From per at computer.org Wed Oct 16 18:54:44 2013 From: per at computer.org (Per Jessen) Date: Wed, 16 Oct 2013 18:54:44 +0200 Subject: [mpm-itk] php5 session.save_path ? Message-ID: <525EC4D4.10508@computer.org> I've recent got mpm-itk running with apache 2.4.6, seems to work well. I had to back it out though as I didn't have an immediate answer to what to do with /var/lib/php5. Does anyone here have some best practices to share? Thanks Per Jessen From azurit at pobox.sk Wed Oct 16 19:16:37 2013 From: azurit at pobox.sk (azurIt) Date: Wed, 16 Oct 2013 19:16:37 +0200 Subject: [mpm-itk] =?utf-8?q?php5_session=2Esave=5Fpath_=3F?= In-Reply-To: <525EC4D4.10508@computer.org> References: <525EC4D4.10508@computer.org> Message-ID: <20131016191637.6305EAB2@pobox.sk> >I've recent got mpm-itk running with apache 2.4.6, seems to work well. I had to >back it out though as I didn't have an immediate answer to what to do with >/var/lib/php5. Does anyone here have some best practices to share? Hi, where exactly do you see a problem? azur From per at computer.org Wed Oct 16 20:07:13 2013 From: per at computer.org (Per Jessen) Date: Wed, 16 Oct 2013 20:07:13 +0200 Subject: [mpm-itk] php5 session.save_path ? In-Reply-To: <20131016191637.6305EAB2@pobox.sk> References: <525EC4D4.10508@computer.org> <20131016191637.6305EAB2@pobox.sk> Message-ID: <525ED5D1.4040501@computer.org> azurIt wrote: >> I've recent got mpm-itk running with apache 2.4.6, seems to work well. I had to >> back it out though as I didn't have an immediate answer to what to do with >> /var/lib/php5. Does anyone here have some best practices to share? > > > Hi, > > where exactly do you see a problem? Hi Azur, good point - I forgot to explain the situation. I have a webserver setup with one group per customer. Groups are for instance srv1, srv2, srv3, so I would be running a virtual host as u1:grp1. Because /var/lib/php5 is owned by wwwrun:www in the default setup, a vhost running as u1:grp1 has no access to write e.g. session data. I'm considering using /var/lib/php5/srvN, but I was just wondering what other people do - I'm new to mpm-itk. /Per From michael at orlitzky.com Wed Oct 16 21:06:08 2013 From: michael at orlitzky.com (Michael Orlitzky) Date: Wed, 16 Oct 2013 15:06:08 -0400 Subject: [mpm-itk] php5 session.save_path ? In-Reply-To: <525ED5D1.4040501@computer.org> References: <525EC4D4.10508@computer.org> <20131016191637.6305EAB2@pobox.sk> <525ED5D1.4040501@computer.org> Message-ID: <525EE3A0.2010209@orlitzky.com> On 10/16/2013 02:07 PM, Per Jessen wrote: > > Hi Azur, good point - I forgot to explain the situation. > > I have a webserver setup with one group per customer. Groups are for > instance srv1, srv2, srv3, so I would be running a virtual host as > u1:grp1. Because /var/lib/php5 is owned by wwwrun:www in the default > setup, a vhost running as u1:grp1 has no access to write e.g. session > data. I'm considering using /var/lib/php5/srvN, but I was just > wondering what other people do - I'm new to mpm-itk. We create a hierarchy like, /var/www// /var/www///public /var/www///tmp ... Then in the apache vhost, we override the PHP temp dir settings. In php-5.4 this is, php_admin_value open_basedir /var/www/$domain/$host/ php_admin_value upload_tmp_dir /var/www/$domain/$host/tmp php_admin_value session.save_path /var/www/$domain/$host/tmp and with php-5.5, we'll add, php_admin_value sys_temp_dir /var/www/$domain/$host/tmp From azurit at pobox.sk Wed Oct 16 21:06:55 2013 From: azurit at pobox.sk (azurIt) Date: Wed, 16 Oct 2013 21:06:55 +0200 Subject: [mpm-itk] =?utf-8?q?php5_session=2Esave=5Fpath_=3F?= In-Reply-To: <525ED5D1.4040501@computer.org> References: <525EC4D4.10508@computer.org>, <20131016191637.6305EAB2@pobox.sk> <525ED5D1.4040501@computer.org> Message-ID: <20131016210655.9359DD6B@pobox.sk> >>> I've recent got mpm-itk running with apache 2.4.6, seems to work well. I had to >>> back it out though as I didn't have an immediate answer to what to do with >>> /var/lib/php5. Does anyone here have some best practices to share? >> >> >> Hi, >> >> where exactly do you see a problem? > >Hi Azur, good point - I forgot to explain the situation. > >I have a webserver setup with one group per customer. Groups are for instance >srv1, srv2, srv3, so I would be running a virtual host as u1:grp1. Because >/var/lib/php5 is owned by wwwrun:www in the default setup, a vhost running as >u1:grp1 has no access to write e.g. session data. I'm considering using >/var/lib/php5/srvN, but I was just wondering what other people do - I'm new to >mpm-itk. Two possible solutions: 1.) Make /var/lib/php5 world writable (this is the default in most distributions, similar to /tmp) 2.) Set custom