From pascal at carat-hosting.com  Sun Jul  3 04:08:44 2005
From: pascal at carat-hosting.com (Pascal - Carat-Hosting.com)
Date: Sun Jul  3 04:09:02 2005
Subject: [peruser] New potential user of peruser : some questions
Message-ID: <20050703100857.23E221C000A2@mwinf1109.wanadoo.fr>

Hello,
 
I look for a while for something like peruser. So happy to find it :)
 
But I have few questions before give it a try.
 
All my box use httpd 2.0.54 and not 2.0.52, is it very difficult to change
the patch to apply it on a 2.0.54 ? 
I think it is possible as it is only a minor release, but as I don't know
exactly what does the peruser patch I ask you before
 
Did someone test it and/or use it in a production environment ? 
On some boxes I have more than 100 vhost. 
Did you see some performance impact ?
 
Does the release of Peruser is in stable state ?
 
I know that I should test it and see by myself, it's true that do a
compilation of httpd is not so difficult, it just takes time. 
But I'd like to have the opinion of existing user of peruser. 
 
Thanks a ton for your help/advises
 
Pascal
(hope my english is not too bad :-p )
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.telana.com/pipermail/peruser/attachments/20050703/80569514/attachment.htm
From gabriel at telana.com  Sun Jul  3 04:17:06 2005
From: gabriel at telana.com (Sean Gabriel Heacock)
Date: Sun Jul  3 04:17:09 2005
Subject: [peruser] New potential user of peruser : some questions
In-Reply-To: <20050703100857.23E221C000A2@mwinf1109.wanadoo.fr>
References: <20050703100857.23E221C000A2@mwinf1109.wanadoo.fr>
Message-ID: <1120385826.30831.24.camel@isis.korsoft.com>

On Sun, 2005-07-03 at 12:08 +0200, Pascal - Carat-Hosting.com wrote: 
> All my box use httpd 2.0.54 and not 2.0.52, is it very difficult to
> change the patch to apply it on a 2.0.54 ? 
> I think it is possible as it is only a minor release, but as I don't
> know exactly what does the peruser patch I ask you before

I think there is a change in 53 or 54 that breaks something.  Upgrading
to the latest version of apache and making sure peruser is next on my
todo list.

> Did someone test it and/or use it in a production environment ? 
> On some boxes I have more than 100 vhost. 
> Did you see some performance impact ?

I run it on my production server, with about 100 domains.  My setup is
extremely dependent on the features provided by peruser, so I can't
compare it directly to a vanilla apache setup.  But I don't think
there's any noticeable performance impact, at least with the current
version.

However, I don't recommend running it on a production system yourself,
at least without *significant* testing first.  The peruser mpm comes
with absolutely no warranty!

> Does the release of Peruser is in stable state ?

No, I'd call it alpha right now :)

> I know that I should test it and see by myself, it's true that do a
> compilation of httpd is not so difficult, it just takes time. 
> But I'd like to have the opinion of existing user of peruser. 

It works for me, but I wrote it :)  The main problem seems to be in
getting your httpd.conf exactly right.  Hopefully as long as you go off
of the example configuration on the web page, it should work okay.

-- 
Sean Gabriel Heacock
Telana Internet Services
http://www.telana.com/

From pascal at carat-hosting.com  Sun Jul  3 04:31:15 2005
From: pascal at carat-hosting.com (Pascal - Carat-Hosting.com)
Date: Sun Jul  3 04:31:31 2005
Subject: [peruser] New potential user of peruser : some questions
In-Reply-To: <1120385826.30831.24.camel@isis.korsoft.com>
Message-ID: <20050703103128.8076E1C000BB@mwinf1112.wanadoo.fr>

Thanks for your quick answer.

I have an other questoin about the configuration.
In the VirtualHost section there is :
 # this must match a Processor"
      ServerEnvironment user group /home/user

Does that mean that in the main httpd configuration I must have a processor
per user/group (so per domain)

Something like
Processor user1 group1 /home/user1
Processor user2 group2 /home/user2
Processor user3 group3 /home/user3

Then in the VirtualHost section (per domain)
<VirtualHost domain1.com>
    ServerName domain1.com
    <IfModule peruser.c>
      # this must match a Processor
      ServerEnvironment user1 group1 /home/user1
</VirtualHost>
<VirtualHost domain2.com>
    ServerName domain2.com
    <IfModule peruser.c>
      # this must match a Processor
      ServerEnvironment user2 group2 /home/user2
</VirtualHost>

Etc ....

I also use SuexecUserGroup user group in my VirtualHost for CGI pgms. Any
impact with peruser ?

I promise, I stop asking a lot of things, I'll test it on a test server with
httpd 2.0.52
Just want to be sure for the processor case

Pascal

> All my box use httpd 2.0.54 and not 2.0.52, is it very difficult to 
> change the patch to apply it on a 2.0.54 ?
> I think it is possible as it is only a minor release, but as I don't 
> know exactly what does the peruser patch I ask you before

I think there is a change in 53 or 54 that breaks something.  Upgrading to
the latest version of apache and making sure peruser is next on my todo
list.

> Did someone test it and/or use it in a production environment ? 
> On some boxes I have more than 100 vhost. 
> Did you see some performance impact ?

I run it on my production server, with about 100 domains.  My setup is
extremely dependent on the features provided by peruser, so I can't compare
it directly to a vanilla apache setup.  But I don't think there's any
noticeable performance impact, at least with the current version.

However, I don't recommend running it on a production system yourself, at
least without *significant* testing first.  The peruser mpm comes with
absolutely no warranty!

> Does the release of Peruser is in stable state ?

No, I'd call it alpha right now :)

> I know that I should test it and see by myself, it's true that do a 
> compilation of httpd is not so difficult, it just takes time.
> But I'd like to have the opinion of existing user of peruser. 

It works for me, but I wrote it :)  The main problem seems to be in getting
your httpd.conf exactly right.  Hopefully as long as you go off of the
example configuration on the web page, it should work okay.

--
Sean Gabriel Heacock
Telana Internet Services
http://www.telana.com/

_______________________________________________
Peruser mailing list
Peruser@telana.com
http://www.telana.com/mailman/listinfo/peruser




From gabriel at telana.com  Sun Jul  3 19:28:20 2005
From: gabriel at telana.com (Sean Gabriel Heacock)
Date: Sun Jul  3 19:28:24 2005
Subject: [peruser] New potential user of peruser : some questions
In-Reply-To: <20050703103128.8076E1C000BB@mwinf1112.wanadoo.fr>
References: <20050703103128.8076E1C000BB@mwinf1112.wanadoo.fr>
Message-ID: <1120440501.30831.47.camel@isis.korsoft.com>

On Sun, 2005-07-03 at 12:31 +0200, Pascal - Carat-Hosting.com wrote:
> Thanks for your quick answer.

No problem, I was up late :)  Sorry for the delay on this one, my ISP
has been down all day.

> I have an other questoin about the configuration.
> In the VirtualHost section there is :
>  # this must match a Processor"
>       ServerEnvironment user group /home/user
> 
> Does that mean that in the main httpd configuration I must have a processor
> per user/group (so per domain)

That's right.  You can also do this:

Processor user1 group1 /home/user1

<VirtualHost www.domain1.com>
  ServerEnvironment user1 group1 /home/user1
</VirtualHost>

<VirtualHost www.domain2.com>
  ServerEnvironment user1 group1 /home/user1
</VirtualHost>

That is, you can have several vhosts share the same server environment.
There just needs to be a Processor directive that matches (but only one,
you wouldn't need two of them in the example above).

That's how my system is set up - each account on the server has a
"Processor" directive, and one or more domains, all set to use the same
user, group, and chroot directory.

> I also use SuexecUserGroup user group in my VirtualHost for CGI pgms. Any
> impact with peruser ?

It probably wouldn't work, because peruser will already by doing the
setuid/setgid stuff.  Suexec becomes unnecessary - any cgi programs will
be executed by an apache process that's already running as the desired
user and group, so the cgi will also run as that user and group.

> I promise, I stop asking a lot of things, I'll test it on a test server with
> httpd 2.0.52
> Just want to be sure for the processor case

If you have problems getting it working, the first thing to try is to
remove the chroot directories from the configuration.  Getting that to
work properly can be very tricky.

-- 
Sean Gabriel Heacock
Telana Internet Services
http://www.telana.com/

From ctron at dentrassi.de  Sun Jul  3 23:53:47 2005
From: ctron at dentrassi.de (Jens Reimann)
Date: Sun Jul  3 23:53:51 2005
Subject: [peruser] fc3 rpms for 0.15
Message-ID: <20050704055347.BB8A824ADE0@flux.dentrassi.de>

Hi,

I made some RPMS for Fedore Core 3.

http://dentrassi.de/download/peruser/0.15/

Anyway I still got the some problems. subversion is not working, referers and
source IP address are unknown and ssl connections simply die.

Let me know if I can help in some way.

From gabriel at telana.com  Mon Jul  4 14:24:39 2005
From: gabriel at telana.com (Sean Gabriel Heacock)
Date: Mon Jul  4 14:24:43 2005
Subject: [peruser] fc3 rpms for 0.15
In-Reply-To: <20050704055347.BB8A824ADE0@flux.dentrassi.de>
References: <20050704055347.BB8A824ADE0@flux.dentrassi.de>
Message-ID: <1120508679.30831.50.camel@isis.korsoft.com>

On Mon, 2005-07-04 at 05:53 +0000, Jens Reimann wrote:
> I made some RPMS for Fedore Core 3.
> 
> http://dentrassi.de/download/peruser/0.15/

Cool!

> Anyway I still got the some problems. subversion is not working, referers and
> source IP address are unknown and ssl connections simply die.

Well mod_ssl is pretty much incompatible with the way requests are
passed between processes inside peruser.  Maybe someone who's familiar
with the internals of mod_ssl can fix it, but I think it's a bit beyond
me.  I use an SSL reverse-proxy in front of apache, so apache only gets
regular http connections.  It's at http://www.apsis.ch/pound/

-- 
Sean Gabriel Heacock
Telana Internet Services
http://www.telana.com/

From alvarotorres at gmail.com  Mon Jul  4 19:26:43 2005
From: alvarotorres at gmail.com (Alvaro Torres F.)
Date: Mon Jul  4 19:52:44 2005
Subject: [peruser] publishing users home directory with 700 acces
Message-ID: <1a5a996d0507041826b1d44f5@mail.gmail.com>

Hello I don?t know if this is the right plase to ask this question.
I?ve a server with 50 users and I want to protect the home directory of 
every user chmoding to 700 everyone, then nobody can acces to a home 
directory of another user.
The Document Root in apache is set to /home, making the URL 
http://domain.com/user
But when I open the URL in the browser I?ve get a nice Forbidden page, tell 
me ?you don?t have permision to acces /user/?
How can make the users can publish their own page without modify the 700 
acces.
I can?t make a chroot because the users use many aplications of the server.
May be making apache to run like the owner to the home directory, but I 
don?t know how do that.
Thanks a lot.


-- 
Atte. Alvaro Torres F.
USER_LOCAL = Universidad Arturo Prat - Chile
USER_PATH = / Departamento de Ingenier?a / Ingenier?a Civil en Computaci?n e 
Inform?tica
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.telana.com/pipermail/peruser/attachments/20050704/000ba608/attachment.htm
From gabriel at telana.com  Mon Jul  4 23:54:18 2005
From: gabriel at telana.com (Sean Gabriel Heacock)
Date: Mon Jul  4 23:54:22 2005
Subject: [peruser] publishing users home directory with 700 acces
In-Reply-To: <1a5a996d0507041826b1d44f5@mail.gmail.com>
References: <1a5a996d0507041826b1d44f5@mail.gmail.com>
Message-ID: <1120542858.30831.58.camel@isis.korsoft.com>

On Mon, 2005-07-04 at 21:26 -0400, Alvaro Torres F. wrote:
> Hello I don?t know if this is the right plase to ask this question.

Well this list is for the peruser module for apache2, so if you're not
running that then this is probably more of a general apache question.

> I?ve a server with 50 users and I want to protect the home directory
> of every user chmoding to 700 everyone, then nobody  can acces to a
> home directory of another user.

With vanilla apache, the web server would be running as "apache" or
"www" or some such user, and the directories would have to be accessible
by that user.  A permission of 711 might work, that would give all users
the ability to enter the directory, but not to read its contents.
Apache is usually going to be requesting specific files, so it's fine
with that, but any other users would get "permission denied" if they
tried to "ls" in someone else's directory.  It's not optimal, but it's
better than 755.  It's exactly this kind of situation that prompted me
to work on this peruser project.

With peruser, even if you didn't use the chroot feature, the home
directory could be owned by the user and set to the mode 700.  Apache
would be able to access it because it would be running as that user when
serving those files.  But, it's still very much in development and
really not suited for production use yet.

-- 
Sean Gabriel Heacock
Telana Internet Services
http://www.telana.com/

From gugge at guggemand.dk  Tue Jul 12 11:52:08 2005
From: gugge at guggemand.dk (Karsten Schmidt)
Date: Tue Jul 12 11:55:17 2005
Subject: [peruser] Permission denied: mod_rewrite
Message-ID: <42D40348.7050900@guggemand.dk>

Im testing peruser on my FreeBSD 5.4 box, with apache 2.0.54

everything seems to work fine, but i get this in my error log the first 
time i access a site, running as another user than my www user

[crit] (13)Permission denied: mod_rewrite: could not init rewrite log 
lock in child

also it seems to take around 1 second to start the httpd processes the 
first time i access a site

What could i try to solve these problems?

--
Karsten Schmidt
From gabriel at telana.com  Tue Jul 12 11:59:23 2005
From: gabriel at telana.com (Sean Gabriel Heacock)
Date: Tue Jul 12 11:59:26 2005
Subject: [peruser] Permission denied: mod_rewrite
In-Reply-To: <42D40348.7050900@guggemand.dk>
References: <42D40348.7050900@guggemand.dk>
Message-ID: <1121191163.25222.74.camel@isis.korsoft.com>

On Tue, 2005-07-12 at 19:52 +0200, Karsten Schmidt wrote:
> Im testing peruser on my FreeBSD 5.4 box, with apache 2.0.54
> 
> everything seems to work fine, but i get this in my error log the first 
> time i access a site, running as another user than my www user
> 
> [crit] (13)Permission denied: mod_rewrite: could not init rewrite log 
> lock in child

Yeah, I vaguely recall running into this a while back.  It's trying to
create a file after the setuid and chroot calls are made, and the user
apache becomes doesn't have access, and/or the directory doesn't exist
inside the chroot jail.  If you turn off RewriteLog that goes away,
although you won't have a rewrite log anymore.

> also it seems to take around 1 second to start the httpd processes the 
> first time i access a site

This is due to the dynamic startup of apache processes.  Eventually I'll
probably add an option to specify how many processes to start up and
keep running.  So far none of my users have noticed the delay, though.

-- 
Sean Gabriel Heacock
Telana Internet Services
http://www.telana.com/

From leen at consolejunkie.net  Tue Jul 12 12:09:36 2005
From: leen at consolejunkie.net (Leen Besselink)
Date: Tue Jul 12 12:10:44 2005
Subject: [peruser] Permission denied: mod_rewrite
In-Reply-To: <1121191163.25222.74.camel@isis.korsoft.com>
References: <42D40348.7050900@guggemand.dk>
	<1121191163.25222.74.camel@isis.korsoft.com>
Message-ID: <20050712180936.GB661@consolejunkie.net>

On Tue, Jul 12, 2005 at 11:59:23AM -0600, Sean Gabriel Heacock wrote:
> On Tue, 2005-07-12 at 19:52 +0200, Karsten Schmidt wrote:
> > Im testing peruser on my FreeBSD 5.4 box, with apache 2.0.54
> > 
> > everything seems to work fine, but i get this in my error log the first 
> > time i access a site, running as another user than my www user
> > 
> > [crit] (13)Permission denied: mod_rewrite: could not init rewrite log 
> > lock in child
> 
> Yeah, I vaguely recall running into this a while back.  It's trying to
> create a file after the setuid and chroot calls are made, and the user
> apache becomes doesn't have access, and/or the directory doesn't exist
> inside the chroot jail.  If you turn off RewriteLog that goes away,
> although you won't have a rewrite log anymore.
> 
> > also it seems to take around 1 second to start the httpd processes the 
> > first time i access a site
> 
> This is due to the dynamic startup of apache processes.  Eventually I'll
> probably add an option to specify how many processes to start up and
> keep running.  So far none of my users have noticed the delay, though.
> 

What could also be the problem is that peruser might use more getuid, getgid calls and 
Karsten Schmidt uses NFS- or database (SQL/LDAP)- backed PAM or similair ?

Other reasons for slow apache startup could be DNS (if you also manage it's caching DNS-server you might wanna look in the logs, if it's more then normal or slow/whatever).

Those are some things that I could think of.
From gabriel at telana.com  Tue Jul 12 12:15:13 2005
From: gabriel at telana.com (Sean Gabriel Heacock)
Date: Tue Jul 12 12:15:20 2005
Subject: [peruser] Permission denied: mod_rewrite
In-Reply-To: <20050712180936.GB661@consolejunkie.net>
References: <42D40348.7050900@guggemand.dk>
	<1121191163.25222.74.camel@isis.korsoft.com>
	<20050712180936.GB661@consolejunkie.net>
Message-ID: <1121192113.25222.83.camel@isis.korsoft.com>

On Tue, 2005-07-12 at 20:09 +0200, Leen Besselink wrote:
> What could also be the problem is that peruser might use more getuid,
> getgid calls and Karsten Schmidt uses NFS- or database (SQL/LDAP)-
> backed PAM or similair ?
> 
> Other reasons for slow apache startup could be DNS (if you also manage
> it's caching DNS-server you might wanna look in the logs, if it's more
> then normal or slow/whatever).

