From gregy at gregy.cz Sun Jan 3 20:43:50 2010 From: gregy at gregy.cz (Gregy) Date: Sun, 3 Jan 2010 20:43:50 +0100 Subject: [mpm-itk] mpm_itk and chroot Message-ID: Hello, is it possible to use mpm_itk together with chroot? I am using chroot with prefork mpm but problem with this setup is that vhosts can "temper" with each other. I thought itk is just like prefork but with per user capability. Later I found out it completely ignores chroot directive. Am I missing something? Is there some way to make it work? From sgunderson at bigfoot.com Sun Jan 3 20:45:48 2010 From: sgunderson at bigfoot.com (Steinar H. Gunderson) Date: Sun, 3 Jan 2010 20:45:48 +0100 Subject: [mpm-itk] mpm_itk and chroot In-Reply-To: References: Message-ID: <20100103194548.GA4826@uio.no> On Sun, Jan 03, 2010 at 08:43:50PM +0100, Gregy wrote: > Hello, is it possible to use mpm_itk together with chroot? I am using > chroot with prefork mpm but problem with this setup is that vhosts can > "temper" with each other. I thought itk is just like prefork but with > per user capability. Later I found out it completely ignores chroot > directive. Am I missing something? Is there some way to make it work? Why do you need chroot if you run the vhosts under different uids? Just set permissions properly and you should be good. /* Steinar */ -- Homepage: http://www.sesse.net/ From gregy at gregy.cz Sun Jan 3 20:50:19 2010 From: gregy at gregy.cz (Gregy) Date: Sun, 3 Jan 2010 20:50:19 +0100 Subject: [mpm-itk] mpm_itk and chroot In-Reply-To: <20100103194548.GA4826@uio.no> References: <20100103194548.GA4826@uio.no> Message-ID: > Why do you need chroot if you run the vhosts under different uids? > Just set permissions properly and you should be good. > Because I am running php and not-so-trusted users will be uploading scripts. I don't want them to be able to access every file on my machine which is readable by others. From sgunderson at bigfoot.com Sun Jan 3 20:55:26 2010 From: sgunderson at bigfoot.com (Steinar H. Gunderson) Date: Sun, 3 Jan 2010 20:55:26 +0100 Subject: [mpm-itk] mpm_itk and chroot In-Reply-To: References: <20100103194548.GA4826@uio.no> Message-ID: <20100103195526.GB5172@uio.no> On Sun, Jan 03, 2010 at 08:50:19PM +0100, Gregy wrote: >> Why do you need chroot if you run the vhosts under different uids? >> Just set permissions properly and you should be good. > Because I am running php and not-so-trusted users will be uploading > scripts. I don't want them to be able to access every file on my > machine which is readable by others. If you don't want your files to be readable by others, the simplest thing to do is really not to mark them as such... In any case, mpm-itk doesn't do anything specific related to chroot. Do you get any error messages? /* Steinar */ -- Homepage: http://www.sesse.net/ From gregy at gregy.cz Sun Jan 3 21:17:06 2010 From: gregy at gregy.cz (Gregy) Date: Sun, 3 Jan 2010 21:17:06 +0100 Subject: [mpm-itk] mpm_itk and chroot In-Reply-To: <20100103195526.GB5172@uio.no> References: <20100103194548.GA4826@uio.no> <20100103195526.GB5172@uio.no> Message-ID: > In any case, mpm-itk doesn't do anything specific related to chroot. Do you > get any error messages? No, even though I have logging set to debug I still cannot see any errors in error_log. From gregy at gregy.cz Mon Jan 4 20:50:12 2010 From: gregy at gregy.cz (Gregy) Date: Mon, 4 Jan 2010 20:50:12 +0100 Subject: [mpm-itk] mpm_itk and chroot In-Reply-To: References: <20100103194548.GA4826@uio.no> <20100103195526.GB5172@uio.no> Message-ID: I digged through the source and found out that chroot is done in