session.save_path per user/vhost/directory/.. . azur From per at computer.org Wed Oct 16 22:52:20 2013 From: per at computer.org (Per Jessen) Date: Wed, 16 Oct 2013 22:52:20 +0200 Subject: [mpm-itk] php5 session.save_path ? In-Reply-To: <20131016210655.9359DD6B@pobox.sk> References: <525EC4D4.10508@computer.org>, <20131016191637.6305EAB2@pobox.sk> <525ED5D1.4040501@computer.org> <20131016210655.9359DD6B@pobox.sk> Message-ID: <525EFC84.7070008@computer.org> On 16/10/13 21:06, azurIt wrote: >>>> I've recent got mpm-itk running with apache 2.4.6, seems to work well. I had to >>>> back it out though as I didn't have an immediate answer to what to do with >>>> /var/lib/php5. Does anyone here have some best practices to share? >>> >>> >>> Hi, >>> >>> where exactly do you see a problem? >> >> Hi Azur, good point - I forgot to explain the situation. >> >> I have a webserver setup with one group per customer. Groups are for instance >> srv1, srv2, srv3, so I would be running a virtual host as u1:grp1. Because >> /var/lib/php5 is owned by wwwrun:www in the default setup, a vhost running as >> u1:grp1 has no access to write e.g. session data. I'm considering using >> /var/lib/php5/srvN, but I was just wondering what other people do - I'm new to >> mpm-itk. > > > > Two possible solutions: > 1.) Make /var/lib/php5 world writable (this is the default in most distributions, similar to /tmp) Not in openSUSE though. > 2.) Set custom session.save_path per user/vhost/directory/.. . Yes, that is what I am doing now. /Per From mike at mzandstra.com Tue Oct 22 14:44:02 2013 From: mike at mzandstra.com (Michael Zandstra) Date: Tue, 22 Oct 2013 07:44:02 -0500 Subject: [mpm-itk] Apache not responding Message-ID: I've been using mpm-itk for about a year with no problems. Today my webserver stopped responding to requests, though I haven't changed anything or even logged in in weeks. Apache is running and there is plenty of free memory, but requests for web pages time out. Telnet localhost 80 (from server) doesn't respond to any requests either, but the port is open and listening. I've flushed IPtables and restart apache, rebooted server, but alas, nothing. Any clues as to why this would happen? -------------- next part -------------- An HTML attachment was scrubbed... URL: From thomassen at a4a.de Tue Oct 22 14:58:08 2013 From: thomassen at a4a.de (Peter Thomassen) Date: Tue, 22 Oct 2013 14:58:08 +0200 Subject: [mpm-itk] Apache not responding In-Reply-To: References: Message-ID: <52667660.2060406@a4a.de> Hi Michael, On 10/22/2013 02:44 PM, Michael Zandstra wrote: > I've been using mpm-itk for about a year with no problems. Today my > webserver stopped responding to requests, though I haven't changed > anything or even logged in in weeks. > > Apache is running and there is plenty of free memory, but requests for > web pages time out. Telnet localhost 80 (from server) doesn't respond to > any requests either, but the port is open and listening. I've flushed > IPtables and restart apache, rebooted server, but alas, nothing. > > Any clues as to why this would happen? It's not clear whether this is related to mpm-itk. Try stripping down your configuration (i.e. disable modules / sites / maybe switch to a simpler MPM) to determine at which point things start working again. Cheers, Peter From mike at mzandstra.com Tue Oct 22 14:59:35 2013 From: mike at mzandstra.com (Michael Zandstra) Date: Tue, 22 Oct 2013 07:59:35 -0500 Subject: [mpm-itk] Apache not responding In-Reply-To: <52667660.2060406@a4a.de> References: <52667660.2060406@a4a.de> Message-ID: <526676B7.2090007@mzandstra.com> Thank for the tip, I will give that a try. On 10/22/2013 07:58 AM, Peter Thomassen wrote: > Hi Michael, > > On 10/22/2013 02:44 PM, Michael Zandstra wrote: >> I've been using mpm-itk for about a year with no problems. Today my >> webserver stopped responding to requests, though I haven't changed >> anything or even logged in in weeks. >> >> Apache is running and there is plenty of free memory, but requests for >> web pages time out. Telnet localhost 80 (from server) doesn't respond to >> any requests either, but the port is open and listening. I've flushed >> IPtables and restart apache, rebooted server, but alas, nothing. >> >> Any clues as to why this would happen? > It's not clear whether this is related to mpm-itk. Try stripping down > your configuration (i.e. disable modules / sites / maybe switch to a > simpler MPM) to determine at which point things start working again. > > Cheers, > Peter > > _______________________________________________ > mpm-itk mailing list > mpm-itk at err.no > http://lists.err.no/mailman/listinfo/mpm-itk From azurit at pobox.sk Tue Oct 22 16:45:22 2013 From: azurit at pobox.sk (azurIt) Date: Tue, 22 Oct 2013 16:45:22 +0200 Subject: [mpm-itk] =?utf-8?q?Apache_not_responding?