That's a good point, I use pam_mysql/nss_mysql.  Linux has nscd to cache
pwent lookups, and dns too.  If FreeBSD has that, or something similiar,
it might be worth a shot.

(I actually have to run two instances of nscd, the normal one and
another that's chrooted into the chroot jail my users share.  It's a
hack but it works ;)

-- 
Sean Gabriel Heacock
Telana Internet Services
http://www.telana.com/

From gabriel at telana.com  Tue Jul 12 12:23:07 2005
From: gabriel at telana.com (Sean Gabriel Heacock)
Date: Tue Jul 12 12:23:16 2005
Subject: [peruser] peruser 0.1.6 released
In-Reply-To: <1120160302.28839.195.camel@isis.korsoft.com>
References: <1114585902.28972.291.camel@isis.korsoft.com>
	<1118663602.4786.69.camel@isis.korsoft.com>
	<1120021397.28839.135.camel@isis.korsoft.com>
	<1120160302.28839.195.camel@isis.korsoft.com>
Message-ID: <1121192587.25222.92.camel@isis.korsoft.com>

Minor bugfix; graceful restarts weren't closing some sockets, so with a
lot of ServerEnvironments, after a few of those it'd reach the
FD_SETSIZE file descriptor limit and crash.

http://www.telana.com/files/httpd-2.0.52-peruser-0.1.6.patch

Speaking of FD_SETSIZE, it's advisable to raise that limit when you
compile apache.  On linux it's set in /usr/include/linux/posix_types.h
and you'll also need to put "ulimit -n <new limit>" in apachectl or your
init.d script.  I find the default limit of 1024 to be too low even
without the socket-hungry peruser.

The next version will require apache 2.0.54, once I figure out this
webdav problem.

-- 
Sean Gabriel Heacock
Telana Internet Services
http://www.telana.com/

From gugge at guggemand.dk  Tue Jul 12 12:26:46 2005
From: gugge at guggemand.dk (Karsten Schmidt)
Date: Tue Jul 12 12:27:00 2005
Subject: [peruser] Permission denied: mod_rewrite
In-Reply-To: <20050712180936.GB661@consolejunkie.net>
References: <42D40348.7050900@guggemand.dk>	<1121191163.25222.74.camel@isis.korsoft.com>
	<20050712180936.GB661@consolejunkie.net>
Message-ID: <42D40B66.6060203@guggemand.dk>

Leen Besselink wrote:
> On Tue, Jul 12, 2005 at 11:59:23AM -0600, Sean Gabriel Heacock wrote:
> 
>>On Tue, 2005-07-12 at 19:52 +0200, Karsten Schmidt wrote:
>>
>>>Im testing peruser on my FreeBSD 5.4 box, with apache 2.0.54
>>>
>>>everything seems to work fine, but i get this in my error log the first 
>>>time i access a site, running as another user than my www user
>>>
>>>[crit] (13)Permission denied: mod_rewrite: could not init rewrite log 
>>>lock in child
>>
>>Yeah, I vaguely recall running into this a while back.  It's trying to
>>create a file after the setuid and chroot calls are made, and the user
>>apache becomes doesn't have access, and/or the directory doesn't exist
>>inside the chroot jail.  If you turn off RewriteLog that goes away,
>>although you won't have a rewrite log anymore.
>>
>>
>>>also it seems to take around 1 second to start the httpd processes the 
>>>first time i access a site
>>
>>This is due to the dynamic startup of apache processes.  Eventually I'll
>>probably add an option to specify how many processes to start up and
>>keep running.  So far none of my users have noticed the delay, though.
>>
> 
> 
> What could also be the problem is that peruser might use more getuid, getgid calls and 
> Karsten Schmidt uses NFS- or database (SQL/LDAP)- backed PAM or similair ?
> 
> Other reasons for slow apache startup could be DNS (if you also manage it's caching DNS-server you might wanna look in the logs, if it's more then normal or slow/whatever).

Its just a test box, nothing else than the standard apache is installed, 
and if i compile it without the peruser mpm i dont have the 1 second delay

i think its just the process starting that takes the time, i dont think 
anyone will notice the slight delay, but ill setup a few testsites and 
see if anyone notices :)

--
Karsten Schmidt
From gugge at guggemand.dk  Tue Jul 12 12:30:47 2005
From: gugge at guggemand.dk (Karsten Schmidt)
Date: Tue Jul 12 12:30:50 2005
Subject: [peruser] Permission denied: mod_rewrite
In-Reply-To: <1121191163.25222.74.camel@isis.korsoft.com>
References: <42D40348.7050900@guggemand.dk>
	<1121191163.25222.74.camel@isis.korsoft.com>
Message-ID: <42D40C57.9030907@guggemand.dk>

>>[crit] (13)Permission denied: mod_rewrite: could not init rewrite log 
>>lock in child
> 
> 
> Yeah, I vaguely recall running into this a while back.  It's trying to
> create a file after the setuid and chroot calls are made, and the user
> apache becomes doesn't have access, and/or the directory doesn't exist
> inside the chroot jail.  If you turn off RewriteLog that goes away,
> although you won't have a rewrite log anymore.

it seems RewriteLogLevel 0 isnt enough

i commented out the following in mod_rewrite.c, and mod_rewrite still 
seems to work

     /*
     rv = apr_global_mutex_child_init(&rewrite_log_lock, NULL, p);
     if (rv != APR_SUCCESS) {
         ap_log_error(APLOG_MARK, APLOG_CRIT, rv, s,
                      "mod_rewrite: could not init rewrite log lock in 
child");
     }
     */

--
Karsten Schmidt
From gabriel at telana.com  Tue Jul 12 12:31:03 2005
From: gabriel at telana.com (Sean Gabriel Heacock)
Date: Tue Jul 12 12:31:07 2005
Subject: [peruser] Permission denied: mod_rewrite
In-Reply-To: <42D40B66.6060203@guggemand.dk>
References: <42D40348.7050900@guggemand.dk>
	<1121191163.25222.74.camel@isis.korsoft.com>
	<20050712180936.GB661@consolejunkie.net>
	<42D40B66.6060203@guggemand.dk>
Message-ID: <1121193063.25222.100.camel@isis.korsoft.com>

On Tue, 2005-07-12 at 20:26 +0200, Karsten Schmidt wrote:
> Its just a test box, nothing else than the standard apache is installed, 
> and if i compile it without the peruser mpm i dont have the 1 second delay
> 
> i think its just the process starting that takes the time, i dont think 
> anyone will notice the slight delay, but ill setup a few testsites and 
> see if anyone notices :)

Yeah, it probably is just the process startup time.  That's why vanilla
apache starts up a bunch of processes right off the bat :)  But with
peruser, even one process per ServerEnvironment can really add up if you
have a lot of sites.  But there's no reason I can't make it configurable
at some point, for people who need it.

Let me know if you have any other problems running it on FreeBSD, I'm
very excited that it's working at all on a non-linux system, since
that's all I've ever tried it on :)

-- 
Sean Gabriel Heacock
Telana Internet Services
http://www.telana.com/

From gabriel at telana.com  Tue Jul 12 12:34:03 2005
From: gabriel at telana.com (Sean Gabriel Heacock)
Date: Tue Jul 12 12:34:12 2005
Subject: [peruser] Permission denied: mod_rewrite
In-Reply-To: <42D40C57.9030907@guggemand.dk>
References: <42D40348.7050900@guggemand.dk>
	<1121191163.25222.74.camel@isis.korsoft.com>
	<42D40C57.9030907@guggemand.dk>
Message-ID: <1121193243.25222.104.camel@isis.korsoft.com>

> it seems RewriteLogLevel 0 isnt enough
> 
> i commented out the following in mod_rewrite.c, and mod_rewrite still 
> seems to work

I think the trick is to comment out the "RewriteLog" directive from your
configs.  If you specify a rewrite log at all, it tries to create the
lock, even with a log level of 0 :P  Anyway that should be a better
solution than commenting out the code :)

It sure is a pain trying to debug mod_rewrite problems without the log
though... you might try figuring out where it's trying to write the lock
file and making sure the user can write to it...

-- 
Sean Gabriel Heacock
Telana Internet Services
http://www.telana.com/

From gugge at guggemand.dk  Tue Jul 12 14:08:01 2005
From: gugge at guggemand.dk (Karsten Schmidt)
Date: Tue Jul 12 14:08:12 2005
Subject: [peruser] Permission denied: mod_rewrite
In-Reply-To: <1121193243.25222.104.camel@isis.korsoft.com>
References: <42D40348.7050900@guggemand.dk>	<1121191163.25222.74.camel@isis.korsoft.com>	<42D40C57.9030907@guggemand.dk>
	<1121193243.25222.104.camel@isis.korsoft.com>
Message-ID: <42D42321.1040903@guggemand.dk>

Sean Gabriel Heacock wrote:
>>it seems RewriteLogLevel 0 isnt enough
>>
>>i commented out the following in mod_rewrite.c, and mod_rewrite still 
>>seems to work
> 
> 
> I think the trick is to comment out the "RewriteLog" directive from your
> configs.  If you specify a rewrite log at all, it tries to create the
> lock, even with a log level of 0 :P  Anyway that should be a better
> solution than commenting out the code :)
> 
> It sure is a pain trying to debug mod_rewrite problems without the log
> though... you might try figuring out where it's trying to write the lock
> file and making sure the user can write to it...
> 

I dont have a RewriteLog directive anywhere in my config, but it seems 
apache makes a /tmp/aprxxxxx file and if i chmod that 666 right after 
apache starts i dont get the errors, but it doesnt seem that secure to 
have a file 666 in /tmp :)

--
Karsten Schmidt
From gabriel at telana.com  Tue Jul 12 14:15:03 2005
From: gabriel at telana.com (Sean Gabriel Heacock)
Date: Tue Jul 12 14:15:10 2005
Subject: [peruser] Permission denied: mod_rewrite
In-Reply-To: <42D42321.1040903@guggemand.dk>
References: <42D40348.7050900@guggemand.dk>
	<1121191163.25222.74.camel@isis.korsoft.com>
	<42D40C57.9030907@guggemand.dk>
	<1121193243.25222.104.camel@isis.korsoft.com>
	<42D42321.1040903@guggemand.dk>
Message-ID: <1121199303.25222.137.camel@isis.korsoft.com>

On Tue, 2005-07-12 at 22:08 +0200, Karsten Schmidt wrote:
> I dont have a RewriteLog directive anywhere in my config, but it seems 
> apache makes a /tmp/aprxxxxx file and if i chmod that 666 right after 
> apache starts i dont get the errors, but it doesnt seem that secure to 
> have a file 666 in /tmp :)

hahaha, guess what - I did *exactly* what you did, but I completely
forgot about it.  I build apache with a custom SRPM, so I tend to forget
about the miscellaneous small patches I add to it.  Sure enough, there's
a mod_rewrite patch I made that comments out that section of code.

There's probably a way to fix this right, probably by changing when the
lock file is created.  For now, I'll probably put this patch up on the
web page, along with any others I have laying around here...

-- 
Sean Gabriel Heacock
Telana Internet Services
http://www.telana.com/

From gabriel at telana.com  Tue Jul 12 14:25:49 2005
From: gabriel at telana.com (Sean Gabriel Heacock)
Date: Tue Jul 12 14:25:58 2005
Subject: [peruser] Permission denied: mod_rewrite
In-Reply-To: <1121199303.25222.137.camel@isis.korsoft.com>
References: <42D40348.7050900@guggemand.dk>
	<1121191163.25222.74.camel@isis.korsoft.com>
	<42D40C57.9030907@guggemand.dk>
	<1121193243.25222.104.camel@isis.korsoft.com>
	<42D42321.1040903@guggemand.dk>
	<1121199303.25222.137.camel@isis.korsoft.com>
Message-ID: <1121199949.25222.148.camel@isis.korsoft.com>

On Tue, 2005-07-12 at 14:15 -0600, Sean Gabriel Heacock wrote:
> hahaha, guess what - I did *exactly* what you did, but I completely
> forgot about it.

Actually, I'm mistaken - this patch was for something else.  I'm sure at
one point I commented out that code like you did, but right now my
working copy doesn't seem to have that - I just have "RewriteLog" and
"RewriteLogLevel" commented out in httpd.conf.  In any case, at some
point I'll try to make it work correctly.  Right now it's pretty low on
the priority list though.

-- 
Sean Gabriel Heacock
Telana Internet Services
http://www.telana.com/

From gugge at guggemand.dk  Wed Jul 13 12:18:09 2005
From: gugge at guggemand.dk (Karsten Schmidt)
Date: Wed Jul 13 12:18:22 2005
Subject: [peruser] Post problem
Message-ID: <42D55AE1.7050206@guggemand.dk>

im doing some more testing, and now im getting this whenever i make a 
post to apache, get works fine

[notice] child pid 64068 exit signal Segmentation fault (11)

how can i trace the problem ?

--
Karsten Schmidt
From gabriel at telana.com  Wed Jul 13 12:23:47 2005
From: gabriel at telana.com (Sean Gabriel Heacock)
Date: Wed Jul 13 12:23:51 2005
Subject: [peruser] Post problem
In-Reply-To: <42D55AE1.7050206@guggemand.dk>
References: <42D55AE1.7050206@guggemand.dk>
Message-ID: <1121279027.5346.11.camel@isis.korsoft.com>

On Wed, 2005-07-13 at 20:18 +0200, Karsten Schmidt wrote:
> im doing some more testing, and now im getting this whenever i make a 
> post to apache, get works fine
> 
> [notice] child pid 64068 exit signal Segmentation fault (11)

ouch!  is this the latest version (0.1.6)?

> how can i trace the problem ?

Uncomment #define MPM_PERUSER_DEBUG at the top of
server/mpm/experimental/peruser.c and recompile.  That will spew a ton
of debug info to your error log... then reproduce the problem and send
the log to me.

I'm thinking the request-passing stuff is breaking on freebsd :(

-- 
Sean Gabriel Heacock
Telana Internet Services
http://www.telana.com/

From gugge at guggemand.dk  Wed Jul 13 12:31:23 2005
From: gugge at guggemand.dk (Karsten Schmidt)
Date: Wed Jul 13 12:31:26 2005
Subject: [peruser] Post problem
In-Reply-To: <1121279027.5346.11.camel@isis.korsoft.com>
References: <42D55AE1.7050206@guggemand.dk>
	<1121279027.5346.11.camel@isis.korsoft.com>
Message-ID: <42D55DFB.8030305@guggemand.dk>

Sean Gabriel Heacock wrote:
> On Wed, 2005-07-13 at 20:18 +0200, Karsten Schmidt wrote:
> 
> ouch!  is this the latest version (0.1.6)?

Yes

> Uncomment #define MPM_PERUSER_DEBUG at the top of
> server/mpm/experimental/peruser.c and recompile.  That will spew a ton
> of debug info to your error log... then reproduce the problem and send
> the log to me.
> 
> I'm thinking the request-passing stuff is breaking on freebsd :(
> 