unixd_setup_child function. Prefork calls this function, itk does not. I really don't understand the code so I don't know why it isremoved. Wouldn't it be possible to return it? 2010/1/3 Gregy : >> In any case, mpm-itk doesn't do anything specific related to chroot. Do you >> get any error messages? > > > No, even though I have logging set to debug I still cannot see any > errors in error_log. > From sgunderson at bigfoot.com Mon Jan 4 21:04:59 2010 From: sgunderson at bigfoot.com (Steinar H. Gunderson) Date: Mon, 4 Jan 2010 21:04:59 +0100 Subject: [mpm-itk] mpm_itk and chroot In-Reply-To: References: <20100103194548.GA4826@uio.no> <20100103195526.GB5172@uio.no> Message-ID: <20100104200459.GA9119@uio.no> On Mon, Jan 04, 2010 at 08:50:12PM +0100, Gregy wrote: > I digged through the source and found out that chroot is done in > unixd_setup_child function. Prefork calls this function, itk does not. > I really don't understand the code so I don't know why it isremoved. > Wouldn't it be possible to return it? No; unixd_setup_child() does lots of stuff which is directly incompatible with the way mpm-itk works. I could copy out the chroot stuff into mpm-itk, but I honestly don't see the point; it doesn't really win you much security, and it would require an extra capability to be added to mpm-itk's set. Just set your permissions correctly :-) /* Steinar */ -- Homepage: http://www.sesse.net/ From gregy at gregy.cz Mon Jan 4 21:12:06 2010 From: gregy at gregy.cz (Gregy) Date: Mon, 4 Jan 2010 21:12:06 +0100 Subject: [mpm-itk] mpm_itk and chroot In-Reply-To: <20100104200459.GA9119@uio.no> References: <20100103194548.GA4826@uio.no> <20100103195526.GB5172@uio.no> <20100104200459.GA9119@uio.no> Message-ID: > No; unixd_setup_child() does lots of stuff which is directly incompatible > with the way mpm-itk works. I could copy out the chroot stuff into mpm-itk, > but I honestly don't see the point; it doesn't really win you much security, > and it would require an extra capability to be added to mpm-itk's set. Just > set your permissions correctly :-) I am not sure if it really works this way but to suid itk has to run code as root, wouldn't it be safer to be chrooted? Or is chroot so easy to get through it doesn't matter? From sgunderson at bigfoot.com Mon Jan 4 21:44:07 2010 From: sgunderson at bigfoot.com (Steinar H. Gunderson) Date: Mon, 4 Jan 2010 21:44:07 +0100 Subject: [mpm-itk] mpm_itk and chroot In-Reply-To: References: <20100103194548.GA4826@uio.no> <20100103195526.GB5172@uio.no> <20100104200459.GA9119@uio.no> Message-ID: <20100104204407.GB9119@uio.no> On Mon, Jan 04, 2010 at 09:12:06PM +0100, Gregy wrote: > I am not sure if it really works this way but to suid itk has to run > code as root, wouldn't it be safer to be chrooted? Or is chroot so > easy to get through it doesn't matter? If you are root, you can usually get out of a chroot jail some way or the other anyways. Making a proper chroot jail is pretty hard. In any case, mpm-itk drops most of its root privileges (including the ability to chroot) quickly; as long as you have seteuid() capability that might not matter all that much, though. /* Steinar */ -- Homepage: http://www.sesse.net/ From gregy at gregy.cz Mon Jan 4 22:12:06 2010 From: gregy at gregy.cz (Gregy) Date: Mon, 4 Jan 2010 22:12:06 +0100 Subject: [mpm-itk] mpm_itk and chroot In-Reply-To: <20100104204407.GB9119@uio.no> References: <20100103194548.GA4826@uio.no> <20100103195526.GB5172@uio.no> <20100104200459.GA9119@uio.no> <20100104204407.GB9119@uio.no> Message-ID: > I could copy out the chroot stuff into mpm-itk, > but I honestly don't see the