original Message


  • 3.  RE: httpd start script changes /var/run permissions

    Posted Tue June 15, 2021 03:38 AM
    I am not sure how "mkdir -p /var/run" is going to change the permission of the directory.
    But yes, it is always good to check the existence of "/var/run" before creating it. 
    We will modify the script in future releases.

    ------------------------------
    Ayappan P
    ------------------------------

    Original Message


  • 4.  RE: httpd start script changes /var/run permissions

    Posted Tue June 15, 2021 03:45 AM
    Hi Pavlo, 
    mkdir -p should not change the permission of a directory if it is already there. Am I missing something ?
    Can you please let me know exact sequence and how the permission got changed?

    ------------------------------
    SANKET RATHI
    ------------------------------

    Original Message


  • 5.  RE: httpd start script changes /var/run permissions

    Posted Tue June 15, 2021 05:39 AM
    @SANKET RATHI, you're right, I've had a mistake in my investigation. I've made​ a bit more check: removed all my corrections from the script and then ran start/stop/restart httpd - nothing got changed; then I rebooted the host - nothing got changed either; then I forcibly reinstalled the httpd package (yum reinstall httpd) - and finally had got /var/run permissions changed. So it's not 'mkdir -p' that is really the culprit, but some %pre- or %post- installation script in the rpm package.
    Sorry for confusing all of you guys.

    ------------------------------
    Pavlo Greenberg
    ------------------------------

    Original Message


  • 6.  RE: httpd start script changes /var/run permissions

    Posted Tue June 15, 2021 08:21 AM
    This could also be a bad (naive) specification in the %files section of the RPM spec, as opposed to anything that happens in a %pre or %post script.

    -- 
    Stephen L. Ulmer
    Enterprise Architect
    Mainline Information Systems
    (m) 352-870-8649








    Original Message


  • 7.  RE: httpd start script changes /var/run permissions

    Posted Tue June 15, 2021 09:15 AM
    Yes , that's right.
    It's a problem with the %files section.

    %attr(0700,root,system) %dir %{localstatedir}/run 

    We will fix it and upload a new release.

    ------------------------------
    Ayappan P
    ------------------------------

    Original Message


  • 8.  RE: httpd start script changes /var/run permissions

    Posted Wed June 16, 2021 09:27 AM

    It is probably worth noting that there is a small inconsistency of ownership of /var/run in AIX itself:

    $ sudo sh -c 'ls -ld /usr/lpp/*/inst_root/var/run'
    drwxr-xr-x 2 bin bin 256 Aug 22 2018 /usr/lpp/X11.apps/inst_root/var/run
    drwxr-xr-x 2 root system 256 Oct 21 2019 /usr/lpp/bos.aso/inst_root/var/run
    $ oslevel -s
    7200-04-03-2038
    $ lslpp -l -Or $( lslpp -cw /var/run | awk -F: '$1=="/var/run"{print $2}' | sort -u )
    Fileset Level State Description
    ----------------------------------------------------------------------------
    Path: /etc/objrepos
    X11.apps.xdm 7.2.3.0 COMMITTED AIXwindows xdm Application
    bos.aso 7.2.4.1 COMMITTED Active System Optimizer
    $ restore -Tavqf bos.aso.7.2.4.0.I 2>&- | grep /var/run\$
    755 root system 0 ./usr/lpp/bos.aso/inst_root/var/run
    $ cd "$lpp724"
    $ restore -Tavqf bos.aso.7.2.4.0.I 2>&- | grep /var/run\$
    755 root system 0 ./usr/lpp/bos.aso/inst_root/var/run
    $ restore -Tavqf X11.apps.7.2.4.0.I 2>&- | grep /var/run\$
    755 bin bin 0 ./usr/lpp/X11.apps/inst_root/var/run
    $ cd "$lpp723"
    $ restore -Tavqf X11.apps.7.2.3.0.I 2>&- | grep /var/run\$
    755 bin bin 0 ./usr/lpp/X11.apps/inst_root/var/run
    $



    ------------------------------
    Edward Davignon
    ------------------------------

    Original Message


  • 9.  RE: httpd start script changes /var/run permissions

    Posted Thu June 17, 2021 12:04 PM
    That is a *most excellent* catch!

    You are my hero until at least lunch time. :)

    Liberty,

    -- 
    Stephen L. Ulmer
    Enterprise Architect
    Mainline Information Systems
    (m) 352-870-8649








    Original Message


  • 10.  RE: httpd start script changes /var/run permissions

    Posted Thu June 17, 2021 01:19 PM

    Thanks Stephen. :)

    It is also odd that things like /var/run, /var/log, and /var/lib are in add-in packages, not in bos.rte or similar packages.  For example, /var/lib is in X11.samples.apps.clients, X11.apps.xdm, and rpm.rte.  It seems like this has a potential that uninstalling or installing samples or xdm could modify access controls on important system wide directories.



    ------------------------------
    Edward Davignon
    ------------------------------

    Original Message


  • 11.  RE: httpd start script changes /var/run permissions

    Posted Thu June 17, 2021 01:48 PM
    That reminds me, it is time to remove X11.Dt, now that I am done troubleshooting ksh and ksh93 with /usr/dt/bin/dtksh

    ------------------------------
    Edward Davignon
    ------------------------------

    Original Message


  • 12.  RE: httpd start script changes /var/run permissions

    Posted Mon July 19, 2021 10:37 AM

    Hi,

    Recently I updated RPMs on one of my systems including httpd package and /var/run directory wasn't affected - looks like the issue's been solved. Thanks a lot!



    ------------------------------
    Pavlo Greenberg
    ------------------------------

    Original Message