heres what i get in the errorlog when i post a page

[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
child_main(): input available ... resetting socket.
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
child_main(): marked jmpbuffer
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
child_main(): calling process_socket()
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
process_socket(): child_num=0 sock=136220752 sock_fd=30\n
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
process_socket(): type=MULTIPLEXER 0
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
peruser_process_connection(): function entered
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
peruser_process_connection(): leaving (DECLINED)
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
peruser_post_read(): MULTIPLEXER => Determining if request should be 
passed. Child Num: 0, dest-child: 2, hostname from server: gugge.dlx.dk 
r->hostname=gugge.dlx.dk r->the_request="POST /test.html HTTP/1.1"
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
peruser_post_read(): Passing request.
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
pass_request(): passing request to another child.  Vhost: gugge.dlx.dk, 
child 0 13
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
pass_request(): r->the_request="POST /test.html HTTP/1.1" len=24
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
pass_request(): Scanning the brigade
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
pass_request(): HEAP BUCKET is found, length=5
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
pass_request(): NON-HEAP BUCKET is found, extracting the part of brigade 
before it
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
pass_request(): Brigade is flattened as body (body_len=5)
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
pass_request(): Scanning is finished
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
pass_request(): Writing message to 13, passing sock_fd:  30
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
pass_request(): header_len=518 headers="POST /test.html 
HTTP/1.1\r\nHost: gugge.dlx.dk\r\nUser-Agent: Mozilla/5.0 (Windows; U; 
Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4\r\nAccept: 
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5\r\nAccept-Language: 
da,en-us;q=0.7,en;q=0.3\r\nAccept-Encoding: 
gzip,deflate\r\nAccept-Charset: 
ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\nKeep-Alive: 300\r\nConnection: 
keep-alive\r\nReferer: http://gugge.dlx.dk/\r\nContent-Type: 
application/x-www-form-urlencoded\r\nContent-Length: 5\r\n\r\n"
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
pass_request(): body_len=5 body="test="
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
pass_request(): Writing message succeeded 532
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73246 uid=1001 child=5) 
receive_from_multiplexer(): recvmsg returned 532
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73246 uid=1001 child=5) 
receive_from_multiplexer(): trans_sock=136220816 fdx=29 sock_fd=29
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73246 uid=1001 child=5) 
receive_from_multiplexer(): header_len=518 headers="POST /test.html 
HTTP/1.1\r\nHost: gugge.dlx.dk\r\nUser-Agent: Mozilla/5.0 (Windows; U; 
Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4\r\nAccept: 
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5\r\nAccept-Language: 
da,en-us;q=0.7,en;q=0.3\r\nAccept-Encoding: 
gzip,deflate\r\nAccept-Charset: 
ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\nKeep-Alive: 300\r\nConnection: 
keep-alive\r\nReferer: http://gugge.dlx.dk/\r\nContent-Type: 
application/x-www-form-urlencoded\r\nContent-Length: 5\r\n\r\n"
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
pass_request(): closing socket 30 on our side
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
peruser_post_read(): doing longjmp
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
child_main(): landed from longjmp
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73246 uid=1001 child=5) 
receive_from_multiplexer(): body_len=5 body="test="
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73246 uid=1001 child=5) 
receive_from_multiplexer(): returning 0
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73246 uid=1001 child=5) 
child_main(): CHECKING IF WE SHOULD CLONE A CHILD...
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73246 uid=1001 child=5) 
child_main(): total_processors = 3, max_processors = 10
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73246 uid=1001 child=5) 
child_main(): idle_processors = 3, min_free_processors = 2
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73246 uid=1001 child=5) 
child_main(): marked jmpbuffer
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73246 uid=1001 child=5) 
child_main(): calling process_socket()
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73246 uid=1001 child=5) 
process_socket(): child_num=5 sock=136220816 sock_fd=29\n
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73246 uid=1001 child=5) 
process_socket(): type=WORKER 5
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73246 uid=1001 child=5) 
peruser_process_connection(): function entered
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73246 uid=1001 child=5) 
peruser_process_connection(): leaving (DECLINED)
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73246 uid=1001 child=5) 
peruser_post_read(): WORKER 5
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73246 uid=1001 child=5) 
peruser_post_read(): request for gugge.dlx.dk / (server gugge.dlx.dk) 
seems to be for us
[Wed Jul 13 20:28:43 2005] [notice] child pid 73246 exit signal 
Segmentation fault (11)
[Wed Jul 13 20:28:43 2005] [warn] (peruser: pid=73236 uid=0 child=0) 
ap_mpm_run(): child #5 has died ...
[Wed Jul 13 20:28:43 2005] [warn] (peruser: pid=73236 uid=0 child=0) 
ap_mpm_run(): calling ap_update_child_status_from_indexes
[Wed Jul 13 20:28:43 2005] [warn] (peruser: pid=73236 uid=0 child=0) 
ap_mpm_run(): returned from ap_update_child_status_from_indexes
[Wed Jul 13 20:28:43 2005] [warn] (peruser: pid=73236 uid=0 child=0) 
ap_mpm_run(): replacing by new child ...
[Wed Jul 13 20:28:43 2005] [warn] (peruser: pid=73236 uid=0 child=0) 
make_child(): function entered
[Wed Jul 13 20:28:43 2005] [warn] (peruser: pid=73253 uid=0 child=5) 
child_main(): sock_fd_in=12 sock_fd_out=13
[Wed Jul 13 20:28:43 2005] [warn] (peruser: pid=73253 uid=0 child=5) 
child_main(): WORKER 5
[Wed Jul 13 20:28:43 2005] [warn] (peruser: pid=73253 uid=0 child=5) 
listen_clear(): function entered
[Wed Jul 13 20:28:43 2005] [warn] (peruser: pid=73253 uid=0 child=5) 
listen_add(): function entered
[Wed Jul 13 20:28:43 2005] [warn] (peruser: pid=73253 uid=0 child=5) 
listen_add(): function entered
From gabriel at telana.com  Wed Jul 13 12:45:31 2005
From: gabriel at telana.com (Sean Gabriel Heacock)
Date: Wed Jul 13 12:45:36 2005
Subject: [peruser] Post problem
In-Reply-To: <42D55DFB.8030305@guggemand.dk>
References: <42D55AE1.7050206@guggemand.dk>
	<1121279027.5346.11.camel@isis.korsoft.com>
	<42D55DFB.8030305@guggemand.dk>
Message-ID: <1121280332.5346.14.camel@isis.korsoft.com>

On Wed, 2005-07-13 at 20:31 +0200, Karsten Schmidt wrote:
> heres what i get in the errorlog when i post a page

Okay, it's probably crashing somewhere at the top of the
receive_from_multiplexer() function, before the call to recvmsg() (since
that's the first debug message in there, and it didn't get that far).

I'll send you a new patch with lots of extra debug statements in that
section of code, so we can nail down exactly where it's failing.

-- 
Sean Gabriel Heacock
Telana Internet Services
http://www.telana.com/

From blaubaer at dyntux.net  Sat Jul 16 02:50:15 2005
From: blaubaer at dyntux.net (Blaubaer)
Date: Sat Jul 16 02:50:20 2005
Subject: [peruser] Mhh... chroot makes warning when using DocumentRoot
Message-ID: <030d01c589e3$645f0ee0$1900000a@bluemobile>

Hi!

I have found a little bug. :-(
When I use following lines:

Processor www_0001 clients /home/www_0001

<VirtualHost *>
    ServerEnvironment www_0001 clients /home/www_0001
    ServerName blaubaer.dyntux.net
    ServerAlias www.www_0001.dyntux.net
    ServerAdmin www_0001@dyntux.net

    DocumentRoot /www/www_0001_dyntux_net
</VirtualHost>

It works fine, but when I start the apache I get the following Warning:
Warning: DocumentRoot [/www/www_0001_dyntux_net] does not exist

The server works really fine... but this warning when I start the server is 
sh*** when I launch apx 150 VHosts ;)

/ Blaubaer


From gabriel at telana.com  Sat Jul 16 02:52:15 2005
From: gabriel at telana.com (Sean Gabriel Heacock)
Date: Sat Jul 16 02:52:19 2005
Subject: [peruser] Mhh... chroot makes warning when using DocumentRoot
In-Reply-To: <030d01c589e3$645f0ee0$1900000a@bluemobile>
References: <030d01c589e3$645f0ee0$1900000a@bluemobile>
Message-ID: <1121503935.5346.200.camel@isis.korsoft.com>

On Sat, 2005-07-16 at 10:50 +0200, Blaubaer wrote:
> It works fine, but when I start the apache I get the following Warning:
> Warning: DocumentRoot [/www/www_0001_dyntux_net] does not exist
> 
> The server works really fine... but this warning when I start the server is 
> sh*** when I launch apx 150 VHosts ;)

Yeah, I hacked my apache a bit to keep it from displaying that
warning :)  Just needed to comment out one line.

-- 
Sean Gabriel Heacock
Telana Internet Services
http://www.telana.com/

From blaubaer at dyntux.net  Sat Jul 16 04:13:36 2005
From: blaubaer at dyntux.net (Blaubaer)
Date: Sat Jul 16 04:13:37 2005
Subject: [peruser] Tip for using MySQL with PHP
References: <030d01c589e3$645f0ee0$1900000a@bluemobile>
	<1121503935.5346.200.camel@isis.korsoft.com>
Message-ID: <031301c589ef$07769c50$1900000a@bluemobile>

Hi

i have a little hack for using MySQL with PHP.

standart when the host "localhost" by mysql_connect is defined. the mysqllib 
want to use the mysql.sock file.
But when we use chroot with peruser, we have no access on this file. We can 
type 127.0.0.1 or the original server ip, but its not a nice work.

So when u edit the <php_source>/ext/mysql/php_mysql.c near

line 643 (in PHP-4.4.0)
#if MYSQL_VERSION_ID < 32200
        mysql_port = port;
#endif

        if (!MySG(allow_persistent)) {
                persistent=0;
        }

and add
        if (strcmp(host,"localhost")==0)
            host="127.0.0.1";

This will fix this small disturbing thing. mysql_connect no more mysql.sock 
will use.

/ Blaubaer

From ben at zygoat.ca  Sat Jul 16 08:34:35 2005
From: ben at zygoat.ca (Ben Kennedy)
Date: Sat Jul 16 08:34:46 2005
Subject: [peruser] Tip for using MySQL with PHP
In-Reply-To: <031301c589ef$07769c50$1900000a@bluemobile>
References: <030d01c589e3$645f0ee0$1900000a@bluemobile>
	<1121503935.5346.200.camel@isis.korsoft.com>
	<031301c589ef$07769c50$1900000a@bluemobile>
Message-ID: <20050716143435.13047@minty.zygoat.ca>

Blaubaer wrote at 12:13 PM (+0200) on 7/16/05:

>But when we use chroot with peruser, we have no access on this file. We can 
>type 127.0.0.1 or the original server ip, but its not a nice work.
[...]
>        if (strcmp(host,"localhost")==0)
>            host="127.0.0.1";

What is the difference here, then?  If I understand correctly, you are
just hiding yourself from having to type "127.0.0.1" in mysql_connect()
instead of "localhost".  So this is a purely cosmetic difference; why
would you patch mysql just to achieve that?

-ben

-- 
Ben Kennedy, chief magician
zygoat creative technical services
613-228-3392 | 1-866-466-4628
http://www.zygoat.ca


From blaubaer at dyntux.net  Sat Jul 16 15:34:35 2005
From: blaubaer at dyntux.net (Blaubaer)
Date: Sat Jul 16 15:34:37 2005
Subject: [peruser] Tip for using MySQL with PHP
References: <030d01c589e3$645f0ee0$1900000a@bluemobile><1121503935.5346.200.camel@isis.korsoft.com><031301c589ef$07769c50$1900000a@bluemobile>
	<20050716143435.13047@minty.zygoat.ca>
Message-ID: <031e01c58a4e$29c2c680$1900000a@bluemobile>

Simply... most of my users use the standart "localhost"... it's user 
friendly... when i don't change this i have to tell all this

----- Original Message ----- 
From: "Ben Kennedy" <ben@zygoat.ca>
To: "Peruser MPM List" <peruser@telana.com>
Sent: Saturday, July 16, 2005 4:34 PM
Subject: Re: [peruser] Tip for using MySQL with PHP


> Blaubaer wrote at 12:13 PM (+0200) on 7/16/05:
>
>>But when we use chroot with peruser, we have no access on this file. We 
>>can
>>type 127.0.0.1 or the original server ip, but its not a nice work.
> [...]
>>        if (strcmp(host,"localhost")==0)
>>            host="127.0.0.1";
>
> What is the difference here, then?  If I understand correctly, you are
> just hiding yourself from having to type "127.0.0.1" in mysql_connect()
> instead of "localhost".  So this is a purely cosmetic difference; why
> would you patch mysql just to achieve that?
>
> -ben
>
> -- 
> Ben Kennedy, chief magician
> zygoat creative technical services
> 613-228-3392 | 1-866-466-4628
> http://www.zygoat.ca
>
>
> _______________________________________________
> Peruser mailing list
> Peruser@telana.com
> http://www.telana.com/mailman/listinfo/peruser
> 

From robertw at ssginnovations.com  Tue Jul 26 07:09:29 2005
From: robertw at ssginnovations.com (Robert S Wojciechowski)
Date: Tue Jul 26 15:16:33 2005
Subject: [peruser] Segfaults on POST with FreeBSD 5
Message-ID: <19DAA7398555D3488B485EFA4F9E7FE80DAB59@yourmom.ssgi.local>

Requests seem to be served, but every time a POST comes in I get the
following segfault:

  [Mon Jul 25 17:00:04 2005] [notice] child pid 61049 exit signal
Segmentation fault (11)

I searched the list archives and noticed that another user (Karsten
Schmidt) was having the same problem as I, but I just wanted to chime
in. This is on version 0.1.6 as well.

Anything I can do to help?

-- Robert
From gabriel at telana.com  Tue Jul 26 15:18:15 2005
From: gabriel at telana.com (Sean Gabriel Heacock)
Date: Tue Jul 26 15:18:20 2005
Subject: [peruser] Segfaults on POST with FreeBSD 5
In-Reply-To: <19DAA7398555D3488B485EFA4F9E7FE80DAB59@yourmom.ssgi.local>
References: <19DAA7398555D3488B485EFA4F9E7FE80DAB59@yourmom.ssgi.local>
Message-ID: <1122412695.4934.6.camel@isis.korsoft.com>

On Tue, 2005-07-26 at 09:09 -0400, Robert S Wojciechowski wrote:
> I searched the list archives and noticed that another user (Karsten
> Schmidt) was having the same problem as I, but I just wanted to chime
> in. This is on version 0.1.6 as well.
> 
> Anything I can do to help?

I've been meaning to add some extra debugging for Karsten to test
with... got caught up with other work though.  When I've got it ready
I'll send it to both of you to test.

-- 
Sean Gabriel Heacock
Telana Internet Services
http://www.telana.com/

From pascal at carat-hosting.com  Sun Jul  3 04:08:44 2005
From: pascal at carat-hosting.com (Pascal - Carat-Hosting.com)
Date: Tue Oct 10 22:21:36 2006
Subject: [peruser] New potential user of peruser : some questions
Message-ID: <20050703100857.23E221C000A2@mwinf1109.wanadoo.fr>

Hello,
 
I look for a while for something like peruser. So happy to find it :)
 
But I have few questions before give it a try.
 
All my box use httpd 2.0.54 and not 2.0.52, is it very difficult to change
the patch to apply it on a 2.0.54 ? 
I think it is possible as it is only a minor release, but as I don't know
exactly what does the peruser patch I ask you before
 
Did someone test it and/or use it in a production environment ? 
On some boxes I have more than 100 vhost. 
Did you see some performance impact ?
 
Does the release of Peruser is in stable state ?
 
I know that I should test it and see by myself, it's true that do a
compilation of httpd is not so difficult, it just takes time. 
But I'd like to have the opinion of existing user of peruser. 
 
Thanks a ton for your help/advises
 
Pascal
(hope my english is not too bad :-p )
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.telana.com/pipermail/peruser/attachments/20050703/80569514/attachment.html
From gabriel at telana.com  Sun Jul  3 04:17:06 2005
From: gabriel at telana.com (Sean Gabriel Heacock)
Date: Tue Oct 10 22:21:36 2006
Subject: [peruser] New potential user of peruser : some questions
In-Reply-To: <20050703100857.23E221C000A2@mwinf1109.wanadoo.fr>
References: <20050703100857.23E221C000A2@mwinf1109.wanadoo.fr>
Message-ID: <1120385826.30831.24.camel@isis.korsoft.com>

On Sun, 2005-07-03 at 12:08 +0200, Pascal - Carat-Hosting.com wrote: 
> All my box use httpd 2.0.54 and not 2.0.52, is it very difficult to
> change the patch to apply it on a 2.0.54 ? 
> I think it is possible as it is only a minor release, but as I don't
> know exactly what does the peruser patch I ask you before

I think there is a change in 53 or 54 that breaks something.  Upgrading
to the latest version of apache and making sure peruser is next on my
todo list.

> Did someone test it and/or use it in a production environment ? 
> On some boxes I have more than 100 vhost. 
> Did you see some performance impact ?

I run it on my production server, with about 100 domains.  My setup is
extremely dependent on the features provided by peruser, so I can't
compare it directly to a vanilla apache setup.  But I don't think
there's any noticeable performance impact, at least with the current
version.

However, I don't recommend running it on a production system yourself,
at least without *significant* testing first.  The peruser mpm comes
with absolutely no warranty!

> Does the release of Peruser is in stable state ?

No, I'd call it alpha right now :)

> I know that I should test it and see by myself, it's true that do a
> compilation of httpd is not so difficult, it just takes time. 
> But I'd like to have the opinion of existing user of peruser. 

It works for me, but I wrote it :)  The main problem seems to be in
getting your httpd.conf exactly right.  Hopefully as long as you go off
of the example configuration on the web page, it should work okay.

-- 
Sean Gabriel Heacock
Telana Internet Services
http://www.telana.com/


From pascal at carat-hosting.com  Sun Jul  3 04:31:15 2005
From: pascal at carat-hosting.com (Pascal - Carat-Hosting.com)
Date: Tue Oct 10 22:21:36 2006
Subject: [peruser] New potential user of peruser : some questions
In-Reply-To: <1120385826.30831.24.camel@isis.korsoft.com>
Message-ID: <20050703103128.8076E1C000BB@mwinf1112.wanadoo.fr>

Thanks for your quick answer.

I have an other questoin about the configuration.
In the VirtualHost section there is :
 # this must match a Processor"
      ServerEnvironment user group /home/user

Does that mean that in the main httpd configuration I must have a processor
per user/group (so per domain)

Something like
Processor user1 group1 /home/user1
Processor user2 group2 /home/user2
Processor user3 group3 /home/user3

Then in the VirtualHost section (per domain)
<VirtualHost domain1.com>
    ServerName domain1.com
    <IfModule peruser.c>
      # this must match a Processor
      ServerEnvironment user1 group1 /home/user1
</VirtualHost>
<VirtualHost domain2.com>
    ServerName domain2.com
    <IfModule peruser.c>
      # this must match a Processor
      ServerEnvironment user2 group2 /home/user2
</VirtualHost>

Etc ....

I also use SuexecUserGroup user group in my VirtualHost for CGI pgms. Any
impact with peruser ?

I promise, I stop asking a lot of things, I'll test it on a test server with
httpd 2.0.52
Just want to be sure for the processor case

Pascal

> All my box use httpd 2.0.54 and not 2.0.52, is it very difficult to 
> change the patch to apply it on a 2.0.54 ?
> I think it is possible as it is only a minor release, but as I don't 
> know exactly what does the peruser patch I ask you before

I think there is a change in 53 or 54 that breaks something.  Upgrading to
the latest version of apache and making sure peruser is next on my todo
list.

> Did someone test it and/or use it in a production environment ? 
> On some boxes I have more than 100 vhost. 
> Did you see some performance impact ?

I run it on my production server, with about 100 domains.  My setup is
extremely dependent on the features provided by peruser, so I can't compare
it directly to a vanilla apache setup.  But I don't think there's any
noticeable performance impact, at least with the current version.

However, I don't recommend running it on a production system yourself, at
least without *significant* testing first.  The peruser mpm comes with
absolutely no warranty!

> Does the release of Peruser is in stable state ?

No, I'd call it alpha right now :)

> I know that I should test it and see by myself, it's true that do a 
> compilation of httpd is not so difficult, it just takes time.
> But I'd like to have the opinion of existing user of peruser. 

It works for me, but I wrote it :)  The main problem seems to be in getting
your httpd.conf exactly right.  Hopefully as long as you go off of the
example configuration on the web page, it should work okay.