point; it doesn't really win you much security, > and it would require an extra capability to be added to mpm-itk's set. Just > set your permissions correctly :-) Ok, I just liked chroot :) , it easily prevented getting the scraps of information you can get without it (e.g. what programs are installed...from /etc). I can however live without it. In any case thank you for mpm_itk. I think it is really convinient piece of software and hope you will continue with it. Gregy From kogt2s at gmail.com Tue Jan 5 04:22:34 2010 From: kogt2s at gmail.com (Alex Tordi) Date: Mon, 4 Jan 2010 21:22:34 -0600 Subject: [mpm-itk] mpm-itk & CGI wrapper or FCGId Message-ID: <003f01ca8db6$59027ce0$0b0776a0$@com> Hi, someone uses itk and FCGId or CGI wrapper. the standart is mod_php which will be better, and faster any comments thanks! Alex Tor -------------- next part -------------- An HTML attachment was scrubbed... URL: From kogt2s at gmail.com Wed Jan 6 02:21:59 2010 From: kogt2s at gmail.com (Alex Tordi) Date: Tue, 5 Jan 2010 19:21:59 -0600 Subject: [mpm-itk] mpm-itk & CGI wrapper or FCGId Message-ID: <001201ca8e6e$a7b47a10$f71d6e30$@com> Ups.. no body can help? De: Alex Tordi [mailto:kogt2s at gmail.com] Enviado el: lunes, 04 de enero de 2010 09:23 p.m. Para: 'mpm-itk at err.no' Asunto: mpm-itk & CGI wrapper or FCGId Hi, someone uses itk and FCGId or CGI wrapper. the standart is mod_php which will be better, and faster any comments thanks! Alex Tor -------------- next part -------------- An HTML attachment was scrubbed... URL: From kassah at gmail.com Wed Jan 6 07:59:27 2010 From: kassah at gmail.com (Will Lightning) Date: Tue, 05 Jan 2010 22:59:27 -0800 Subject: [mpm-itk] mpm-itk & CGI wrapper or FCGId In-Reply-To: <001201ca8e6e$a7b47a10$f71d6e30$@com> References: <001201ca8e6e$a7b47a10$f71d6e30$@com> Message-ID: <1262761167.1375.169.camel@izaban> On Tue, 2010-01-05 at 19:21 -0600, Alex Tordi wrote: > someone uses itk and FCGId or CGI wrapper. > the standart is mod_php > which will be better, and faster > any comments thanks! Alex, As principle holds, mod_php would be faster. However, I don't know of any metrics out there on it. Plus, it's extremely hard to take metrics like that. Also, I don't have a complete understanding of FastCGI, so I'll compare CGI for you. As with anything, it isn't a black and white decision, you need to evaluate your setup and it's needs. Reasoning behind my principle: - mod_php in prefork works almost the exact same way as cgi Setup in advance, and be ready when the request comes in. - fcgi sets up php at request. Benifits of CGI PHP (I'm not 100% familiar with FCGI): - If you have very few PHP scripts on the server, FCGI will use less memory and processes, because static requests don't have PHP loaded. - Easier to configure special extensions per domain/dir/etc. Benifits of mod_php: - Speed, Preloaded PHP, allows all startup to be done in advance of the request. - More compatability with pre-made applications. CGI PHP is missing some functions. It is very rare to run into this, but it does happen. I hope this feedback is helpful. Thanks, William Lightning From jonas_lists at frukt.org Wed Jan 6 13:38:42 2010 From: jonas_lists at frukt.org (Jonas Eckerman) Date: Wed, 06 Jan 2010 13:38:42 +0100 Subject: [mpm-itk] mpm-itk & CGI wrapper or FCGId In-Reply-To: <003f01ca8db6$59027ce0$0b0776a0$@com> References: <003f01ca8db6$59027ce0$0b0776a0$@com> Message-ID: <4B448452.4090200@frukt.org> Alex Tordi wrote: > someone uses itk and FCGId or CGI wrapper. I'm assuming you refer to "mod_fcgid". > which will be better, and faster Wich is better depends