Debian Bug report logs - #317244
libapache-mod-fastcgi: assumes (?) webserver runs as nobody:nogroup and fails to start

version graph

Package: libapache-mod-fastcgi; Maintainer for libapache-mod-fastcgi is Tatsuki Sugiura <sugi@nemui.org>;

Reported by: Chris Wage <cwage@quietlife.net>

Date: Thu, 7 Jul 2005 00:03:04 UTC

Severity: normal

Tags: moreinfo

Found in version 2.4.2-6

Done: Tatsuki Sugiura <sugi@nemui.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Tatsuki Sugiura <sugi@nemui.org>:
Bug#317244; Package libapache-mod-fastcgi. Full text and rfc822 format available.

Acknowledgement sent to Chris Wage <cwage@quietlife.net>:
New Bug report received and forwarded. Copy sent to Tatsuki Sugiura <sugi@nemui.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Chris Wage <cwage@quietlife.net>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: libapache-mod-fastcgi: assumes (?) webserver runs as nobody:nogroup and fails to start
Date: Wed, 06 Jul 2005 18:58:14 -0500
Package: libapache-mod-fastcgi
Version: 2.4.2-6
Severity: grave
Justification: renders package unusable


It would appear that when you install libapache-mod-fastcgi, it includes a line
in /etc/apache/conf.d as: FastCgiIpcDir /var/lib/apache/fastcgi

/var/lib/apache/fastcgi is created by the package and chowned to
www-data:www-data as seen below:

# ls -lad /var/lib/apache/fastcgi/
drwxr-xr-x  2 www-data www-data 4096 Jul  6 18:54 /var/lib/apache/fastcgi/

However, when you subsequently attempt to restart apache, you get the following
error:

# /etc/init.d/apache restart
Configuration syntax error detected. Not reloading.

Syntax error on line 4 of /etc/apache/conf.d/fastcgi.conf:
FastCgiIpcDir /var/lib/apache/fastcgi: access for server (uid 65534, gid 65534)
failed: write not allowed

It would appear that perhaps the module was compiled expecting the server to be
running as nobody:nogroup rather than www-data:www-data, which is the case in
Debian. You can of course simply make the /var/lib/apache/fastcgi folder
writeable by the "nobody" user, or the "nogroup" group, which allows apache to
start, but fastcgi scripts still fail because the webserver cannot write to the
fastcgi folder (it creates the dynamic/ folder owned by nobody and mode 0700)

As such, I'm at an impasse for getting fastcgi to work. Removing the package or
leaving /var/lib/apache/fastcgi as owned by nobody at least gets apache working
again, as a workaround.


-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.4.29.022505
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages libapache-mod-fastcgi depends on:
ii  apache-common               1.3.33-6     support files for all Apache webse
ii  libc6                       2.3.2.ds1-22 GNU C Library: Shared libraries an

-- no debconf information



Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#317244; Package libapache-mod-fastcgi. Full text and rfc822 format available.

Acknowledgement sent to Tatsuki Sugiura <sugi@nemui.org>:
Extra info received and forwarded to list. Full text and rfc822 format available.

Message #10 received at 317244@bugs.debian.org (full text, mbox):

From: Tatsuki Sugiura <sugi@nemui.org>
To: Chris Wage <cwage@quietlife.net>, 317244@bugs.debian.org
Subject: Re: Bug#317244: libapache-mod-fastcgi: assumes (?) webserver runs as nobody:nogroup and fails to start
Date: Fri, 15 Jul 2005 12:51:04 +0900
Hello,

>>> In Message "Bug#317244: libapache-mod-fastcgi: assumes (?) webserver runs as nobody:nogroup and fails to start"
>>>            <20050706235814.C6E00167DE@shkaf.quietlife.net>,
>>> Chris Wage <cwage@quietlife.net>  said;
> It would appear that perhaps the module was compiled expecting the server to be
> running as nobody:nogroup rather than www-data:www-data, which is the case in
> Debian. You can of course simply make the /var/lib/apache/fastcgi folder
> writeable by the "nobody" user, or the "nogroup" group, which allows apache to
> start, but fastcgi scripts still fail because the webserver cannot write to the
> fastcgi folder (it creates the dynamic/ folder owned by nobody and mode 0700)

FastCGI module don't expect apache is running as nobody.
When root is going to start apache, the module will get uid/gid from
Apache API (ap_user_id/ap_group_id).

You can check it with minimal config file like following;

sugi@tempest:~% cat fcgitest-apache.conf
User www-data
Group www-data
LoadModule fastcgi_module /usr/lib/apache/1.3/mod_fastcgi.so
FastCgiIpcDir /home/sugi/fcgiipctest

sugi@tempest:~% ls -ld fcgiipctest
d---------  2 sugi sugi 48 2005-07-15 12:34 fcgiipctest/

sugi@tempest:~% id www-data
uid=33(www-data) gid=33(www-data) groups=33(www-data)

sugi@tempest:~% sudo apache -f /home/sugi/fcgitest-apache.conf -T
Syntax error on line 4 of /home/sugi/fcgitest-apache.conf:
FastCgiIpcDir /home/sugi/fcgiipctest: access for server (uid 33, gid 33) failed: read not allowed

If correct server uid/gid are shown, it works well.

> FastCgiIpcDir /var/lib/apache/fastcgi: access for server (uid 65534, gid 65534)
> failed: write not allowed

I think... perhapse, the setting  "User nobody" was written in your apache config.
Please check your all config files listed as

strace /usr/sbin/apache -T 2>&1 | grep open \
  | egrep -v "/(usr|lib|dev)/" | grep -v "No such" \
  | egrep -v "/etc/(hosts|group|passwd|ld\.so|resolv\.conf|nsswitch\.conf)"

-- 
Tatsuki Sugiura   mailto:sugi@nemui.org



Tags added: moreinfo Request was from Tatsuki Sugiura <sugi@nemui.org> to control@bugs.debian.org. Full text and rfc822 format available.

Severity set to `normal'. Request was from Tatsuki Sugiura <sugi@nemui.org> to control@bugs.debian.org. Full text and rfc822 format available.

Reply sent to Tatsuki Sugiura <sugi@nemui.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Chris Wage <cwage@quietlife.net>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #19 received at 317244-done@bugs.debian.org (full text, mbox):

From: Tatsuki Sugiura <sugi@nemui.org>
To: 317244-done@bugs.debian.org
Subject: I'm closing bug #317244
Date: Sat, 25 Aug 2007 16:46:44 +0900
Hello,

I'm closing this bug, because I can't reproduce
and need more info.

Please re-open if you still have this problem.

-- 
Tatsuki Sugiura   mailto:sugi@nemui.org



Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 23 Sep 2007 07:27:46 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 18:59:23 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.