--
Sean Gabriel Heacock
Telana Internet Services
http://www.telana.com/

_______________________________________________
Peruser mailing list
Peruser@telana.com
http://www.telana.com/mailman/listinfo/peruser





From gabriel at telana.com  Sun Jul  3 19:28:20 2005
From: gabriel at telana.com (Sean Gabriel Heacock)
Date: Tue Oct 10 22:21:36 2006
Subject: [peruser] New potential user of peruser : some questions
In-Reply-To: <20050703103128.8076E1C000BB@mwinf1112.wanadoo.fr>
References: <20050703103128.8076E1C000BB@mwinf1112.wanadoo.fr>
Message-ID: <1120440501.30831.47.camel@isis.korsoft.com>

On Sun, 2005-07-03 at 12:31 +0200, Pascal - Carat-Hosting.com wrote:
> Thanks for your quick answer.

No problem, I was up late :)  Sorry for the delay on this one, my ISP
has been down all day.

> I have an other questoin about the configuration.
> In the VirtualHost section there is :
>  # this must match a Processor"
>       ServerEnvironment user group /home/user
> 
> Does that mean that in the main httpd configuration I must have a processor
> per user/group (so per domain)

That's right.  You can also do this:

Processor user1 group1 /home/user1

<VirtualHost www.domain1.com>
  ServerEnvironment user1 group1 /home/user1
</VirtualHost>

<VirtualHost www.domain2.com>
  ServerEnvironment user1 group1 /home/user1
</VirtualHost>

That is, you can have several vhosts share the same server environment.
There just needs to be a Processor directive that matches (but only one,
you wouldn't need two of them in the example above).

That's how my system is set up - each account on the server has a
"Processor" directive, and one or more domains, all set to use the same
user, group, and chroot directory.

> I also use SuexecUserGroup user group in my VirtualHost for CGI pgms. Any
> impact with peruser ?

It probably wouldn't work, because peruser will already by doing the
setuid/setgid stuff.  Suexec becomes unnecessary - any cgi programs will
be executed by an apache process that's already running as the desired
user and group, so the cgi will also run as that user and group.

> I promise, I stop asking a lot of things, I'll test it on a test server with
> httpd 2.0.52
> Just want to be sure for the processor case

If you have problems getting it working, the first thing to try is to
remove the chroot directories from the configuration.  Getting that to
work properly can be very tricky.

-- 
Sean Gabriel Heacock
Telana Internet Services
http://www.telana.com/


From ctron at dentrassi.de  Sun Jul  3 23:53:47 2005
From: ctron at dentrassi.de (Jens Reimann)
Date: Tue Oct 10 22:21:36 2006
Subject: [peruser] fc3 rpms for 0.15
Message-ID: <20050704055347.BB8A824ADE0@flux.dentrassi.de>

Hi,

I made some RPMS for Fedore Core 3.

http://dentrassi.de/download/peruser/0.15/

Anyway I still got the some problems. subversion is not working, referers and
source IP address are unknown and ssl connections simply die.

Let me know if I can help in some way.


From gabriel at telana.com  Mon Jul  4 14:24:39 2005
From: gabriel at telana.com (Sean Gabriel Heacock)
Date: Tue Oct 10 22:21:36 2006
Subject: [peruser] fc3 rpms for 0.15
In-Reply-To: <20050704055347.BB8A824ADE0@flux.dentrassi.de>
References: <20050704055347.BB8A824ADE0@flux.dentrassi.de>
Message-ID: <1120508679.30831.50.camel@isis.korsoft.com>

On Mon, 2005-07-04 at 05:53 +0000, Jens Reimann wrote:
> I made some RPMS for Fedore Core 3.
> 
> http://dentrassi.de/download/peruser/0.15/

Cool!

> Anyway I still got the some problems. subversion is not working, referers and
> source IP address are unknown and ssl connections simply die.

Well mod_ssl is pretty much incompatible with the way requests are
passed between processes inside peruser.  Maybe someone who's familiar
with the internals of mod_ssl can fix it, but I think it's a bit beyond
me.  I use an SSL reverse-proxy in front of apache, so apache only gets
regular http connections.  It's at http://www.apsis.ch/pound/

-- 
Sean Gabriel Heacock
Telana Internet Services
http://www.telana.com/


From alvarotorres at gmail.com  Mon Jul  4 19:26:43 2005
From: alvarotorres at gmail.com (Alvaro Torres F.)
Date: Tue Oct 10 22:21:36 2006
Subject: [peruser] publishing users home directory with 700 acces
Message-ID: <1a5a996d0507041826b1d44f5@mail.gmail.com>

Hello I don?t know if this is the right plase to ask this question.
I?ve a server with 50 users and I want to protect the home directory of 
every user chmoding to 700 everyone, then nobody can acces to a home 
directory of another user.
The Document Root in apache is set to /home, making the URL 
http://domain.com/user
But when I open the URL in the browser I?ve get a nice Forbidden page, tell 
me ?you don?t have permision to acces /user/?
How can make the users can publish their own page without modify the 700 
acces.
I can?t make a chroot because the users use many aplications of the server.
May be making apache to run like the owner to the home directory, but I 
don?t know how do that.
Thanks a lot.


-- 
Atte. Alvaro Torres F.
USER_LOCAL = Universidad Arturo Prat - Chile
USER_PATH = / Departamento de Ingenier?a / Ingenier?a Civil en Computaci?n e 
Inform?tica
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.telana.com/pipermail/peruser/attachments/20050704/000ba608/attachment.html
From gabriel at telana.com  Mon Jul  4 23:54:18 2005
From: gabriel at telana.com (Sean Gabriel Heacock)
Date: Tue Oct 10 22:21:36 2006
Subject: [peruser] publishing users home directory with 700 acces
In-Reply-To: <1a5a996d0507041826b1d44f5@mail.gmail.com>
References: <1a5a996d0507041826b1d44f5@mail.gmail.com>
Message-ID: <1120542858.30831.58.camel@isis.korsoft.com>

On Mon, 2005-07-04 at 21:26 -0400, Alvaro Torres F. wrote:
> Hello I don?t know if this is the right plase to ask this question.

Well this list is for the peruser module for apache2, so if you're not
running that then this is probably more of a general apache question.

> I?ve a server with 50 users and I want to protect the home directory
> of every user chmoding to 700 everyone, then nobody  can acces to a
> home directory of another user.

With vanilla apache, the web server would be running as "apache" or
"www" or some such user, and the directories would have to be accessible
by that user.  A permission of 711 might work, that would give all users
the ability to enter the directory, but not to read its contents.
Apache is usually going to be requesting specific files, so it's fine
with that, but any other users would get "permission denied" if they
tried to "ls" in someone else's directory.  It's not optimal, but it's
better than 755.  It's exactly this kind of situation that prompted me
to work on this peruser project.

With peruser, even if you didn't use the chroot feature, the home
directory could be owned by the user and set to the mode 700.  Apache
would be able to access it because it would be running as that user when
serving those files.  But, it's still very much in development and
really not suited for production use yet.

-- 
Sean Gabriel Heacock
Telana Internet Services
http://www.telana.com/


From gugge at guggemand.dk  Tue Jul 12 11:52:08 2005
From: gugge at guggemand.dk (Karsten Schmidt)
Date: Tue Oct 10 22:21:36 2006
Subject: [peruser] Permission denied: mod_rewrite
Message-ID: <42D40348.7050900@guggemand.dk>

Im testing peruser on my FreeBSD 5.4 box, with apache 2.0.54

everything seems to work fine, but i get this in my error log the first 
time i access a site, running as another user than my www user

[crit] (13)Permission denied: mod_rewrite: could not init rewrite log 
lock in child

also it seems to take around 1 second to start the httpd processes the 
first time i access a site

What could i try to solve these problems?

--
Karsten Schmidt

From gabriel at telana.com  Tue Jul 12 11:59:23 2005
From: gabriel at telana.com (Sean Gabriel Heacock)
Date: Tue Oct 10 22:21:36 2006
Subject: [peruser] Permission denied: mod_rewrite
In-Reply-To: <42D40348.7050900@guggemand.dk>
References: <42D40348.7050900@guggemand.dk>
Message-ID: <1121191163.25222.74.camel@isis.korsoft.com>

On Tue, 2005-07-12 at 19:52 +0200, Karsten Schmidt wrote:
> Im testing peruser on my FreeBSD 5.4 box, with apache 2.0.54
> 
> everything seems to work fine, but i get this in my error log the first 
> time i access a site, running as another user than my www user
> 
> [crit] (13)Permission denied: mod_rewrite: could not init rewrite log 
> lock in child

Yeah, I vaguely recall running into this a while back.  It's trying to
create a file after the setuid and chroot calls are made, and the user
apache becomes doesn't have access, and/or the directory doesn't exist
inside the chroot jail.  If you turn off RewriteLog that goes away,
although you won't have a rewrite log anymore.

> also it seems to take around 1 second to start the httpd processes the 
> first time i access a site

This is due to the dynamic startup of apache processes.  Eventually I'll
probably add an option to specify how many processes to start up and
keep running.  So far none of my users have noticed the delay, though.

-- 
Sean Gabriel Heacock
Telana Internet Services
http://www.telana.com/


From leen at consolejunkie.net  Tue Jul 12 12:09:36 2005
From: leen at consolejunkie.net (Leen Besselink)
Date: Tue Oct 10 22:21:36 2006
Subject: [peruser] Permission denied: mod_rewrite
In-Reply-To: <1121191163.25222.74.camel@isis.korsoft.com>
References: <42D40348.7050900@guggemand.dk>
	<1121191163.25222.74.camel@isis.korsoft.com>
Message-ID: <20050712180936.GB661@consolejunkie.net>

On Tue, Jul 12, 2005 at 11:59:23AM -0600, Sean Gabriel Heacock wrote:
> On Tue, 2005-07-12 at 19:52 +0200, Karsten Schmidt wrote:
> > Im testing peruser on my FreeBSD 5.4 box, with apache 2.0.54
> > 
> > everything seems to work fine, but i get this in my error log the first 
> > time i access a site, running as another user than my www user
> > 
> > [crit] (13)Permission denied: mod_rewrite: could not init rewrite log 
> > lock in child
> 
> Yeah, I vaguely recall running into this a while back.  It's trying to
> create a file after the setuid and chroot calls are made, and the user
> apache becomes doesn't have access, and/or the directory doesn't exist
> inside the chroot jail.  If you turn off RewriteLog that goes away,
> although you won't have a rewrite log anymore.
> 
> > also it seems to take around 1 second to start the httpd processes the 
> > first time i access a site
> 
> This is due to the dynamic startup of apache processes.  Eventually I'll
> probably add an option to specify how many processes to start up and
> keep running.  So far none of my users have noticed the delay, though.
> 

What could also be the problem is that peruser might use more getuid, getgid calls and 
Karsten Schmidt uses NFS- or database (SQL/LDAP)- backed PAM or similair ?

Other reasons for slow apache startup could be DNS (if you also manage it's caching DNS-server you might wanna look in the logs, if it's more then normal or slow/whatever).

Those are some things that I could think of.

From gabriel at telana.com  Tue Jul 12 12:15:13 2005
From: gabriel at telana.com (Sean Gabriel Heacock)
Date: Tue Oct 10 22:21:36 2006
Subject: [peruser] Permission denied: mod_rewrite
In-Reply-To: <20050712180936.GB661@consolejunkie.net>
References: <42D40348.7050900@guggemand.dk>
	<1121191163.25222.74.camel@isis.korsoft.com>
	<20050712180936.GB661@consolejunkie.net>
Message-ID: <1121192113.25222.83.camel@isis.korsoft.com>

On Tue, 2005-07-12 at 20:09 +0200, Leen Besselink wrote:
> What could also be the problem is that peruser might use more getuid,
> getgid calls and Karsten Schmidt uses NFS- or database (SQL/LDAP)-
> backed PAM or similair ?
> 
> Other reasons for slow apache startup could be DNS (if you also manage
> it's caching DNS-server you might wanna look in the logs, if it's more
> then normal or slow/whatever).

That's a good point, I use pam_mysql/nss_mysql.  Linux has nscd to cache
pwent lookups, and dns too.  If FreeBSD has that, or something similiar,
it might be worth a shot.

(I actually have to run two instances of nscd, the normal one and
another that's chrooted into the chroot jail my users share.  It's a
hack but it works ;)

-- 
Sean Gabriel Heacock
Telana Internet Services
http://www.telana.com/


From gabriel at telana.com  Tue Jul 12 12:23:07 2005
From: gabriel at telana.com (Sean Gabriel Heacock)
Date: Tue Oct 10 22:21:36 2006
Subject: [peruser] peruser 0.1.6 released
In-Reply-To: <1120160302.28839.195.camel@isis.korsoft.com>
References: <1114585902.28972.291.camel@isis.korsoft.com>
	<1118663602.4786.69.camel@isis.korsoft.com>
	<1120021397.28839.135.camel@isis.korsoft.com>
	<1120160302.28839.195.camel@isis.korsoft.com>
Message-ID: <1121192587.25222.92.camel@isis.korsoft.com>

Minor bugfix; graceful restarts weren't closing some sockets, so with a
lot of ServerEnvironments, after a few of those it'd reach the
FD_SETSIZE file descriptor limit and crash.

http://www.telana.com/files/httpd-2.0.52-peruser-0.1.6.patch

Speaking of FD_SETSIZE, it's advisable to raise that limit when you
compile apache.  On linux it's set in /usr/include/linux/posix_types.h
and you'll also need to put "ulimit -n <new limit>" in apachectl or your
init.d script.  I find the default limit of 1024 to be too low even
without the socket-hungry peruser.

The next version will require apache 2.0.54, once I figure out this
webdav problem.

-- 
Sean Gabriel Heacock
Telana Internet Services
http://www.telana.com/


From gugge at guggemand.dk  Tue Jul 12 12:26:46 2005
From: gugge at guggemand.dk (Karsten Schmidt)
Date: Tue Oct 10 22:21:36 2006
Subject: [peruser] Permission denied: mod_rewrite
In-Reply-To: <20050712180936.GB661@consolejunkie.net>
References: <42D40348.7050900@guggemand.dk>	<1121191163.25222.74.camel@isis.korsoft.com>
	<20050712180936.GB661@consolejunkie.net>
Message-ID: <42D40B66.6060203@guggemand.dk>

Leen Besselink wrote:
> On Tue, Jul 12, 2005 at 11:59:23AM -0600, Sean Gabriel Heacock wrote:
> 
>>On Tue, 2005-07-12 at 19:52 +0200, Karsten Schmidt wrote:
>>
>>>Im testing peruser on my FreeBSD 5.4 box, with apache 2.0.54
>>>
>>>everything seems to work fine, but i get this in my error log the first 
>>>time i access a site, running as another user than my www user
>>>
>>>[crit] (13)Permission denied: mod_rewrite: could not init rewrite log 
>>>lock in child
>>
>>Yeah, I vaguely recall running into this a while back.  It's trying to
>>create a file after the setuid and chroot calls are made, and the user
>>apache becomes doesn't have access, and/or the directory doesn't exist
>>inside the chroot jail.  If you turn off RewriteLog that goes away,
>>although you won't have a rewrite log anymore.
>>
>>
>>>also it seems to take around 1 second to start the httpd processes the 
>>>first time i access a site
>>
>>This is due to the dynamic startup of apache processes.  Eventually I'll
>>probably add an option to specify how many processes to start up and
>>keep running.  So far none of my users have noticed the delay, though.
>>
> 
> 
> What could also be the problem is that peruser might use more getuid, getgid calls and 
> Karsten Schmidt uses NFS- or database (SQL/LDAP)- backed PAM or similair ?
> 
> Other reasons for slow apache startup could be DNS (if you also manage it's caching DNS-server you might wanna look in the logs, if it's more then normal or slow/whatever).

Its just a test box, nothing else than the standard apache is installed, 
and if i compile it without the peruser mpm i dont have the 1 second delay

i think its just the process starting that takes the time, i dont think 
anyone will notice the slight delay, but ill setup a few testsites and 
see if anyone notices :)

--
Karsten Schmidt

From gugge at guggemand.dk  Tue Jul 12 12:30:47 2005
From: gugge at guggemand.dk (Karsten Schmidt)
Date: Tue Oct 10 22:21:36 2006
Subject: [peruser] Permission denied: mod_rewrite
In-Reply-To: <1121191163.25222.74.camel@isis.korsoft.com>
References: <42D40348.7050900@guggemand.dk>
	<1121191163.25222.74.camel@isis.korsoft.com>
Message-ID: <42D40C57.9030907@guggemand.dk>

>>[crit] (13)Permission denied: mod_rewrite: could not init rewrite log 
>>lock in child
> 
> 
> Yeah, I vaguely recall running into this a while back.  It's trying to
> create a file after the setuid and chroot calls are made, and the user
> apache becomes doesn't have access, and/or the directory doesn't exist
> inside the chroot jail.  If you turn off RewriteLog that goes away,
> although you won't have a rewrite log anymore.

it seems RewriteLogLevel 0 isnt enough

i commented out the following in mod_rewrite.c, and mod_rewrite still 
seems to work

     /*
     rv = apr_global_mutex_child_init(&rewrite_log_lock, NULL, p);
     if (rv != APR_SUCCESS) {
         ap_log_error(APLOG_MARK, APLOG_CRIT, rv, s,
                      "mod_rewrite: could not init rewrite log lock in 
child");
     }
     */

--
Karsten Schmidt

From gabriel at telana.com  Tue Jul 12 12:31:03 2005
From: gabriel at telana.com (Sean Gabriel Heacock)
Date: Tue Oct 10 22:21:36 2006
Subject: [peruser] Permission denied: mod_rewrite
In-Reply-To: <42D40B66.6060203@guggemand.dk>
References: <42D40348.7050900@guggemand.dk>
	<1121191163.25222.74.camel@isis.korsoft.com>
	<20050712180936.GB661@consolejunkie.net>
	<42D40B66.6060203@guggemand.dk>
Message-ID: <1121193063.25222.100.camel@isis.korsoft.com>

On Tue, 2005-07-12 at 20:26 +0200, Karsten Schmidt wrote:
> Its just a test box, nothing else than the standard apache is installed, 
> and if i compile it without the peruser mpm i dont have the 1 second delay
> 
> i think its just the process starting that takes the time, i dont think 
> anyone will notice the slight delay, but ill setup a few testsites and 
> see if anyone notices :)

Yeah, it probably is just the process startup time.  That's why vanilla
apache starts up a bunch of processes right off the bat :)  But with
peruser, even one process per ServerEnvironment can really add up if you
have a lot of sites.  But there's no reason I can't make it configurable
at some point, for people who need it.

