Running as root on Solaris 8

jim.matthews
Posts: 19
Joined: Tue Jun 03, 2003 5:28 pm

Running as root on Solaris 8

Post by jim.matthews »

Hi

I am installing the latest version of the software on a development Solaris 8 machine. I installed:

./texis -version
Texis Web Script (Vortex) Copyright (c) 1996-2002 Thunderstone - EPI, Inc.
Commercial Version 4.02.1040623740 of Dec 23, 2002 (sparc-sun-solaris2.5.1-32)

I ran the installation as root, but specified that the "Web user" should be user 'texis'. The software installed and all files are owned by texis (except for license.key - owned by root). After the installation, two texis processes are running, but not by user texis, but as root:

root 15549 1 0 10:16:35 ? 0:00 monitor -d /usr/local/morph3/texis/testdb/ -z
root 15547 1 0 10:16:35 ? 0:00 /usr/local/morph3/bin/texis -dump

I can run the cgi http://test.duke.edu/texis?-dump successfully, however when I try and use my databases (copied over from my production machine), I get an error:

<!-- 002 /databases: Can't create object file /usr/local/morph3/htdocs/databases.vtc: Permission denied -->

This file, databases.vtc, does not exist. The permissions are correct, I believe:

drwxr-sr-x 7 texis texis 512 Jun 4 03:33 htdocs

Just for grins, I changed the perms to 777 and reran the script. Now I get a different permission error:

<!-- 002 /databases:20: Can't open KDBF file /usr/local/morph3/texis/testdb/SYSTABLES.tbl for writing: error 13: Permission denied -->
<!-- 000 /databases:20: Could not open SYSTABLES in the function ddopen -->
<!-- 000 /databases:20: Could not connect to /usr/local/morph3/texis/testdb in the function openntexis -->

Are these permission problems because the processes are running as root? I killed the two texis processes running and reran the texis?-dump, but now I get this message:

100 Texis Monitor process child returned exit code 10
000 Texis Monitor process failed
000 Cannot get config settings

Any help anyone could give would be greatly appreciated. Thanks.
User avatar
Kai
Site Admin
Posts: 1271
Joined: Tue Apr 25, 2000 1:27 pm

Running as root on Solaris 8

Post by Kai »

Those file perms look correct; you're right that no Texis process should be running as root. I suspect from the ps listing that your CGI user is root; make sure your web server has texis configured as the CGI user. Check that /usr/local/morph3/bin/monitor is owned by and setuid to texis. Also check that the copy of texis in your CGI directory is owned and setuid to texis as well (or symlinked to a texis/monitor that is). Recursively check (if you haven't already) /usr/local/morph3 for all texis ownership (chown any files that aren't, eg. license.key).
jim.matthews
Posts: 19
Joined: Tue Jun 03, 2003 5:28 pm

Running as root on Solaris 8

Post by jim.matthews »

Hi

Thanks for the quick reply. Here's the perms:

-rwsr-xr-x 1 texis texis 4876400 Jun 4 10:16 /usr/local/morph3/bin/monitor

lrwxrwxrwx 1 root webadmin 29 Jun 4 10:16 /WWW/cgi-bin/texis -> /usr/local/morph3/bin/monitor

After the install, license.key was owned by root. As part of my troubleshooting, I changed ownership to texis:

-rw-r--r-- 1 texis texis 792 Jun 4 10:43 license.key

I also noticed that /tmp/.texiststats was owned by root. I changed ownership of that to texis:

srw-rw-rw- 1 texis nobody 0 Jun 4 10:16 .texisstats

Since those two changes though, the texis cgi doesn't work at all. texis?-dump returns the "100 Texis Monitor process child returned exit code 10" error message.

I'm not sure I understand how to configure my webserver to have texis configured as teh CGI user. I'm using Apache 2.0.45. Which directive is this?

Thanks.
User avatar
mark
Site Admin
Posts: 5513
Joined: Tue Apr 25, 2000 6:56 pm

Running as root on Solaris 8

Post by mark »

You need to kill off those texis and monitor that are already running as root.

You shouldn't have to change the webserver config if texis is setuid as you have it.
jim.matthews
Posts: 19
Joined: Tue Jun 03, 2003 5:28 pm

Running as root on Solaris 8

Post by jim.matthews »

Hi

I did kill the texis and monitor processes. Nothing texis is running now:

ps -ef | grep texis
root 16458 10128 0 11:59:28 pts/1 0:00 grep texis

What else can I check?