on what you want. In general, mod_php is probably faster just after startup. AFAIK, mod_fcgid doersn't support startup preloading of fastcgi apps (all the older FastCGI runners I've used supported this, so hopefully mod_fcgid will too in the future). Once mod_fcgid has loaded one or more PHP instances, the speed should be about the same as for mod_php. mod_fcgid supports more different tuning since the FastCGI porocesses are kept in a separate pool from the apache httpd children. So you may tune the httpd children and the PHP processes separately. I've no idea wether this is of any benefit to you. One benefit to running PHP as a FastCGI is that any problematic PHP scripts or PHP modules will be separated from the httpd processes. This means that if a PHP script or module crashes or goes haywire it will not affect the main web server. In some cases this may be a very good idea. One common reason for running PHP as a FastCGI doesn't apply when using mpm_itk. People often run PHP as FastCGI in order to make PHP scripts run as different users for different virtual hosts without the huge overhead of ordinary CGI. If using FastCGI PHP with mpm_itk you do need separate fastcgi PHP handlers for different virtual hosts if you want the PHP scripts to run as the correct user. Regards /Jonas -- Jonas Eckerman Frukttr?det & F?rbundet Sveriges D?vblinda http://www.fsdb.org/ http://www.frukt.org/ http://whatever.frukt.org/ From felix.schwarz at oss.schwarz.eu Sun Jan 10 13:35:31 2010 From: felix.schwarz at oss.schwarz.eu (Felix Schwarz) Date: Sun, 10 Jan 2010 13:35:31 +0100 Subject: [mpm-itk] mod_fcgid: can't get lock Message-ID: <4B49C993.5040409@oss.schwarz.eu> Hi, I'm using mpm itk on CentOS 5 (httpd-2.2.3-31.1.el5.2). Now I want to add mod_fcgid to the mix to separate web applications from the server process (and in order not to use the mod_python/mod_php which have their own share of problems when it comes to system libraries that might be linked by other Apache modules). Basically setting up mod_fcgid used to be very easy: AddHandler fcgid-script .php FCGIWrapper /usr/bin/php-cgi .php Options +ExecCGI However with MPM itk that does not work anymore - after quite a long time waiting for the application, all I see is this in the error log: (13)Permission denied: mod_fcgid: can't get lock, pid: <...> There were some recent posts on this mailing list ([1], [2]) that indicated that mod_fcgid should work with MPM ITK. In other forums people mention that mod_fcgid will work correctly ([3]). Does mod_fcgid work together with MPM itk? Any hints where I should look to get rid of my problem? fs [1] http://lists.err.no/pipermail/mpm-itk/2010-January/000250.html [2] http://lists.err.no/pipermail/mpm-itk/2010-January/000249.html [3] http://forums.ramhost.org/bbs/viewtopic.php?pid=101 From lawrencewilliams at lcwsoft.com Fri Jan 15 20:12:12 2010 From: lawrencewilliams at lcwsoft.com (Lawrence Williams) Date: Fri, 15 Jan 2010 15:42:12 -0330 Subject: [mpm-itk] eaccelerator Message-ID: <4B50BE0C.30805@lcwsoft.com> Hi, Is anyone here using eAccelerator with the ITK mpm at the same time? If so, is there anything special to note? Regards, Lawrence From lawrencewilliams at lcwsoft.com Fri Jan 15 21:57:55 2010 From: lawrencewilliams at lcwsoft.com (Lawrence Williams) Date: Fri, 15 Jan 2010 17:27:55 -0330 Subject: [mpm-itk] eaccelerator In-Reply-To: <4B50D2BA.5030601@didriksen.cc> References: <4B50BE0C.30805@lcwsoft.com> <4B50D2BA.5030601@didriksen.cc> Message-ID: <4B50D6D3.7040806@lcwsoft.com> Yes, but APC is incompatible with Zend Optimizer, which is required by our customers