Let me know if you have any other problems running it on FreeBSD, I'm
very excited that it's working at all on a non-linux system, since
that's all I've ever tried it on :)

-- 
Sean Gabriel Heacock
Telana Internet Services
http://www.telana.com/


From gabriel at telana.com  Tue Jul 12 12:34:03 2005
From: gabriel at telana.com (Sean Gabriel Heacock)
Date: Tue Oct 10 22:21:36 2006
Subject: [peruser] Permission denied: mod_rewrite
In-Reply-To: <42D40C57.9030907@guggemand.dk>
References: <42D40348.7050900@guggemand.dk>
	<1121191163.25222.74.camel@isis.korsoft.com>
	<42D40C57.9030907@guggemand.dk>
Message-ID: <1121193243.25222.104.camel@isis.korsoft.com>

> it seems RewriteLogLevel 0 isnt enough
> 
> i commented out the following in mod_rewrite.c, and mod_rewrite still 
> seems to work

I think the trick is to comment out the "RewriteLog" directive from your
configs.  If you specify a rewrite log at all, it tries to create the
lock, even with a log level of 0 :P  Anyway that should be a better
solution than commenting out the code :)

It sure is a pain trying to debug mod_rewrite problems without the log
though... you might try figuring out where it's trying to write the lock
file and making sure the user can write to it...

-- 
Sean Gabriel Heacock
Telana Internet Services
http://www.telana.com/


From gugge at guggemand.dk  Tue Jul 12 14:08:01 2005
From: gugge at guggemand.dk (Karsten Schmidt)
Date: Tue Oct 10 22:21:36 2006
Subject: [peruser] Permission denied: mod_rewrite
In-Reply-To: <1121193243.25222.104.camel@isis.korsoft.com>
References: <42D40348.7050900@guggemand.dk>	<1121191163.25222.74.camel@isis.korsoft.com>	<42D40C57.9030907@guggemand.dk>
	<1121193243.25222.104.camel@isis.korsoft.com>
Message-ID: <42D42321.1040903@guggemand.dk>

Sean Gabriel Heacock wrote:
>>it seems RewriteLogLevel 0 isnt enough
>>
>>i commented out the following in mod_rewrite.c, and mod_rewrite still 
>>seems to work
> 
> 
> I think the trick is to comment out the "RewriteLog" directive from your
> configs.  If you specify a rewrite log at all, it tries to create the
> lock, even with a log level of 0 :P  Anyway that should be a better
> solution than commenting out the code :)
> 
> It sure is a pain trying to debug mod_rewrite problems without the log
> though... you might try figuring out where it's trying to write the lock
> file and making sure the user can write to it...
> 

I dont have a RewriteLog directive anywhere in my config, but it seems 
apache makes a /tmp/aprxxxxx file and if i chmod that 666 right after 
apache starts i dont get the errors, but it doesnt seem that secure to 
have a file 666 in /tmp :)

--
Karsten Schmidt

From gabriel at telana.com  Tue Jul 12 14:15:03 2005
From: gabriel at telana.com (Sean Gabriel Heacock)
Date: Tue Oct 10 22:21:36 2006
Subject: [peruser] Permission denied: mod_rewrite
In-Reply-To: <42D42321.1040903@guggemand.dk>
References: <42D40348.7050900@guggemand.dk>
	<1121191163.25222.74.camel@isis.korsoft.com>
	<42D40C57.9030907@guggemand.dk>
	<1121193243.25222.104.camel@isis.korsoft.com>
	<42D42321.1040903@guggemand.dk>
Message-ID: <1121199303.25222.137.camel@isis.korsoft.com>

On Tue, 2005-07-12 at 22:08 +0200, Karsten Schmidt wrote:
> I dont have a RewriteLog directive anywhere in my config, but it seems 
> apache makes a /tmp/aprxxxxx file and if i chmod that 666 right after 
> apache starts i dont get the errors, but it doesnt seem that secure to 
> have a file 666 in /tmp :)

hahaha, guess what - I did *exactly* what you did, but I completely
forgot about it.  I build apache with a custom SRPM, so I tend to forget
about the miscellaneous small patches I add to it.  Sure enough, there's
a mod_rewrite patch I made that comments out that section of code.

There's probably a way to fix this right, probably by changing when the
lock file is created.  For now, I'll probably put this patch up on the
web page, along with any others I have laying around here...

-- 
Sean Gabriel Heacock
Telana Internet Services
http://www.telana.com/


From gabriel at telana.com  Tue Jul 12 14:25:49 2005
From: gabriel at telana.com (Sean Gabriel Heacock)
Date: Tue Oct 10 22:21:37 2006
Subject: [peruser] Permission denied: mod_rewrite
In-Reply-To: <1121199303.25222.137.camel@isis.korsoft.com>
References: <42D40348.7050900@guggemand.dk>
	<1121191163.25222.74.camel@isis.korsoft.com>
	<42D40C57.9030907@guggemand.dk>
	<1121193243.25222.104.camel@isis.korsoft.com>
	<42D42321.1040903@guggemand.dk>
	<1121199303.25222.137.camel@isis.korsoft.com>
Message-ID: <1121199949.25222.148.camel@isis.korsoft.com>

On Tue, 2005-07-12 at 14:15 -0600, Sean Gabriel Heacock wrote:
> hahaha, guess what - I did *exactly* what you did, but I completely
> forgot about it.

Actually, I'm mistaken - this patch was for something else.  I'm sure at
one point I commented out that code like you did, but right now my
working copy doesn't seem to have that - I just have "RewriteLog" and
"RewriteLogLevel" commented out in httpd.conf.  In any case, at some
point I'll try to make it work correctly.  Right now it's pretty low on
the priority list though.

-- 
Sean Gabriel Heacock
Telana Internet Services
http://www.telana.com/


From gugge at guggemand.dk  Wed Jul 13 12:18:09 2005
From: gugge at guggemand.dk (Karsten Schmidt)
Date: Tue Oct 10 22:21:37 2006
Subject: [peruser] Post problem
Message-ID: <42D55AE1.7050206@guggemand.dk>

im doing some more testing, and now im getting this whenever i make a 
post to apache, get works fine

[notice] child pid 64068 exit signal Segmentation fault (11)

how can i trace the problem ?

--
Karsten Schmidt

From gabriel at telana.com  Wed Jul 13 12:23:47 2005
From: gabriel at telana.com (Sean Gabriel Heacock)
Date: Tue Oct 10 22:21:37 2006
Subject: [peruser] Post problem
In-Reply-To: <42D55AE1.7050206@guggemand.dk>
References: <42D55AE1.7050206@guggemand.dk>
Message-ID: <1121279027.5346.11.camel@isis.korsoft.com>

On Wed, 2005-07-13 at 20:18 +0200, Karsten Schmidt wrote:
> im doing some more testing, and now im getting this whenever i make a 
> post to apache, get works fine
> 
> [notice] child pid 64068 exit signal Segmentation fault (11)

ouch!  is this the latest version (0.1.6)?

> how can i trace the problem ?

Uncomment #define MPM_PERUSER_DEBUG at the top of
server/mpm/experimental/peruser.c and recompile.  That will spew a ton
of debug info to your error log... then reproduce the problem and send
the log to me.

I'm thinking the request-passing stuff is breaking on freebsd :(

-- 
Sean Gabriel Heacock
Telana Internet Services
http://www.telana.com/


From gugge at guggemand.dk  Wed Jul 13 12:31:23 2005
From: gugge at guggemand.dk (Karsten Schmidt)
Date: Tue Oct 10 22:21:37 2006
Subject: [peruser] Post problem
In-Reply-To: <1121279027.5346.11.camel@isis.korsoft.com>
References: <42D55AE1.7050206@guggemand.dk>
	<1121279027.5346.11.camel@isis.korsoft.com>
Message-ID: <42D55DFB.8030305@guggemand.dk>

Sean Gabriel Heacock wrote:
> On Wed, 2005-07-13 at 20:18 +0200, Karsten Schmidt wrote:
> 
> ouch!  is this the latest version (0.1.6)?

Yes

> Uncomment #define MPM_PERUSER_DEBUG at the top of
> server/mpm/experimental/peruser.c and recompile.  That will spew a ton
> of debug info to your error log... then reproduce the problem and send
> the log to me.
> 
> I'm thinking the request-passing stuff is breaking on freebsd :(
> 

heres what i get in the errorlog when i post a page

[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
child_main(): input available ... resetting socket.
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
child_main(): marked jmpbuffer
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
child_main(): calling process_socket()
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
process_socket(): child_num=0 sock=136220752 sock_fd=30\n
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
process_socket(): type=MULTIPLEXER 0
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
peruser_process_connection(): function entered
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
peruser_process_connection(): leaving (DECLINED)
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
peruser_post_read(): MULTIPLEXER => Determining if request should be 
passed. Child Num: 0, dest-child: 2, hostname from server: gugge.dlx.dk 
r->hostname=gugge.dlx.dk r->the_request="POST /test.html HTTP/1.1"
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
peruser_post_read(): Passing request.
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
pass_request(): passing request to another child.  Vhost: gugge.dlx.dk, 
child 0 13
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
pass_request(): r->the_request="POST /test.html HTTP/1.1" len=24
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
pass_request(): Scanning the brigade
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
pass_request(): HEAP BUCKET is found, length=5
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
pass_request(): NON-HEAP BUCKET is found, extracting the part of brigade 
before it
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
pass_request(): Brigade is flattened as body (body_len=5)
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
pass_request(): Scanning is finished
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
pass_request(): Writing message to 13, passing sock_fd:  30
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
pass_request(): header_len=518 headers="POST /test.html 
HTTP/1.1\r\nHost: gugge.dlx.dk\r\nUser-Agent: Mozilla/5.0 (Windows; U; 
Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4\r\nAccept: 
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5\r\nAccept-Language: 
da,en-us;q=0.7,en;q=0.3\r\nAccept-Encoding: 
gzip,deflate\r\nAccept-Charset: 
ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\nKeep-Alive: 300\r\nConnection: 
keep-alive\r\nReferer: http://gugge.dlx.dk/\r\nContent-Type: 
application/x-www-form-urlencoded\r\nContent-Length: 5\r\n\r\n"
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
pass_request(): body_len=5 body="test="
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
pass_request(): Writing message succeeded 532
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73246 uid=1001 child=5) 
receive_from_multiplexer(): recvmsg returned 532
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73246 uid=1001 child=5) 
receive_from_multiplexer(): trans_sock=136220816 fdx=29 sock_fd=29
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73246 uid=1001 child=5) 
receive_from_multiplexer(): header_len=518 headers="POST /test.html 
HTTP/1.1\r\nHost: gugge.dlx.dk\r\nUser-Agent: Mozilla/5.0 (Windows; U; 
Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4\r\nAccept: 
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5\r\nAccept-Language: 
da,en-us;q=0.7,en;q=0.3\r\nAccept-Encoding: 
gzip,deflate\r\nAccept-Charset: 
ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\nKeep-Alive: 300\r\nConnection: 
keep-alive\r\nReferer: http://gugge.dlx.dk/\r\nContent-Type: 
application/x-www-form-urlencoded\r\nContent-Length: 5\r\n\r\n"
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
pass_request(): closing socket 30 on our side
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
peruser_post_read(): doing longjmp
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
child_main(): landed from longjmp
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73246 uid=1001 child=5) 
receive_from_multiplexer(): body_len=5 body="test="
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73246 uid=1001 child=5) 
receive_from_multiplexer(): returning 0
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73246 uid=1001 child=5) 
child_main(): CHECKING IF WE SHOULD CLONE A CHILD...
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73246 uid=1001 child=5) 
child_main(): total_processors = 3, max_processors = 10
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73246 uid=1001 child=5) 
child_main(): idle_processors = 3, min_free_processors = 2
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73246 uid=1001 child=5) 
child_main(): marked jmpbuffer
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73246 uid=1001 child=5) 
child_main(): calling process_socket()
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73246 uid=1001 child=5) 
process_socket(): child_num=5 sock=136220816 sock_fd=29\n
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73246 uid=1001 child=5) 
process_socket(): type=WORKER 5
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73246 uid=1001 child=5) 
peruser_process_connection(): function entered
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73246 uid=1001 child=5) 
peruser_process_connection(): leaving (DECLINED)
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73246 uid=1001 child=5) 
peruser_post_read(): WORKER 5
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73246 uid=1001 child=5) 
peruser_post_read(): request for gugge.dlx.dk / (server gugge.dlx.dk) 
seems to be for us
[Wed Jul 13 20:28:43 2005] [notice] child pid 73246 exit signal 
Segmentation fault (11)
[Wed Jul 13 20:28:43 2005] [warn] (peruser: pid=73236 uid=0 child=0) 
ap_mpm_run(): child #5 has died ...
[Wed Jul 13 20:28:43 2005] [warn] (peruser: pid=73236 uid=0 child=0) 
ap_mpm_run(): calling ap_update_child_status_from_indexes
[Wed Jul 13 20:28:43 2005] [warn] (peruser: pid=73236 uid=0 child=0) 
ap_mpm_run(): returned from ap_update_child_status_from_indexes
[Wed Jul 13 20:28:43 2005] [warn] (peruser: pid=73236 uid=0 child=0) 
ap_mpm_run(): replacing by new child ...
[Wed Jul 13 20:28:43 2005] [warn] (peruser: pid=73236 uid=0 child=0) 
make_child(): function entered
[Wed Jul 13 20:28:43 2005] [warn] (peruser: pid=73253 uid=0 child=5) 
child_main(): sock_fd_in=12 sock_fd_out=13
[Wed Jul 13 20:28:43 2005] [warn] (peruser: pid=73253 uid=0 child=5) 
child_main(): WORKER 5
[Wed Jul 13 20:28:43 2005] [warn] (peruser: pid=73253 uid=0 child=5) 
listen_clear(): function entered
[Wed Jul 13 20:28:43 2005] [warn] (peruser: pid=73253 uid=0 child=5) 
listen_add(): function entered
[Wed Jul 13 20:28:43 2005] [warn] (peruser: pid=73253 uid=0 child=5) 
listen_add(): function entered

From gabriel at telana.com  Wed Jul 13 12:45:31 2005
From: gabriel at telana.com (Sean Gabriel Heacock)
Date: Tue Oct 10 22:21:37 2006
Subject: [peruser] Post problem
In-Reply-To: <42D55DFB.8030305@guggemand.dk>
References: <42D55AE1.7050206@guggemand.dk>
	<1121279027.5346.11.camel@isis.korsoft.com>
	<42D55DFB.8030305@guggemand.dk>
Message-ID: <1121280332.5346.14.camel@isis.korsoft.com>

On Wed, 2005-07-13 at 20:31 +0200, Karsten Schmidt wrote:
> heres what i get in the errorlog when i post a page

Okay, it's probably crashing somewhere at the top of the
receive_from_multiplexer() function, before the call to recvmsg() (since
that's the first debug message in there, and it didn't get that far).

I'll send you a new patch with lots of extra debug statements in that
section of code, so we can nail down exactly where it's failing.

-- 
Sean Gabriel Heacock
Telana Internet Services
http://www.telana.com/


From blaubaer at dyntux.net  Sat Jul 16 02:50:15 2005
From: blaubaer at dyntux.net (Blaubaer)
Date: Tue Oct 10 22:21:37 2006
Subject: [peruser] Mhh... chroot makes warning when using DocumentRoot
Message-ID: <030d01c589e3$645f0ee0$1900000a@bluemobile>

Hi!

I have found a little bug. :-(
When I use following lines:

Processor www_0001 clients /home/www_0001

<VirtualHost *>
    ServerEnvironment www_0001 clients /home/www_0001
    ServerName blaubaer.dyntux.net
    ServerAlias www.www_0001.dyntux.net
    ServerAdmin www_0001@dyntux.net

    DocumentRoot /www/www_0001_dyntux_net
</VirtualHost>

It works fine, but when I start the apache I get the following Warning:
Warning: DocumentRoot [/www/www_0001_dyntux_net] does not exist

The server works really fine... but this warning when I start the server is 
sh*** when I launch apx 150 VHosts ;)

/ Blaubaer



From gabriel at telana.com  Sat Jul 16 02:52:15 2005
From: gabriel at telana.com (Sean Gabriel Heacock)
Date: Tue Oct 10 22:21:37 2006
Subject: [peruser] Mhh... chroot makes warning when using DocumentRoot
In-Reply-To: <030d01c589e3$645f0ee0$1900000a@bluemobile>
References: <030d01c589e3$645f0ee0$1900000a@bluemobile>
Message-ID: <1121503935.5346.200.camel@isis.korsoft.com>

On Sat, 2005-07-16 at 10:50 +0200, Blaubaer wrote:
> It works fine, but when I start the apache I get the following Warning:
> Warning: DocumentRoot [/www/www_0001_dyntux_net] does not exist
> 
> The server works really fine... but this warning when I start the server is 
> sh*** when I launch apx 150 VHosts ;)

Yeah, I hacked my apache a bit to keep it from displaying that
warning :)  Just needed to comment out one line.