Thanks.
User avatar
mark
Site Admin
Posts: 5513
Joined: Tue Apr 25, 2000 6:56 pm

Running as root on Solaris 8

Post by mark »

Exit code 10 indicates a bad license file. Delete license.key. Rename license.did to license.upd. Run texis -update
User avatar
mark
Site Admin
Posts: 5513
Joined: Tue Apr 25, 2000 6:56 pm

Running as root on Solaris 8

Post by mark »

p.s. you may also need to ipcrm the license shared mem segment if it's owned by root.
jim.matthews
Posts: 19
Joined: Tue Jun 03, 2003 5:28 pm

Running as root on Solaris 8

Post by jim.matthews »

Hi

Ok, I removed license.key, renamed and ran texis -update. I did this once as root (didn't work) and once as user texis. When I did it as user texis, I get:

bash-2.05$ ./texis -update
Texis Web Script (Vortex) Copyright (c) 1996-2002 Thunderstone - EPI, Inc.
Unknown Version 4.02.1040623740 of Dec 23, 2002 (sparc-sun-solaris2.5.1-32)

100 Texis Monitor process child returned exit code 12
000 Texis Monitor process failed
000 Cannot get config settings

But there is a monitor process running as user texis:

texis 17150 1 0 14:02:00 ? 0:00 monitor -d /usr/local/morph3/texis/testdb/ -z

I get the same error code 10 message though if I try and run a CGI.

Here's my ipcs output:
[root@gilmour:/opt/morph3] % ipcs
IPC status from <running system> as of Wed Jun 4 14:04:50 EDT 2003
T ID KEY MODE OWNER GROUP
Message Queues:
Shared Memory:
m 0 0x5e002ef8 --rw------- root root
m 1 0x50000b03 --rw-r--r-- root root
m 2 0xdbaccee5 --rw-rw-rw- texis texis
m 2903 0x1006938 --rw------- root other
Semaphores:
s 262144 0 --ra-ra-ra- root other
s 1048577 0 --ra-ra-ra- root other
s 262146 0 --ra-ra-ra- root other
s 2162691 0 --ra-ra-ra- nsuser nobody
s 4718596 0 --ra-ra-ra- root other

Thanks.
jim.matthews
Posts: 19
Joined: Tue Jun 03, 2003 5:28 pm

Running as root on Solaris 8

Post by jim.matthews »

I found this message in monitor.log:

000 Jun 4 14:04:55 (17192) Can't bind socket to named pipe /tmp/.texisstats: Address already in use

So I remove .texisstats, ran through the license steps again and it looks like it started correctly:

bash-2.05$ ./texis -update
Texis Web Script (Vortex) Copyright (c) 1996-2002 Thunderstone - EPI, Inc.
Commercial Version 4.02.1040623740 of Dec 23, 2002 (sparc-sun-solaris2.5.1-32)

Attempting to update license

However, the ./texis -update process is still running:

ps -ef | grep texis
texis 17248 1 0 14:09:54 ? 0:00 ./texis -update
texis 17230 1 0 14:09:22 ? 0:00 monitor -d /usr/local/morph3/texis/testdb/ -z

At least the monitor process is being run by texis now. If I access texis?-dump, I get output, but I access any of my databases, I get this error still:

<!-- 002 /databases:20: Can't open KDBF file /usr/local/morph3/texis/testdb/SYSTABLES.tbl for writing: error 13: Permission denied -->
<!-- 000 /databases:20: Could not open SYSTABLES in the function ddopen -->
<!-- 000 /databases:20: Could not connect to /usr/local/morph3/texis/testdb in the function openntexis -->

I just checked and SYSLOCKS is owned by root. I removed it and reran the cgi and I get the same error, but now the SYSLOCKS file has reappeared and is owned by nsuser:

-rw-rw-rw- 1 nsuser nobody 125664 Jun 4 14:14 SYSLOCKS
User avatar
Kai
Site Admin
Posts: 1271
Joined: Tue Apr 25, 2000 1:27 pm

Running as root on Solaris 8

Post by Kai »

Always run Texis programs as the same user (texis); otherwise they may create resources that are inaccessible to other Texis programs.

The shared mem segment (0xdbaccee5) looks ok, it's owned by texis. Recursively check for non-texis-owned files in /usr/local/morph3 again (the root run of texis may have changed things).

The fact that SYSLOCKS is owned by nsuser indicates that Texis was run as nsuser: that is probably your web server's CGI user. Evidently the setuid bit is being ignored by the web server, or isn't set, causing file permission conflicts. Either change your CGI user in the Apache config (typically the User setting in httpd.conf) to texis, or chown all Texis files to nsuser (chown -R nsuser /usr/local/morph3 /tmp/.texisstats) and ipcrm the texis-owned shared mem segment. Check that /usr/local/morph3/bin/monitor is setuid again.
Post Reply