scripts. I assume APC works the same under itk as normal prefork or worker? Lawrence Tino Didriksen wrote: > eAccelerator is outdated. > > APC is the most up to date caching extension, and it's maintained by > the PHP people themselves. > - http://pecl.php.net/package/APC > - http://php.net/manual/en/book.apc.php > > I use APC with mpm-itk on several machines. > > -- Tino Didriksen > > Lawrence Williams wrote: >> Hi, >> >> Is anyone here using eAccelerator with the ITK mpm at the same time? >> If so, is there anything special to note? >> >> Regards, >> Lawrence From tino at didriksen.cc Fri Jan 15 21:40:26 2010 From: tino at didriksen.cc (Tino Didriksen) Date: Fri, 15 Jan 2010 21:40:26 +0100 Subject: [mpm-itk] eaccelerator In-Reply-To: <4B50BE0C.30805@lcwsoft.com> References: <4B50BE0C.30805@lcwsoft.com> Message-ID: <4B50D2BA.5030601@didriksen.cc> eAccelerator is outdated. APC is the most up to date caching extension, and it's maintained by the PHP people themselves. - http://pecl.php.net/package/APC - http://php.net/manual/en/book.apc.php I use APC with mpm-itk on several machines. -- Tino Didriksen Lawrence Williams wrote: > Hi, > > Is anyone here using eAccelerator with the ITK mpm at the same time? If > so, is there anything special to note? > > Regards, > Lawrence -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3415 bytes Desc: S/MIME Cryptographic Signature URL: From alephlg at gmail.com Sat Jan 16 15:15:37 2010 From: alephlg at gmail.com (Aleph) Date: Sat, 16 Jan 2010 15:15:37 +0100 Subject: [mpm-itk] eaccelerator In-Reply-To: <4B50BE0C.30805@lcwsoft.com> References: <4B50BE0C.30805@lcwsoft.com> Message-ID: <20100116151537.19f5597f@noder> Szia! I use the eaccelerator with only_shm option. Work and perfect. Aleph Fri, 15 Jan 2010 15:42:12 -0330 -n Lawrence Williams ?rta: > Hi, > > Is anyone here using eAccelerator with the ITK mpm at the same time? If > so, is there anything special to note? > > Regards, > Lawrence > > _______________________________________________ > mpm-itk mailing list > mpm-itk at err.no > http://lists.err.no/mailman/listinfo/mpm-itk -- Gergely Lonyai OS Developper: Mandriva Linux Security solution: RSBAC, GnuPG, CACert.org -- This mail is e-signed mail with trusted PGP Mime key. Please get my public key from keyservers and check this mail consistency with GnuPG. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: not available URL: From cronfy at gmail.com Sun Jan 17 07:26:08 2010 From: cronfy at gmail.com (cronfy) Date: Sun, 17 Jan 2010 09:26:08 +0300 Subject: [mpm-itk] eaccelerator In-Reply-To: <20100116151537.19f5597f@noder> References: <4B50BE0C.30805@lcwsoft.com> <20100116151537.19f5597f@noder> Message-ID: Hi, What about security? Is is possible to get access to other users' scripts stored in shared memory with eAccelerator or APC? > I use the eaccelerator with only_shm option. Work and perfect. > > Aleph > > Fri, 15 Jan 2010 15:42:12 -0330 -n > Lawrence Williams ?rta: > > > Hi, > > > > Is anyone here using eAccelerator with the ITK mpm at the same time? If > > so, is there anything special to note? > > > > Regards, > > Lawrence > > > > _______________________________________________ > > mpm-itk mailing list > > mpm-itk at err.no > > http://lists.err.no/mailman/listinfo/mpm-itk > > > -- > Gergely Lonyai > > OS Developper: Mandriva Linux > Security solution: RSBAC, GnuPG, CACert.org > -- > This mail is e-signed mail with trusted PGP Mime key. > Please get my public key from keyservers > and check this mail consistency with GnuPG. > > > _______________________________________________ > mpm-itk mailing list > mpm-itk at err.no > http://lists.err.no/mailman/listinfo/mpm-itk > > -- // cronfy -------------- next part -------------- An HTML attachment was scrubbed... URL: From azurit at pobox.sk Sun Jan 17 14:20:35 2010 From: azurit at pobox.sk (azurIt) Date: Sun, 17 Jan 2010 14:20:35 +0100 Subject: [mpm-itk] eaccelerator Message-ID: Hi, we are using eAccelerator without problems. It's probably not possible to get access to the compiled scripts of other users cos files are owned by user under who is vhost running (but i cannot tell what about scripts stored in memory). azur -----P?vodn? spr?va----- Od: cronfy [cronfy at gmail.com] Komu: mpm-itk at err.no Predmet: Re: [mpm-itk] eaccelerator Hi, What about security? Is is possible to get access to other users' scripts stored in shared memory with eAccelerator or APC? I use the eaccelerator with only_shm option. Work and perfect. Aleph Fri, 15 Jan 2010 15:42:12 -0330 -n Lawrence Williams ?rta: > Hi, > > Is anyone here using eAccelerator with the ITK mpm at the same time? If > so, is there anything special to note? > > Regards, > Lawrence > > _______________________________________________ > mpm-itk mailing list > mpm-itk at err.no > http://lists.err.no/mailman/listinfo/mpm-itk -- Gergely Lonyai OS Developper: Mandriva Linux Security solution: RSBAC, GnuPG, CACert.org -- This mail is e-signed mail with trusted PGP Mime key. Please get my public key from keyservers and check this mail consistency with GnuPG. _______________________________________________ mpm-itk mailing list mpm-itk at err.no http://lists.err.no/mailman/listinfo/mpm-itk -- // cronfy From ml at knoway.info Wed Jan 20 00:09:28 2010 From: ml at knoway.info (ml at knoway.info) Date: Wed, 20 Jan 2010 00:09:28 +0100 Subject: [mpm-itk] proces strangeness Message-ID: <1263942568.15145.73.camel@diefenbaker> Hi all, I installed apache-itk on ubuntu hardy lts and configured it with a user as stated on the documentation file. The only way to verify that apache-itk is really running is running from console apache2 -V. But I got a strange number of processes and I never see a process with the user configured on the virtualhost. For example: StartServers 150 MinSpareServers 50 MaxSpareServers 100 MaxRequestsPerChild 0 but , from console: ps aux | grep -c apache2 70 I was expecting 150+50=200 processes, with the userid stated in apache2.conf. Moreover, using mod-status I obtain : 45 requests currently being processed, 14 idle workers.. and I was expecting 50 idle workers.. What I'm missing? Is there a way to log the uid transitions, as for debugging porposes only? Thanks From lawrencewilliams at lcwsoft.com Wed Jan 20 00:37:15 2010 From: lawrencewilliams at lcwsoft.com (Lawrence Williams) Date: Tue, 19 Jan 2010 20:07:15 -0330 Subject: [mpm-itk] proces strangeness In-Reply-To: <1263942568.15145.73.camel@diefenbaker> References: <1263942568.15145.73.camel@diefenbaker> Message-ID: <4B56422B.5040703@lcwsoft.com> Wrong command. I meant to say try this: top | grep apache2 That will tell us what user is being used for apache processes. I am thinking it will show either apache or nobody. Lawrence ml at knoway.info wrote: > Hi all, > > I installed apache-itk on ubuntu hardy lts and configured it with a user > as stated on the documentation file. > > The only way to verify that apache-itk is really running is running from > console apache2 -V. > > But I got a strange number of processes and I never see a process with > the user configured on the virtualhost. > > For example: > > > StartServers 150 > MinSpareServers 50 > MaxSpareServers 100 > MaxRequestsPerChild 0 > > > but , from console: > > ps aux | grep -c apache2 > 70 > > I was expecting 150+50=200 processes, with the userid stated in > apache2.conf. > > Moreover, using mod-status I obtain : > > 45 requests currently being processed, 14 idle workers.. > > and I was expecting 50 idle workers.. > > What I'm missing? > > Is there a way to log the uid transitions, as for debugging porposes > only? > > Thanks > > > _______________________________________________ > mpm-itk mailing list > mpm-itk at err.no > http://lists.err.no/mailman/listinfo/mpm-itk > ------------------------------------------------------------------------ > > > No virus found in this incoming message. > Checked by AVG - www.avg.com > Version: 8.5.432 / Virus Database: 270.14.150/2632 - Release Date: 01/19/10 07:34:00 > > From ml at knoway.info Wed Jan 20 08:46:44 2010 From: ml at knoway.info (ml at knoway.info) Date: Wed, 20 Jan 2010 08:46:44 +0100 Subject: [mpm-itk] proces strangeness In-Reply-To: <4B56422B.5040703@lcwsoft.com> References: <1263942568.15145.73.camel@diefenbaker> <4B56422B.5040703@lcwsoft.com> Message-ID: <1263973604.2482.34.camel@diefenbaker> it tells www-data or root... it's correct because actually I configured a different user only for a single lo hit vhost and the default is www-data. So It clould be that I can't see the suid. I did this for last stage of testing on production server. I got several virtualhost andh i will configure it with a different user each as far I understand this behaviour. another information is that in my error.log apache complains : server seems busy, (you may need to increase StartServers, or Min/MaxSpareServers), spawning 8 children, there are 4 idle, and 24 total children This error appears even if I put enormous values in startservers or minspareservers and doesn't match with ps aux | grep -c apache2. It' seams that this entry in error.log is a wrong information, but this is only my hypothesis.. and I swear it's simply wrong. thanks On Tue, 2010-01-19 at 20:07 -0330, Lawrence Williams wrote: > Wrong command. I meant to say try this: > > top | grep apache2 > > That will tell us what user is being used for apache processes. I am thinking it will show either apache or nobody. > > Lawrence > > > > ml at knoway.info wrote: > > Hi all, > > > > I installed apache-itk on ubuntu hardy lts and configured it with a user > > as stated on the documentation file. > > > > The only way to verify that apache-itk is really running is running from > > console apache2 -V. > > > > But I got a strange number of processes and I never see a process with > > the user configured on the virtualhost. > > > > For example: > > > > > > StartServers 150 > > MinSpareServers 50 > > MaxSpareServers 100 > > MaxRequestsPerChild 0 > > > > > > but , from console: > > > > ps aux | grep -c apache2 > > 70 > > > > I was expecting 150+50=200 processes, with the userid stated in > > apache2.conf. > > > > Moreover, using mod-status I obtain : > > > > 45 requests currently being processed, 14 idle workers.. > > > > and I was expecting 50 idle workers.. > > > > What I'm missing? > > > > Is there a way to log the uid transitions, as for debugging porposes > > only? > > > > Thanks > > > > > > _______________________________________________ > > mpm-itk mailing list > > mpm-itk at err.no > > http://lists.err.no/mailman/listinfo/mpm-itk > > ------------------------------------------------------------------------ > > > > > > No virus found in this incoming message. > > Checked by AVG - www.avg.com > > Version: 8.5.432 / Virus Database: 270.14.150/2632 - Release Date: 01/19/10 07:34:00 > > > > >