-- 
Sean Gabriel Heacock
Telana Internet Services
http://www.telana.com/


From blaubaer at dyntux.net  Sat Jul 16 04:13:36 2005
From: blaubaer at dyntux.net (Blaubaer)
Date: Tue Oct 10 22:21:37 2006
Subject: [peruser] Tip for using MySQL with PHP
References: <030d01c589e3$645f0ee0$1900000a@bluemobile>
	<1121503935.5346.200.camel@isis.korsoft.com>
Message-ID: <031301c589ef$07769c50$1900000a@bluemobile>

Hi

i have a little hack for using MySQL with PHP.

standart when the host "localhost" by mysql_connect is defined. the mysqllib 
want to use the mysql.sock file.
But when we use chroot with peruser, we have no access on this file. We can 
type 127.0.0.1 or the original server ip, but its not a nice work.

So when u edit the <php_source>/ext/mysql/php_mysql.c near

line 643 (in PHP-4.4.0)
#if MYSQL_VERSION_ID < 32200
        mysql_port = port;
#endif

        if (!MySG(allow_persistent)) {
                persistent=0;
        }

and add
        if (strcmp(host,"localhost")==0)
            host="127.0.0.1";

This will fix this small disturbing thing. mysql_connect no more mysql.sock 
will use.

/ Blaubaer


From ben at zygoat.ca  Sat Jul 16 08:34:35 2005
From: ben at zygoat.ca (Ben Kennedy)
Date: Tue Oct 10 22:21:37 2006
Subject: [peruser] Tip for using MySQL with PHP
In-Reply-To: <031301c589ef$07769c50$1900000a@bluemobile>
References: <030d01c589e3$645f0ee0$1900000a@bluemobile>
	<1121503935.5346.200.camel@isis.korsoft.com>
	<031301c589ef$07769c50$1900000a@bluemobile>
Message-ID: <20050716143435.13047@minty.zygoat.ca>

Blaubaer wrote at 12:13 PM (+0200) on 7/16/05:

>But when we use chroot with peruser, we have no access on this file. We can 
>type 127.0.0.1 or the original server ip, but its not a nice work.
[...]
>        if (strcmp(host,"localhost")==0)
>            host="127.0.0.1";

What is the difference here, then?  If I understand correctly, you are
just hiding yourself from having to type "127.0.0.1" in mysql_connect()
instead of "localhost".  So this is a purely cosmetic difference; why
would you patch mysql just to achieve that?

-ben

-- 
Ben Kennedy, chief magician
zygoat creative technical services
613-228-3392 | 1-866-466-4628
http://www.zygoat.ca



From blaubaer at dyntux.net  Sat Jul 16 15:34:35 2005
From: blaubaer at dyntux.net (Blaubaer)
Date: Tue Oct 10 22:21:37 2006
Subject: [peruser] Tip for using MySQL with PHP
References: <030d01c589e3$645f0ee0$1900000a@bluemobile><1121503935.5346.200.camel@isis.korsoft.com><031301c589ef$07769c50$1900000a@bluemobile>
	<20050716143435.13047@minty.zygoat.ca>
Message-ID: <031e01c58a4e$29c2c680$1900000a@bluemobile>

Simply... most of my users use the standart "localhost"... it's user 
friendly... when i don't change this i have to tell all this

----- Original Message ----- 
From: "Ben Kennedy" <ben@zygoat.ca>
To: "Peruser MPM List" <peruser@telana.com>
Sent: Saturday, July 16, 2005 4:34 PM
Subject: Re: [peruser] Tip for using MySQL with PHP


> Blaubaer wrote at 12:13 PM (+0200) on 7/16/05:
>
>>But when we use chroot with peruser, we have no access on this file. We 
>>can
>>type 127.0.0.1 or the original server ip, but its not a nice work.
> [...]
>>        if (strcmp(host,"localhost")==0)
>>            host="127.0.0.1";
>
> What is the difference here, then?  If I understand correctly, you are
> just hiding yourself from having to type "127.0.0.1" in mysql_connect()
> instead of "localhost".  So this is a purely cosmetic difference; why
> would you patch mysql just to achieve that?
>
> -ben
>
> -- 
> Ben Kennedy, chief magician
> zygoat creative technical services
> 613-228-3392 | 1-866-466-4628
> http://www.zygoat.ca
>
>
> _______________________________________________
> Peruser mailing list
> Peruser@telana.com
> http://www.telana.com/mailman/listinfo/peruser
> 


From robertw at ssginnovations.com  Tue Jul 26 07:09:29 2005
From: robertw at ssginnovations.com (Robert S Wojciechowski)
Date: Tue Oct 10 22:21:37 2006
Subject: [peruser] Segfaults on POST with FreeBSD 5
Message-ID: <19DAA7398555D3488B485EFA4F9E7FE80DAB59@yourmom.ssgi.local>

Requests seem to be served, but every time a POST comes in I get the
following segfault:

  [Mon Jul 25 17:00:04 2005] [notice] child pid 61049 exit signal
Segmentation fault (11)

I searched the list archives and noticed that another user (Karsten
Schmidt) was having the same problem as I, but I just wanted to chime
in. This is on version 0.1.6 as well.

Anything I can do to help?

-- Robert

From gabriel at telana.com  Tue Jul 26 15:18:15 2005
From: gabriel at telana.com (Sean Gabriel Heacock)
Date: Tue Oct 10 22:21:37 2006
Subject: [peruser] Segfaults on POST with FreeBSD 5
In-Reply-To: <19DAA7398555D3488B485EFA4F9E7FE80DAB59@yourmom.ssgi.local>
References: <19DAA7398555D3488B485EFA4F9E7FE80DAB59@yourmom.ssgi.local>
Message-ID: <1122412695.4934.6.camel@isis.korsoft.com>

On Tue, 2005-07-26 at 09:09 -0400, Robert S Wojciechowski wrote:
> I searched the list archives and noticed that another user (Karsten
> Schmidt) was having the same problem as I, but I just wanted to chime
> in. This is on version 0.1.6 as well.
> 
> Anything I can do to help?

I've been meaning to add some extra debugging for Karsten to test
with... got caught up with other work though.  When I've got it ready
I'll send it to both of you to test.

-- 
Sean Gabriel Heacock
Telana Internet Services
http://www.telana.com/


From pascal at carat-hosting.com  Sun Jul  3 04:08:44 2005
From: pascal at carat-hosting.com (Pascal - Carat-Hosting.com)
Date: Tue Oct 10 22:55:28 2006
Subject: [peruser] New potential user of peruser : some questions
Message-ID: <20050703100857.23E221C000A2@mwinf1109.wanadoo.fr>

Hello,
 
I look for a while for something like peruser. So happy to find it :)
 
But I have few questions before give it a try.
 
All my box use httpd 2.0.54 and not 2.0.52, is it very difficult to change
the patch to apply it on a 2.0.54 ? 
I think it is possible as it is only a minor release, but as I don't know
exactly what does the peruser patch I ask you before
 
Did someone test it and/or use it in a production environment ? 
On some boxes I have more than 100 vhost. 
Did you see some performance impact ?
 
Does the release of Peruser is in stable state ?
 
I know that I should test it and see by myself, it's true that do a
compilation of httpd is not so difficult, it just takes time. 
But I'd like to have the opinion of existing user of peruser. 
 
Thanks a ton for your help/advises
 
Pascal
(hope my english is not too bad :-p )
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.telana.com/pipermail/peruser/attachments/20050703/80569514/attachment-0001.html
From gabriel at telana.com  Sun Jul  3 04:17:06 2005
From: gabriel at telana.com (Sean Gabriel Heacock)
Date: Tue Oct 10 22:55:28 2006
Subject: [peruser] New potential user of peruser : some questions
In-Reply-To: <20050703100857.23E221C000A2@mwinf1109.wanadoo.fr>
References: <20050703100857.23E221C000A2@mwinf1109.wanadoo.fr>
Message-ID: <1120385826.30831.24.camel@isis.korsoft.com>

On Sun, 2005-07-03 at 12:08 +0200, Pascal - Carat-Hosting.com wrote: 
> All my box use httpd 2.0.54 and not 2.0.52, is it very difficult to
> change the patch to apply it on a 2.0.54 ? 
> I think it is possible as it is only a minor release, but as I don't
> know exactly what does the peruser patch I ask you before

I think there is a change in 53 or 54 that breaks something.  Upgrading
to the latest version of apache and making sure peruser is next on my
todo list.

> Did someone test it and/or use it in a production environment ? 
> On some boxes I have more than 100 vhost. 
> Did you see some performance impact ?

I run it on my production server, with about 100 domains.  My setup is
extremely dependent on the features provided by peruser, so I can't
compare it directly to a vanilla apache setup.  But I don't think
there's any noticeable performance impact, at least with the current
version.

However, I don't recommend running it on a production system yourself,
at least without *significant* testing first.  The peruser mpm comes
with absolutely no warranty!

> Does the release of Peruser is in stable state ?

No, I'd call it alpha right now :)

> I know that I should test it and see by myself, it's true that do a
> compilation of httpd is not so difficult, it just takes time. 
> But I'd like to have the opinion of existing user of peruser. 

It works for me, but I wrote it :)  The main problem seems to be in
getting your httpd.conf exactly right.  Hopefully as long as you go off
of the example configuration on the web page, it should work okay.

-- 
Sean Gabriel Heacock
Telana Internet Services
http://www.telana.com/


From pascal at carat-hosting.com  Sun Jul  3 04:31:15 2005
From: pascal at carat-hosting.com (Pascal - Carat-Hosting.com)
Date: Tue Oct 10 22:55:28 2006
Subject: [peruser] New potential user of peruser : some questions
In-Reply-To: <1120385826.30831.24.camel@isis.korsoft.com>
Message-ID: <20050703103128.8076E1C000BB@mwinf1112.wanadoo.fr>

Thanks for your quick answer.

I have an other questoin about the configuration.
In the VirtualHost section there is :
 # this must match a Processor"
      ServerEnvironment user group /home/user

Does that mean that in the main httpd configuration I must have a processor
per user/group (so per domain)

Something like
Processor user1 group1 /home/user1
Processor user2 group2 /home/user2
Processor user3 group3 /home/user3

Then in the VirtualHost section (per domain)
<VirtualHost domain1.com>
    ServerName domain1.com
    <IfModule peruser.c>
      # this must match a Processor
      ServerEnvironment user1 group1 /home/user1
</VirtualHost>
<VirtualHost domain2.com>
    ServerName domain2.com
    <IfModule peruser.c>
      # this must match a Processor
      ServerEnvironment user2 group2 /home/user2
</VirtualHost>

Etc ....

I also use SuexecUserGroup user group in my VirtualHost for CGI pgms. Any
impact with peruser ?

I promise, I stop asking a lot of things, I'll test it on a test server with
httpd 2.0.52
Just want to be sure for the processor case

Pascal

> All my box use httpd 2.0.54 and not 2.0.52, is it very difficult to 
> change the patch to apply it on a 2.0.54 ?
> I think it is possible as it is only a minor release, but as I don't 
> know exactly what does the peruser patch I ask you before

I think there is a change in 53 or 54 that breaks something.  Upgrading to
the latest version of apache and making sure peruser is next on my todo
list.

> Did someone test it and/or use it in a production environment ? 
> On some boxes I have more than 100 vhost. 
> Did you see some performance impact ?

I run it on my production server, with about 100 domains.  My setup is
extremely dependent on the features provided by peruser, so I can't compare
it directly to a vanilla apache setup.  But I don't think there's any
noticeable performance impact, at least with the current version.

However, I don't recommend running it on a production system yourself, at
least without *significant* testing first.  The peruser mpm comes with
absolutely no warranty!

> Does the release of Peruser is in stable state ?

No, I'd call it alpha right now :)

> I know that I should test it and see by myself, it's true that do a 
> compilation of httpd is not so difficult, it just takes time.
> But I'd like to have the opinion of existing user of peruser. 

It works for me, but I wrote it :)  The main problem seems to be in getting
your httpd.conf exactly right.  Hopefully as long as you go off of the
example configuration on the web page, it should work okay.

--
Sean Gabriel Heacock
Telana Internet Services
http://www.telana.com/

_______________________________________________
Peruser mailing list
Peruser@telana.com
http://www.telana.com/mailman/listinfo/peruser





From gabriel at telana.com  Sun Jul  3 19:28:20 2005
From: gabriel at telana.com (Sean Gabriel Heacock)
Date: Tue Oct 10 22:55:28 2006
Subject: [peruser] New potential user of peruser : some questions
In-Reply-To: <20050703103128.8076E1C000BB@mwinf1112.wanadoo.fr>
References: <20050703103128.8076E1C000BB@mwinf1112.wanadoo.fr>
Message-ID: <1120440501.30831.47.camel@isis.korsoft.com>

On Sun, 2005-07-03 at 12:31 +0200, Pascal - Carat-Hosting.com wrote:
> Thanks for your quick answer.

No problem, I was up late :)  Sorry for the delay on this one, my ISP
has been down all day.

> I have an other questoin about the configuration.
> In the VirtualHost section there is :
>  # this must match a Processor"
>       ServerEnvironment user group /home/user
> 
> Does that mean that in the main httpd configuration I must have a processor
> per user/group (so per domain)

That's right.  You can also do this:

Processor user1 group1 /home/user1

<VirtualHost www.domain1.com>
  ServerEnvironment user1 group1 /home/user1
</VirtualHost>

<VirtualHost www.domain2.com>
  ServerEnvironment user1 group1 /home/user1
</VirtualHost>

That is, you can have several vhosts share the same server environment.
There just needs to be a Processor directive that matches (but only one,
you wouldn't need two of them in the example above).

That's how my system is set up - each account on the server has a
"Processor" directive, and one or more domains, all set to use the same
user, group, and chroot directory.

> I also use SuexecUserGroup user group in my VirtualHost for CGI pgms. Any
> impact with peruser ?

It probably wouldn't work, because peruser will already by doing the
setuid/setgid stuff.  Suexec becomes unnecessary - any cgi programs will
be executed by an apache process that's already running as the desired
user and group, so the cgi will also run as that user and group.

> I promise, I stop asking a lot of things, I'll test it on a test server with
> httpd 2.0.52
> Just want to be sure for the processor case

If you have problems getting it working, the first thing to try is to
remove the chroot directories from the configuration.  Getting that to
work properly can be very tricky.

-- 
Sean Gabriel Heacock
Telana Internet Services
http://www.telana.com/


From ctron at dentrassi.de  Sun Jul  3 23:53:47 2005
From: ctron at dentrassi.de (Jens Reimann)
Date: Tue Oct 10 22:55:28 2006
Subject: [peruser] fc3 rpms for 0.15
Message-ID: <20050704055347.BB8A824ADE0@flux.dentrassi.de>

Hi,

I made some RPMS for Fedore Core 3.

http://dentrassi.de/download/peruser/0.15/

Anyway I still got the some problems. subversion is not working, referers and
source IP address are unknown and ssl connections simply die.

Let me know if I can help in some way.


From gabriel at telana.com  Mon Jul  4 14:24:39 2005
From: gabriel at telana.com (Sean Gabriel Heacock)
Date: Tue Oct 10 22:55:28 2006
Subject: [peruser] fc3 rpms for 0.15
In-Reply-To: <20050704055347.BB8A824ADE0@flux.dentrassi.de>
References: <20050704055347.BB8A824ADE0@flux.dentrassi.de>
Message-ID: <1120508679.30831.50.camel@isis.korsoft.com>

On Mon, 2005-07-04 at 05:53 +0000, Jens Reimann wrote:
> I made some RPMS for Fedore Core 3.
> 
> http://dentrassi.de/download/peruser/0.15/

Cool!

> Anyway I still got the some problems. subversion is not working, referers and
> source IP address are unknown and ssl connections simply die.

Well mod_ssl is pretty much incompatible with the way requests are
passed between processes inside peruser.  Maybe someone who's familiar
with the internals of mod_ssl can fix it, but I think it's a bit beyond
me.  I use an SSL reverse-proxy in front of apache, so apache only gets
regular http connections.  It's at http://www.apsis.ch/pound/

-- 
Sean Gabriel Heacock
Telana Internet Services
http://www.telana.com/


From alvarotorres at gmail.com  Mon Jul  4 19:26:43 2005
From: alvarotorres at gmail.com (Alvaro Torres F.)
Date: Tue Oct 10 22:55:28 2006
Subject: [peruser] publishing users home directory with 700 acces
Message-ID: <1a5a996d0507041826b1d44f5@mail.gmail.com>

Hello I don?t know if this is the right plase to ask this question.
I?ve a server with 50 users and I want to protect the home directory of 
every user chmoding to 700 everyone, then nobody can acces to a home 
directory of another user.
The Document Root in apache is set to /home, making the URL 
http://domain.com/user
But when I open the URL in the browser I?ve get a nice Forbidden page, tell 
me ?you don?t have permision to acces /user/?
How can make the users can publish their own page without modify the 700 
acces.
I can?t make a chroot because the users use many aplications of the server.
May be making apache to run like the owner to the home directory, but I 
don?t know how do that.
Thanks a lot.


-- 
Atte. Alvaro Torres F.
USER_LOCAL = Universidad Arturo Prat - Chile
USER_PATH = / Departamento de Ingenier?a / Ingenier?a Civil en Computaci?n e 
Inform?tica
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.telana.com/pipermail/peruser/attachments/20050704/000ba608/attachment-0001.html
From gabriel at telana.com  Mon Jul  4 23:54:18 2005
From: gabriel at telana.com (Sean Gabriel Heacock)
Date: Tue Oct 10 22:55:28 2006
Subject: [peruser] publishing users home directory with 700 acces
In-Reply-To: <1a5a996d0507041826b1d44f5@mail.gmail.com>
References: <1a5a996d0507041826b1d44f5@mail.gmail.com>
Message-ID: <1120542858.30831.58.camel@isis.korsoft.com>

On Mon, 2005-07-04 at 21:26 -0400, Alvaro Torres F. wrote:
> Hello I don?t know if this is the right plase to ask this question.

Well this list is for the peruser module for apache2, so if you're not
running that then this is probably more of a general apache question.