= In-Reply-To: <526676B7.2090007@mzandstra.com> References: , <52667660.2060406@a4a.de> <526676B7.2090007@mzandstra.com> Message-ID: <20131022164522.2E86C220@pobox.sk> Anything interesting in errors logs? Try also enabling debug log level. azur ______________________________________________________________ > Od: Michael Zandstra > Komu: > D?tum: 22.10.2013 14:59 > Predmet: Re: [mpm-itk] Apache not responding > >Thank for the tip, I will give that a try. > >On 10/22/2013 07:58 AM, Peter Thomassen wrote: >> Hi Michael, >> >> On 10/22/2013 02:44 PM, Michael Zandstra wrote: >>> I've been using mpm-itk for about a year with no problems. Today my >>> webserver stopped responding to requests, though I haven't changed >>> anything or even logged in in weeks. >>> >>> Apache is running and there is plenty of free memory, but requests for >>> web pages time out. Telnet localhost 80 (from server) doesn't respond to >>> any requests either, but the port is open and listening. I've flushed >>> IPtables and restart apache, rebooted server, but alas, nothing. >>> >>> Any clues as to why this would happen? >> It's not clear whether this is related to mpm-itk. Try stripping down >> your configuration (i.e. disable modules / sites / maybe switch to a >> simpler MPM) to determine at which point things start working again. >> >> Cheers, >> Peter >> >> _______________________________________________ >> mpm-itk mailing list >> mpm-itk at err.no >> http://lists.err.no/mailman/listinfo/mpm-itk > > >_______________________________________________ >mpm-itk mailing list >mpm-itk at err.no >http://lists.err.no/mailman/listinfo/mpm-itk > From slawekp at uni.opole.pl Wed Oct 23 15:51:29 2013 From: slawekp at uni.opole.pl (=?UTF-8?B?U8WCYXdvbWlyIFBhc3praWV3aWN6?=) Date: Wed, 23 Oct 2013 15:51:29 +0200 Subject: [mpm-itk] setuid: Operation not permitted Message-ID: <5267D461.8040506@uni.opole.pl> Hello, We are using mod_itk for a month or so and we have a big problem always after restarting Apache. Some sites (vhosts) works fine, but other not. In logs there are many messages : [Wed Oct 23 15:29:47 2013] [warn] Couldn't set uid/gid/priority, closing connection. [Wed Oct 23 15:29:48 2013] [warn] (itkmpm: pid=12041 uid=0, gid=10094) itk_post_perdir_config(): setuid(10083): Operation not permitted [Wed Oct 23 15:29:48 2013] [warn] Couldn't set uid/gid/priority, closing connection. [Wed Oct 23 15:29:48 2013] [warn] (itkmpm: pid=12042 uid=0, gid=10094) itk_post_perdir_config(): setuid(10083): Operation not permitted [Wed Oct 23 15:29:48 2013] [warn] Couldn't set uid/gid/priority, closing connection. [Wed Oct 23 15:29:48 2013] [warn] (itkmpm: pid=12043 uid=0, gid=81) itk_post_perdir_config(): setuid(81): Operation not permitted [Wed Oct 23 15:29:48 2013] [warn] Couldn't set uid/gid/priority, closing connection. [Wed Oct 23 15:29:48 2013] [warn] (itkmpm: pid=12047 uid=0, gid=81) itk_post_perdir_config(): setuid(81): Operation not permitted After some ammount of time (random, but not less than 5 minutes) it`s working fine again... until next Apache restart. We are using Gentoo with APACHE2_MPMS="itk" Apache 2.2.25-2 Best regards, S?awomir Paszkiewicz -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3366 bytes Desc: Kryptograficzna sygnatura S/MIME URL: From sgunderson at bigfoot.com Wed Oct 23 15:55:39 2013 From: sgunderson at bigfoot.com (Steinar H. Gunderson) Date: Wed, 23 Oct 2013 15:55:39 +0200 Subject: [mpm-itk] setuid: Operation not permitted In-Reply-To: <5267D461.8040506@uni.opole.pl> References: <5267D461.8040506@uni.opole.pl> Message-ID: <20131023135539.GB19910@sesse.net> On Wed, Oct 23, 2013 at 03:51:29PM +0200, S?awomir Paszkiewicz wrote: > Some sites (vhosts) works fine, but other not. In logs there are > many messages : > > [Wed Oct 23 15:29:47 2013] [warn] Couldn't set uid/gid/priority, > closing connection. > [Wed Oct 23 15:29:48 2013] [warn] (itkmpm: pid=12041 uid=0, > gid=10094) itk_post_perdir_config(): setuid(10083): Operation not > permitted This is covered on the website: ?If you connect to httpd, make a request and then make a request on the same connection that gets handled by a different uid, mpm-itk simply shuts down the connection. This is perfectly legal according to RFC 2616 section 8.1.4, and all major clients seem to handle it well; the web server simply simulates a timeout, and the client just opens a new connection and retries the request. However, there is a small performance hit, and thus you should avoid including content from multiple uids in the same page.? /* Steinar */ -- Homepage: http://www.sesse.net/