> I?ve a server with 50 users and I want to protect the home directory
> of every user chmoding to 700 everyone, then nobody  can acces to a
> home directory of another user.

With vanilla apache, the web server would be running as "apache" or
"www" or some such user, and the directories would have to be accessible
by that user.  A permission of 711 might work, that would give all users
the ability to enter the directory, but not to read its contents.
Apache is usually going to be requesting specific files, so it's fine
with that, but any other users would get "permission denied" if they
tried to "ls" in someone else's directory.  It's not optimal, but it's
better than 755.  It's exactly this kind of situation that prompted me
to work on this peruser project.

With peruser, even if you didn't use the chroot feature, the home
directory could be owned by the user and set to the mode 700.  Apache
would be able to access it because it would be running as that user when
serving those files.  But, it's still very much in development and
really not suited for production use yet.

-- 
Sean Gabriel Heacock
Telana Internet Services
http://www.telana.com/


From gugge at guggemand.dk  Tue Jul 12 11:52:08 2005
From: gugge at guggemand.dk (Karsten Schmidt)
Date: Tue Oct 10 22:55:28 2006
Subject: [peruser] Permission denied: mod_rewrite
Message-ID: <42D40348.7050900@guggemand.dk>

Im testing peruser on my FreeBSD 5.4 box, with apache 2.0.54

everything seems to work fine, but i get this in my error log the first 
time i access a site, running as another user than my www user

[crit] (13)Permission denied: mod_rewrite: could not init rewrite log 
lock in child

also it seems to take around 1 second to start the httpd processes the 
first time i access a site

What could i try to solve these problems?

--
Karsten Schmidt

From gabriel at telana.com  Tue Jul 12 11:59:23 2005
From: gabriel at telana.com (Sean Gabriel Heacock)
Date: Tue Oct 10 22:55:28 2006
Subject: [peruser] Permission denied: mod_rewrite
In-Reply-To: <42D40348.7050900@guggemand.dk>
References: <42D40348.7050900@guggemand.dk>
Message-ID: <1121191163.25222.74.camel@isis.korsoft.com>

On Tue, 2005-07-12 at 19:52 +0200, Karsten Schmidt wrote:
> Im testing peruser on my FreeBSD 5.4 box, with apache 2.0.54
> 
> everything seems to work fine, but i get this in my error log the first 
> time i access a site, running as another user than my www user
> 
> [crit] (13)Permission denied: mod_rewrite: could not init rewrite log 
> lock in child

Yeah, I vaguely recall running into this a while back.  It's trying to
create a file after the setuid and chroot calls are made, and the user
apache becomes doesn't have access, and/or the directory doesn't exist
inside the chroot jail.  If you turn off RewriteLog that goes away,
although you won't have a rewrite log anymore.

> also it seems to take around 1 second to start the httpd processes the 
> first time i access a site

This is due to the dynamic startup of apache processes.  Eventually I'll
probably add an option to specify how many processes to start up and
keep running.  So far none of my users have noticed the delay, though.

-- 
Sean Gabriel Heacock
Telana Internet Services
http://www.telana.com/


From leen at consolejunkie.net  Tue Jul 12 12:09:36 2005
From: leen at consolejunkie.net (Leen Besselink)
Date: Tue Oct 10 22:55:28 2006
Subject: [peruser] Permission denied: mod_rewrite
In-Reply-To: <1121191163.25222.74.camel@isis.korsoft.com>
References: <42D40348.7050900@guggemand.dk>
	<1121191163.25222.74.camel@isis.korsoft.com>
Message-ID: <20050712180936.GB661@consolejunkie.net>

On Tue, Jul 12, 2005 at 11:59:23AM -0600, Sean Gabriel Heacock wrote:
> On Tue, 2005-07-12 at 19:52 +0200, Karsten Schmidt wrote:
> > Im testing peruser on my FreeBSD 5.4 box, with apache 2.0.54
> > 
> > everything seems to work fine, but i get this in my error log the first 
> > time i access a site, running as another user than my www user
> > 
> > [crit] (13)Permission denied: mod_rewrite: could not init rewrite log 
> > lock in child
> 
> Yeah, I vaguely recall running into this a while back.  It's trying to
> create a file after the setuid and chroot calls are made, and the user
> apache becomes doesn't have access, and/or the directory doesn't exist
> inside the chroot jail.  If you turn off RewriteLog that goes away,
> although you won't have a rewrite log anymore.
> 
> > also it seems to take around 1 second to start the httpd processes the 
> > first time i access a site
> 
> This is due to the dynamic startup of apache processes.  Eventually I'll
> probably add an option to specify how many processes to start up and
> keep running.  So far none of my users have noticed the delay, though.
> 

What could also be the problem is that peruser might use more getuid, getgid calls and 
Karsten Schmidt uses NFS- or database (SQL/LDAP)- backed PAM or similair ?

Other reasons for slow apache startup could be DNS (if you also manage it's caching DNS-server you might wanna look in the logs, if it's more then normal or slow/whatever).

Those are some things that I could think of.

From gabriel at telana.com  Tue Jul 12 12:15:13 2005
From: gabriel at telana.com (Sean Gabriel Heacock)
Date: Tue Oct 10 22:55:28 2006
Subject: [peruser] Permission denied: mod_rewrite
In-Reply-To: <20050712180936.GB661@consolejunkie.net>
References: <42D40348.7050900@guggemand.dk>
	<1121191163.25222.74.camel@isis.korsoft.com>
	<20050712180936.GB661@consolejunkie.net>
Message-ID: <1121192113.25222.83.camel@isis.korsoft.com>

On Tue, 2005-07-12 at 20:09 +0200, Leen Besselink wrote:
> What could also be the problem is that peruser might use more getuid,
> getgid calls and Karsten Schmidt uses NFS- or database (SQL/LDAP)-
> backed PAM or similair ?
> 
> Other reasons for slow apache startup could be DNS (if you also manage
> it's caching DNS-server you might wanna look in the logs, if it's more
> then normal or slow/whatever).

That's a good point, I use pam_mysql/nss_mysql.  Linux has nscd to cache
pwent lookups, and dns too.  If FreeBSD has that, or something similiar,
it might be worth a shot.

(I actually have to run two instances of nscd, the normal one and
another that's chrooted into the chroot jail my users share.  It's a
hack but it works ;)

-- 
Sean Gabriel Heacock
Telana Internet Services
http://www.telana.com/


From gabriel at telana.com  Tue Jul 12 12:23:07 2005
From: gabriel at telana.com (Sean Gabriel Heacock)
Date: Tue Oct 10 22:55:28 2006
Subject: [peruser] peruser 0.1.6 released
In-Reply-To: <1120160302.28839.195.camel@isis.korsoft.com>
References: <1114585902.28972.291.camel@isis.korsoft.com>
	<1118663602.4786.69.camel@isis.korsoft.com>
	<1120021397.28839.135.camel@isis.korsoft.com>
	<1120160302.28839.195.camel@isis.korsoft.com>
Message-ID: <1121192587.25222.92.camel@isis.korsoft.com>

Minor bugfix; graceful restarts weren't closing some sockets, so with a
lot of ServerEnvironments, after a few of those it'd reach the
FD_SETSIZE file descriptor limit and crash.

http://www.telana.com/files/httpd-2.0.52-peruser-0.1.6.patch

Speaking of FD_SETSIZE, it's advisable to raise that limit when you
compile apache.  On linux it's set in /usr/include/linux/posix_types.h
and you'll also need to put "ulimit -n <new limit>" in apachectl or your
init.d script.  I find the default limit of 1024 to be too low even
without the socket-hungry peruser.

The next version will require apache 2.0.54, once I figure out this
webdav problem.

-- 
Sean Gabriel Heacock
Telana Internet Services
http://www.telana.com/


From gugge at guggemand.dk  Tue Jul 12 12:26:46 2005
From: gugge at guggemand.dk (Karsten Schmidt)
Date: Tue Oct 10 22:55:28 2006
Subject: [peruser] Permission denied: mod_rewrite
In-Reply-To: <20050712180936.GB661@consolejunkie.net>
References: <42D40348.7050900@guggemand.dk>	<1121191163.25222.74.camel@isis.korsoft.com>
	<20050712180936.GB661@consolejunkie.net>
Message-ID: <42D40B66.6060203@guggemand.dk>

Leen Besselink wrote:
> On Tue, Jul 12, 2005 at 11:59:23AM -0600, Sean Gabriel Heacock wrote:
> 
>>On Tue, 2005-07-12 at 19:52 +0200, Karsten Schmidt wrote:
>>
>>>Im testing peruser on my FreeBSD 5.4 box, with apache 2.0.54
>>>
>>>everything seems to work fine, but i get this in my error log the first 
>>>time i access a site, running as another user than my www user
>>>
>>>[crit] (13)Permission denied: mod_rewrite: could not init rewrite log 
>>>lock in child
>>
>>Yeah, I vaguely recall running into this a while back.  It's trying to
>>create a file after the setuid and chroot calls are made, and the user
>>apache becomes doesn't have access, and/or the directory doesn't exist
>>inside the chroot jail.  If you turn off RewriteLog that goes away,
>>although you won't have a rewrite log anymore.
>>
>>
>>>also it seems to take around 1 second to start the httpd processes the 
>>>first time i access a site
>>
>>This is due to the dynamic startup of apache processes.  Eventually I'll
>>probably add an option to specify how many processes to start up and
>>keep running.  So far none of my users have noticed the delay, though.
>>
> 
> 
> What could also be the problem is that peruser might use more getuid, getgid calls and 
> Karsten Schmidt uses NFS- or database (SQL/LDAP)- backed PAM or similair ?
> 
> Other reasons for slow apache startup could be DNS (if you also manage it's caching DNS-server you might wanna look in the logs, if it's more then normal or slow/whatever).

Its just a test box, nothing else than the standard apache is installed, 
and if i compile it without the peruser mpm i dont have the 1 second delay

i think its just the process starting that takes the time, i dont think 
anyone will notice the slight delay, but ill setup a few testsites and 
see if anyone notices :)

--
Karsten Schmidt

From gugge at guggemand.dk  Tue Jul 12 12:30:47 2005
From: gugge at guggemand.dk (Karsten Schmidt)
Date: Tue Oct 10 22:55:28 2006
Subject: [peruser] Permission denied: mod_rewrite
In-Reply-To: <1121191163.25222.74.camel@isis.korsoft.com>
References: <42D40348.7050900@guggemand.dk>
	<1121191163.25222.74.camel@isis.korsoft.com>
Message-ID: <42D40C57.9030907@guggemand.dk>

>>[crit] (13)Permission denied: mod_rewrite: could not init rewrite log 
>>lock in child
> 
> 
> Yeah, I vaguely recall running into this a while back.  It's trying to
> create a file after the setuid and chroot calls are made, and the user
> apache becomes doesn't have access, and/or the directory doesn't exist
> inside the chroot jail.  If you turn off RewriteLog that goes away,
> although you won't have a rewrite log anymore.

it seems RewriteLogLevel 0 isnt enough

i commented out the following in mod_rewrite.c, and mod_rewrite still 
seems to work

     /*
     rv = apr_global_mutex_child_init(&rewrite_log_lock, NULL, p);
     if (rv != APR_SUCCESS) {
         ap_log_error(APLOG_MARK, APLOG_CRIT, rv, s,
                      "mod_rewrite: could not init rewrite log lock in 
child");
     }
     */

--
Karsten Schmidt

From gabriel at telana.com  Tue Jul 12 12:31:03 2005
From: gabriel at telana.com (Sean Gabriel Heacock)
Date: Tue Oct 10 22:55:28 2006
Subject: [peruser] Permission denied: mod_rewrite
In-Reply-To: <42D40B66.6060203@guggemand.dk>
References: <42D40348.7050900@guggemand.dk>
	<1121191163.25222.74.camel@isis.korsoft.com>
	<20050712180936.GB661@consolejunkie.net>
	<42D40B66.6060203@guggemand.dk>
Message-ID: <1121193063.25222.100.camel@isis.korsoft.com>

On Tue, 2005-07-12 at 20:26 +0200, Karsten Schmidt wrote:
> Its just a test box, nothing else than the standard apache is installed, 
> and if i compile it without the peruser mpm i dont have the 1 second delay
> 
> i think its just the process starting that takes the time, i dont think 
> anyone will notice the slight delay, but ill setup a few testsites and 
> see if anyone notices :)

Yeah, it probably is just the process startup time.  That's why vanilla
apache starts up a bunch of processes right off the bat :)  But with
peruser, even one process per ServerEnvironment can really add up if you
have a lot of sites.  But there's no reason I can't make it configurable
at some point, for people who need it.

Let me know if you have any other problems running it on FreeBSD, I'm
very excited that it's working at all on a non-linux system, since
that's all I've ever tried it on :)

-- 
Sean Gabriel Heacock
Telana Internet Services
http://www.telana.com/


From gabriel at telana.com  Tue Jul 12 12:34:03 2005
From: gabriel at telana.com (Sean Gabriel Heacock)
Date: Tue Oct 10 22:55:28 2006
Subject: [peruser] Permission denied: mod_rewrite
In-Reply-To: <42D40C57.9030907@guggemand.dk>
References: <42D40348.7050900@guggemand.dk>
	<1121191163.25222.74.camel@isis.korsoft.com>
	<42D40C57.9030907@guggemand.dk>
Message-ID: <1121193243.25222.104.camel@isis.korsoft.com>

> it seems RewriteLogLevel 0 isnt enough
> 
> i commented out the following in mod_rewrite.c, and mod_rewrite still 
> seems to work

I think the trick is to comment out the "RewriteLog" directive from your
configs.  If you specify a rewrite log at all, it tries to create the
lock, even with a log level of 0 :P  Anyway that should be a better
solution than commenting out the code :)

It sure is a pain trying to debug mod_rewrite problems without the log
though... you might try figuring out where it's trying to write the lock
file and making sure the user can write to it...

-- 
Sean Gabriel Heacock
Telana Internet Services
http://www.telana.com/


From gugge at guggemand.dk  Tue Jul 12 14:08:01 2005
From: gugge at guggemand.dk (Karsten Schmidt)
Date: Tue Oct 10 22:55:28 2006
Subject: [peruser] Permission denied: mod_rewrite
In-Reply-To: <1121193243.25222.104.camel@isis.korsoft.com>
References: <42D40348.7050900@guggemand.dk>	<1121191163.25222.74.camel@isis.korsoft.com>	<42D40C57.9030907@guggemand.dk>
	<1121193243.25222.104.camel@isis.korsoft.com>
Message-ID: <42D42321.1040903@guggemand.dk>

Sean Gabriel Heacock wrote:
>>it seems RewriteLogLevel 0 isnt enough
>>
>>i commented out the following in mod_rewrite.c, and mod_rewrite still 
>>seems to work
> 
> 
> I think the trick is to comment out the "RewriteLog" directive from your
> configs.  If you specify a rewrite log at all, it tries to create the
> lock, even with a log level of 0 :P  Anyway that should be a better
> solution than commenting out the code :)
> 
> It sure is a pain trying to debug mod_rewrite problems without the log
> though... you might try figuring out where it's trying to write the lock
> file and making sure the user can write to it...
> 

I dont have a RewriteLog directive anywhere in my config, but it seems 
apache makes a /tmp/aprxxxxx file and if i chmod that 666 right after 
apache starts i dont get the errors, but it doesnt seem that secure to 
have a file 666 in /tmp :)

--
Karsten Schmidt

From gabriel at telana.com  Tue Jul 12 14:15:03 2005
From: gabriel at telana.com (Sean Gabriel Heacock)
Date: Tue Oct 10 22:55:28 2006
Subject: [peruser] Permission denied: mod_rewrite
In-Reply-To: <42D42321.1040903@guggemand.dk>
References: <42D40348.7050900@guggemand.dk>
	<1121191163.25222.74.camel@isis.korsoft.com>
	<42D40C57.9030907@guggemand.dk>
	<1121193243.25222.104.camel@isis.korsoft.com>
	<42D42321.1040903@guggemand.dk>
Message-ID: <1121199303.25222.137.camel@isis.korsoft.com>

On Tue, 2005-07-12 at 22:08 +0200, Karsten Schmidt wrote:
> I dont have a RewriteLog directive anywhere in my config, but it seems 
> apache makes a /tmp/aprxxxxx file and if i chmod that 666 right after 
> apache starts i dont get the errors, but it doesnt seem that secure to 
> have a file 666 in /tmp :)

hahaha, guess what - I did *exactly* what you did, but I completely
forgot about it.  I build apache with a custom SRPM, so I tend to forget
about the miscellaneous small patches I add to it.  Sure enough, there's
a mod_rewrite patch I made that comments out that section of code.

There's probably a way to fix this right, probably by changing when the
lock file is created.  For now, I'll probably put this patch up on the
web page, along with any others I have laying around here...

-- 
Sean Gabriel Heacock
Telana Internet Services
http://www.telana.com/


From gabriel at telana.com  Tue Jul 12 14:25:49 2005
From: gabriel at telana.com (Sean Gabriel Heacock)
Date: Tue Oct 10 22:55:28 2006
Subject: [peruser] Permission denied: mod_rewrite
In-Reply-To: <1121199303.25222.137.camel@isis.korsoft.com>
References: <42D40348.7050900@guggemand.dk>
	<1121191163.25222.74.camel@isis.korsoft.com>
	<42D40C57.9030907@guggemand.dk>
	<1121193243.25222.104.camel@isis.korsoft.com>
	<42D42321.1040903@guggemand.dk>
	<1121199303.25222.137.camel@isis.korsoft.com>
Message-ID: <1121199949.25222.148.camel@isis.korsoft.com>

On Tue, 2005-07-12 at 14:15 -0600, Sean Gabriel Heacock wrote:
> hahaha, guess what - I did *exactly* what you did, but I completely
> forgot about it.

Actually, I'm mistaken - this patch was for something else.  I'm sure at
one point I commented out that code like you did, but right now my
working copy doesn't seem to have that - I just have "RewriteLog" and
"RewriteLogLevel" commented out in httpd.conf.  In any case, at some
point I'll try to make it work correctly.  Right now it's pretty low on
the priority list though.

-- 
Sean Gabriel Heacock
Telana Internet Services
http://www.telana.com/


From gugge at guggemand.dk  Wed Jul 13 12:18:09 2005
From: gugge at guggemand.dk (Karsten Schmidt)
Date: Tue Oct 10 22:55:28 2006
Subject: [peruser] Post problem
Message-ID: <42D55AE1.7050206@guggemand.dk>

im doing some more testing, and now im getting this whenever i make a 
post to apache, get works fine

[notice] child pid 64068 exit signal Segmentation fault (11)

how can i trace the problem ?

--
Karsten Schmidt

From gabriel at telana.com  Wed Jul 13 12:23:47 2005
From: gabriel at telana.com (Sean Gabriel Heacock)
Date: Tue Oct 10 22:55:28 2006
Subject: [peruser] Post problem
In-Reply-To: <42D55AE1.7050206@guggemand.dk>
References: <42D55AE1.7050206@guggemand.dk>
Message-ID: <1121279027.5346.11.camel@isis.korsoft.com>

On Wed, 2005-07-13 at 20:18 +0200, Karsten Schmidt wrote:
> im doing some more testing, and now im getting this whenever i make a 
> post to apache, get works fine
> 
> [notice] child pid 64068 exit signal Segmentation fault (11)

ouch!  is this the latest version (0.1.6)?

> how can i trace the problem ?

Uncomment #define MPM_PERUSER_DEBUG at the top of
server/mpm/experimental/peruser.c and recompile.  That will spew a ton
of debug info to your error log... then reproduce the problem and send
the log to me.

I'm thinking the request-passing stuff is breaking on freebsd :(

-- 
Sean Gabriel Heacock
Telana Internet Services
http://www.telana.com/


From gugge at guggemand.dk  Wed Jul 13 12:31:23 2005
From: gugge at guggemand.dk (Karsten Schmidt)
Date: Tue Oct 10 22:55:28 2006
Subject: [peruser] Post problem
In-Reply-To: <1121279027.5346.11.camel@isis.korsoft.com>
References: <42D55AE1.7050206@guggemand.dk>
	<1121279027.5346.11.camel@isis.korsoft.com>
Message-ID: <42D55DFB.8030305@guggemand.dk>

Sean Gabriel Heacock wrote:
> On Wed, 2005-07-13 at 20:18 +0200, Karsten Schmidt wrote:
> 
> ouch!  is this the latest version (0.1.6)?

Yes

> Uncomment #define MPM_PERUSER_DEBUG at the top of
> server/mpm/experimental/peruser.c and recompile.  That will spew a ton
> of debug info to your error log... then reproduce the problem and send
> the log to me.
> 
> I'm thinking the request-passing stuff is breaking on freebsd :(
> 

heres what i get in the errorlog when i post a page

[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
child_main(): input available ... resetting socket.
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
child_main(): marked jmpbuffer
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
child_main(): calling process_socket()
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
process_socket(): child_num=0 sock=136220752 sock_fd=30\n
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
process_socket(): type=MULTIPLEXER 0
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
peruser_process_connection(): function entered
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
peruser_process_connection(): leaving (DECLINED)
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
peruser_post_read(): MULTIPLEXER => Determining if request should be 
passed. Child Num: 0, dest-child: 2, hostname from server: gugge.dlx.dk 
r->hostname=gugge.dlx.dk r->the_request="POST /test.html HTTP/1.1"
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
peruser_post_read(): Passing request.
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
pass_request(): passing request to another child.  Vhost: gugge.dlx.dk, 
child 0 13
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
pass_request(): r->the_request="POST /test.html HTTP/1.1" len=24
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
pass_request(): Scanning the brigade
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
pass_request(): HEAP BUCKET is found, length=5
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
pass_request(): NON-HEAP BUCKET is found, extracting the part of brigade 
before it
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
pass_request(): Brigade is flattened as body (body_len=5)
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
pass_request(): Scanning is finished
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
pass_request(): Writing message to 13, passing sock_fd:  30
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
pass_request(): header_len=518 headers="POST /test.html 
HTTP/1.1\r\nHost: gugge.dlx.dk\r\nUser-Agent: Mozilla/5.0 (Windows; U; 
Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4\r\nAccept: 
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5\r\nAccept-Language: 
da,en-us;q=0.7,en;q=0.3\r\nAccept-Encoding: 
gzip,deflate\r\nAccept-Charset: 
ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\nKeep-Alive: 300\r\nConnection: 
keep-alive\r\nReferer: http://gugge.dlx.dk/\r\nContent-Type: 
application/x-www-form-urlencoded\r\nContent-Length: 5\r\n\r\n"
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
pass_request(): body_len=5 body="test="
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
pass_request(): Writing message succeeded 532
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73246 uid=1001 child=5) 
receive_from_multiplexer(): recvmsg returned 532
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73246 uid=1001 child=5) 
receive_from_multiplexer(): trans_sock=136220816 fdx=29 sock_fd=29
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73246 uid=1001 child=5) 
receive_from_multiplexer(): header_len=518 headers="POST /test.html 
HTTP/1.1\r\nHost: gugge.dlx.dk\r\nUser-Agent: Mozilla/5.0 (Windows; U; 
Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4\r\nAccept: 
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5\r\nAccept-Language: 
da,en-us;q=0.7,en;q=0.3\r\nAccept-Encoding: 
gzip,deflate\r\nAccept-Charset: 
ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\nKeep-Alive: 300\r\nConnection: 
keep-alive\r\nReferer: http://gugge.dlx.dk/\r\nContent-Type: 
application/x-www-form-urlencoded\r\nContent-Length: 5\r\n\r\n"
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
pass_request(): closing socket 30 on our side
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
peruser_post_read(): doing longjmp
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73237 uid=80 child=0) 
child_main(): landed from longjmp
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73246 uid=1001 child=5) 
receive_from_multiplexer(): body_len=5 body="test="
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73246 uid=1001 child=5) 
receive_from_multiplexer(): returning 0
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73246 uid=1001 child=5) 
child_main(): CHECKING IF WE SHOULD CLONE A CHILD...
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73246 uid=1001 child=5) 
child_main(): total_processors = 3, max_processors = 10
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73246 uid=1001 child=5) 
child_main(): idle_processors = 3, min_free_processors = 2
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73246 uid=1001 child=5) 
child_main(): marked jmpbuffer
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73246 uid=1001 child=5) 
child_main(): calling process_socket()
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73246 uid=1001 child=5) 
process_socket(): child_num=5 sock=136220816 sock_fd=29\n
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73246 uid=1001 child=5) 
process_socket(): type=WORKER 5
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73246 uid=1001 child=5) 
peruser_process_connection(): function entered
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73246 uid=1001 child=5) 
peruser_process_connection(): leaving (DECLINED)
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73246 uid=1001 child=5) 
peruser_post_read(): WORKER 5
[Wed Jul 13 20:28:42 2005] [warn] (peruser: pid=73246 uid=1001 child=5) 
peruser_post_read(): request for gugge.dlx.dk / (server gugge.dlx.dk) 
seems to be for us
[Wed Jul 13 20:28:43 2005] [notice] child pid 73246 exit signal 
Segmentation fault (11)
[Wed Jul 13 20:28:43 2005] [warn] (peruser: pid=73236 uid=0 child=0) 
ap_mpm_run(): child #5 has died ...
[Wed Jul 13 20:28:43 2005] [warn] (peruser: pid=73236 uid=0 child=0) 
ap_mpm_run(): calling ap_update_child_status_from_indexes
[Wed Jul 13 20:28:43 2005] [warn] (peruser: pid=73236 uid=0 child=0) 
ap_mpm_run(): returned from ap_update_child_status_from_indexes
[Wed Jul 13 20:28:43 2005] [warn] (peruser: pid=73236 uid=0 child=0) 
ap_mpm_run(): replacing by new child ...
[Wed Jul 13 20:28:43 2005] [warn] (peruser: pid=73236 uid=0 child=0) 
make_child(): function entered
[Wed Jul 13 20:28:43 2005] [warn] (peruser: pid=73253 uid=0 child=5) 
child_main(): sock_fd_in=12 sock_fd_out=13
[Wed Jul 13 20:28:43 2005] [warn] (peruser: pid=73253 uid=0 child=5) 
child_main(): WORKER 5
[Wed Jul 13 20:28:43 2005] [warn] (peruser: pid=73253 uid=0 child=5) 
listen_clear(): function entered
[Wed Jul 13 20:28:43 2005] [warn] (peruser: pid=73253 uid=0 child=5) 
listen_add(): function entered
[Wed Jul 13 20:28:43 2005] [warn] (peruser: pid=73253 uid=0 child=5) 
listen_add(): function entered

From gabriel at telana.com  Wed Jul 13 12:45:31 2005
From: gabriel at telana.com (Sean Gabriel Heacock)
Date: Tue Oct 10 22:55:28 2006
Subject: [peruser] Post problem
In-Reply-To: <42D55DFB.8030305@guggemand.dk>
References: <42D55AE1.7050206@guggemand.dk>
	<1121279027.5346.11.camel@isis.korsoft.com>
	<42D55DFB.8030305@guggemand.dk>
Message-ID: <1121280332.5346.14.camel@isis.korsoft.com>

On Wed, 2005-07-13 at 20:31 +0200, Karsten Schmidt wrote:
> heres what i get in the errorlog when i post a page

Okay, it's probably crashing somewhere at the top of the
receive_from_multiplexer() function, before the call to recvmsg() (since
that's the first debug message in there, and it didn't get that far).

I'll send you a new patch with lots of extra debug statements in that
section of code, so we can nail down exactly where it's failing.

-- 
Sean Gabriel Heacock
Telana Internet Services
http://www.telana.com/


From blaubaer at dyntux.net  Sat Jul 16 02:50:15 2005
From: blaubaer at dyntux.net (Blaubaer)
Date: Tue Oct 10 22:55:28 2006
Subject: [peruser] Mhh... chroot makes warning when using DocumentRoot
Message-ID: <030d01c589e3$645f0ee0$1900000a@bluemobile>

Hi!

I have found a little bug. :-(
When I use following lines:

Processor www_0001 clients /home/www_0001

<VirtualHost *>
    ServerEnvironment www_0001 clients /home/www_0001
    ServerName blaubaer.dyntux.net
    ServerAlias www.www_0001.dyntux.net
    ServerAdmin www_0001@dyntux.net

    DocumentRoot /www/www_0001_dyntux_net
</VirtualHost>

It works fine, but when I start the apache I get the following Warning:
Warning: DocumentRoot [/www/www_0001_dyntux_net] does not exist

The server works really fine... but this warning when I start the server is 
sh*** when I launch apx 150 VHosts ;)

/ Blaubaer



From gabriel at telana.com  Sat Jul 16 02:52:15 2005
From: gabriel at telana.com (Sean Gabriel Heacock)
Date: Tue Oct 10 22:55:28 2006
Subject: [peruser] Mhh... chroot makes warning when using DocumentRoot
In-Reply-To: <030d01c589e3$645f0ee0$1900000a@bluemobile>
References: <030d01c589e3$645f0ee0$1900000a@bluemobile>
Message-ID: <1121503935.5346.200.camel@isis.korsoft.com>

On Sat, 2005-07-16 at 10:50 +0200, Blaubaer wrote:
> It works fine, but when I start the apache I get the following Warning:
> Warning: DocumentRoot [/www/www_0001_dyntux_net] does not exist
> 
> The server works really fine... but this warning when I start the server is 
> sh*** when I launch apx 150 VHosts ;)

Yeah, I hacked my apache a bit to keep it from displaying that
warning :)  Just needed to comment out one line.

-- 
Sean Gabriel Heacock
Telana Internet Services
http://www.telana.com/


From blaubaer at dyntux.net  Sat Jul 16 04:13:36 2005
From: blaubaer at dyntux.net (Blaubaer)
Date: Tue Oct 10 22:55:28 2006
Subject: [peruser] Tip for using MySQL with PHP
References: <030d01c589e3$645f0ee0$1900000a@bluemobile>
	<1121503935.5346.200.camel@isis.korsoft.com>
Message-ID: <031301c589ef$07769c50$1900000a@bluemobile>

Hi

i have a little hack for using MySQL with PHP.

standart when the host "localhost" by mysql_connect is defined. the mysqllib 
want to use the mysql.sock file.
But when we use chroot with peruser, we have no access on this file. We can 
type 127.0.0.1 or the original server ip, but its not a nice work.

So when u edit the <php_source>/ext/mysql/php_mysql.c near

line 643 (in PHP-4.4.0)
#if MYSQL_VERSION_ID < 32200
        mysql_port = port;
#endif

        if (!MySG(allow_persistent)) {
                persistent=0;
        }

and add
        if (strcmp(host,"localhost")==0)
            host="127.0.0.1";

This will fix this small disturbing thing. mysql_connect no more mysql.sock 
will use.

/ Blaubaer


From ben at zygoat.ca  Sat Jul 16 08:34:35 2005
From: ben at zygoat.ca (Ben Kennedy)
Date: Tue Oct 10 22:55:28 2006
Subject: [peruser] Tip for using MySQL with PHP
In-Reply-To: <031301c589ef$07769c50$1900000a@bluemobile>
References: <030d01c589e3$645f0ee0$1900000a@bluemobile>
	<1121503935.5346.200.camel@isis.korsoft.com>
	<031301c589ef$07769c50$1900000a@bluemobile>
Message-ID: <20050716143435.13047@minty.zygoat.ca>

Blaubaer wrote at 12:13 PM (+0200) on 7/16/05:

>But when we use chroot with peruser, we have no access on this file. We can 
>type 127.0.0.1 or the original server ip, but its not a nice work.
[...]
>        if (strcmp(host,"localhost")==0)
>            host="127.0.0.1";

What is the difference here, then?  If I understand correctly, you are
just hiding yourself from having to type "127.0.0.1" in mysql_connect()
instead of "localhost".  So this is a purely cosmetic difference; why
would you patch mysql just to achieve that?

-ben

-- 
Ben Kennedy, chief magician
zygoat creative technical services
613-228-3392 | 1-866-466-4628
http://www.zygoat.ca



From blaubaer at dyntux.net  Sat Jul 16 15:34:35 2005
From: blaubaer at dyntux.net (Blaubaer)
Date: Tue Oct 10 22:55:28 2006
Subject: [peruser] Tip for using MySQL with PHP
References: <030d01c589e3$645f0ee0$1900000a@bluemobile><1121503935.5346.200.camel@isis.korsoft.com><031301c589ef$07769c50$1900000a@bluemobile>
	<20050716143435.13047@minty.zygoat.ca>
Message-ID: <031e01c58a4e$29c2c680$1900000a@bluemobile>

Simply... most of my users use the standart "localhost"... it's user 
friendly... when i don't change this i have to tell all this

----- Original Message ----- 
From: "Ben Kennedy" <ben@zygoat.ca>
To: "Peruser MPM List" <peruser@telana.com>
Sent: Saturday, July 16, 2005 4:34 PM
Subject: Re: [peruser] Tip for using MySQL with PHP


> Blaubaer wrote at 12:13 PM (+0200) on 7/16/05:
>
>>But when we use chroot with peruser, we have no access on this file. We 
>>can
>>type 127.0.0.1 or the original server ip, but its not a nice work.
> [...]
>>        if (strcmp(host,"localhost")==0)
>>            host="127.0.0.1";
>
> What is the difference here, then?  If I understand correctly, you are
> just hiding yourself from having to type "127.0.0.1" in mysql_connect()
> instead of "localhost".  So this is a purely cosmetic difference; why
> would you patch mysql just to achieve that?
>
> -ben
>
> -- 
> Ben Kennedy, chief magician
> zygoat creative technical services
> 613-228-3392 | 1-866-466-4628
> http://www.zygoat.ca
>
>
> _______________________________________________
> Peruser mailing list
> Peruser@telana.com
> http://www.telana.com/mailman/listinfo/peruser
> 


From robertw at ssginnovations.com  Tue Jul 26 07:09:29 2005
From: robertw at ssginnovations.com (Robert S Wojciechowski)
Date: Tue Oct 10 22:55:28 2006
Subject: [peruser] Segfaults on POST with FreeBSD 5
Message-ID: <19DAA7398555D3488B485EFA4F9E7FE80DAB59@yourmom.ssgi.local>

Requests seem to be served, but every time a POST comes in I get the
following segfault:

  [Mon Jul 25 17:00:04 2005] [notice] child pid 61049 exit signal
Segmentation fault (11)

I searched the list archives and noticed that another user (Karsten
Schmidt) was having the same problem as I, but I just wanted to chime
in. This is on version 0.1.6 as well.

Anything I can do to help?

-- Robert

From gabriel at telana.com  Tue Jul 26 15:18:15 2005
From: gabriel at telana.com (Sean Gabriel Heacock)
Date: Tue Oct 10 22:55:29 2006
Subject: [peruser] Segfaults on POST with FreeBSD 5
In-Reply-To: <19DAA7398555D3488B485EFA4F9E7FE80DAB59@yourmom.ssgi.local>
References: <19DAA7398555D3488B485EFA4F9E7FE80DAB59@yourmom.ssgi.local>
Message-ID: <1122412695.4934.6.camel@isis.korsoft.com>

On Tue, 2005-07-26 at 09:09 -0400, Robert S Wojciechowski wrote:
> I searched the list archives and noticed that another user (Karsten
> Schmidt) was having the same problem as I, but I just wanted to chime
> in. This is on version 0.1.6 as well.
> 
> Anything I can do to help?

I've been meaning to add some extra debugging for Karsten to test
with... got caught up with other work though.  When I've got it ready
I'll send it to both of you to test.

-- 
Sean Gabriel Heacock
Telana Internet Services
http://www.telana.com/