Iniciando o Apache Httpd na inicialização com intervenção zero, CentOS e authbind

1

Eu quero iniciar o Apache Httpd quando o Linux for iniciado (com a intervenção Zero como enviar a senha root , não quero escrever a senha de root para iniciar o serviço do apache !!!)

Mais tarde, o Apache foi instalado:

# ./configure --prefix=/usr/local/httpd ... --with-included-apr --with-included-apr-util -with-pcre=/usr/local/pcre --with-z=/usr/local/zlib
# make
# make install

Eu fiz isso (eu criei um usuário chamado httpd com root group):

# useradd -g root -r -c "Httpd User" -s /sbin/nologin httpd
# chown -hvR httpd:root /usr/local/httpd/

Eu alterei os privilégios:

# chown -hvR httpd:root /usr/local/httpd/bin/

# ls -ARl --group-directories-first /usr/local/httpd/bin/
/usr/local/httpd/bin/:
total 2004
-rwSr-Sr-x. 1 httpd root  117511 Jul 12 01:29 ab
-rwSr-Sr-x. 1 httpd root    3461 Jul 12 01:07 apachectl
-rwSr-Sr-x. 1 httpd root    7037 Jul 12 01:26 apr-1-config
-rwSr-Sr-x. 1 httpd root    6596 Jul 12 01:27 apu-1-config
-rwSr-Sr-x. 1 httpd root   23523 Jul 12 01:07 apxs
-rwSr-Sr-x. 1 httpd root    9533 Jul 12 01:29 checkgid
-rwSr-Sr-x. 1 httpd root    8925 Jul 12 01:07 dbmmanage
-rwSr-Sr-x. 1 httpd root    1089 Jul 12 01:07 envvars
-rwSr-Sr-x. 1 httpd root    1089 Jul 12 01:07 envvars-std
-rwSr-Sr-x. 1 httpd root   16476 Jul 12 01:29 fcgistarter
-rwSr-Sr-x. 1 httpd root   60832 Jul 12 01:29 htcacheclean
-rwSr-Sr-x. 1 httpd root   33254 Jul 12 01:29 htdbm
-rwSr-Sr-x. 1 httpd root   18193 Jul 12 01:29 htdigest
-rwSr-Sr-x. 1 httpd root   33958 Jul 12 01:29 htpasswd
-rwSr-Sr-x. 1 httpd root 1606472 Jul 12 01:29 httpd
-rwSr-Sr-x. 1 httpd root   16168 Jul 12 01:29 httxt2dbm
-rwSr-Sr-x. 1 httpd root   17904 Jul 12 01:29 logresolve
-rwSr-Sr-x. 1 httpd root   29642 Jul 12 01:29 rotatelogs
# /usr/local/httpd/bin/apachectl start
(13)Permission denied: AH00072: make_sock: could not bind to address [::]:80
(13)Permission denied: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs

# chmod -R u=rwx,g=rx,o=rx /usr/local/httpd/bin/
# ls -ARl --group-directories-first /usr/local/httpd/bin/
/usr/local/httpd/bin/:
total 2004
-rwxr-xr-x. 1 httpd root  117511 Jul 12 01:29 ab
-rwxr-xr-x. 1 httpd root    3461 Jul 12 01:07 apachectl
-rwxr-xr-x. 1 httpd root    7037 Jul 12 01:26 apr-1-config
-rwxr-xr-x. 1 httpd root    6596 Jul 12 01:27 apu-1-config
-rwxr-xr-x. 1 httpd root   23523 Jul 12 01:07 apxs
-rwxr-xr-x. 1 httpd root    9533 Jul 12 01:29 checkgid
-rwxr-xr-x. 1 httpd root    8925 Jul 12 01:07 dbmmanage
-rwxr-xr-x. 1 httpd root    1089 Jul 12 01:07 envvars
-rwxr-xr-x. 1 httpd root    1089 Jul 12 01:07 envvars-std
-rwxr-xr-x. 1 httpd root   16476 Jul 12 01:29 fcgistarter
-rwxr-xr-x. 1 httpd root   60832 Jul 12 01:29 htcacheclean
-rwxr-xr-x. 1 httpd root   33254 Jul 12 01:29 htdbm
-rwxr-xr-x. 1 httpd root   18193 Jul 12 01:29 htdigest
-rwxr-xr-x. 1 httpd root   33958 Jul 12 01:29 htpasswd
-rwxr-xr-x. 1 httpd root 1606472 Jul 12 01:29 httpd
-rwxr-xr-x. 1 httpd root   16168 Jul 12 01:29 httxt2dbm
-rwxr-xr-x. 1 httpd root   17904 Jul 12 01:29 logresolve
-rwxr-xr-x. 1 httpd root   29642 Jul 12 01:29 rotatelogs
# 

Outro

# /bin/su -p -s /bin/sh httpd /usr/local/httpd/bin/apachectl start
(13)Permission denied: AH00072: make_sock: could not bind to address [::]:80
(13)Permission denied: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs

Eu criei um serviço por esse motivo: (curto) assim:

SERVICE_HOME=/usr/local/httpd
SERVICE_USER=httpd
SERVICE_NAME=Httpd
SHUTDOWN_WAIT=20

service_pid() {
  echo 'ps aux | grep "$SERVICE_USER" | grep "$SERVICE_HOME" | grep -v grep | head -1 | awk '{ print $2 }' '
}

start() {
  pid=$(service_pid)
  if [ -n "$pid" ] 
  then
echo "$SERVICE_NAME is already running (pid: $pid)"
  else
# Start httpd
echo "Starting $SERVICE_NAME"
/bin/su -p -s /bin/sh $SERVICE_USER $SERVICE_HOME/bin/apachectl start
#/bin/su -p -s /bin/sh httpd authbind /usr/local/httpd/bin/apachectl start
  fi
  return 0
}

Mas era impossível:

Eu estava tentando com authbind

http://ftp.debian.org/debian/pool/main/a/authbind/authbind_1.2.0.tar.gz

# tar zxvf /.../authbind_1.2.0.tar.gz -C /usr/local/
# cd /usr/local/authbind-1.2.0
# make
# make install

# ls -ARl /etc/authbind/
/etc/authbind/:
total 12
drwxr-xr-x. 2 root root 4096 Jul 12 13:34 byaddr
drwxr-xr-x. 2 root root 4096 Jul 12 13:34 byport
drwxr-xr-x. 2 root root 4096 Jul 12 13:34 byuid

/etc/authbind/byaddr:
total 0

/etc/authbind/byport:
total 0

/etc/authbind/byuid:
total 0
# 

# touch /etc/authbind/byport/80
# chown httpd:root /etc/authbind/byport/80
# chmod 755 /etc/authbind/byport/80

Tentando testar no prompt (preciso que o apache comece com httpd user !!!)

# /bin/su -p -s /bin/sh httpd authbind /usr/local/httpd/bin/apachectl start
/usr/local/bin/authbind: /usr/local/bin/authbind: cannot execute binary file
# /bin/su -p -s /bin/sh httpd exec authbind /usr/local/httpd/bin/apachectl start
sh: exec: No such file or directory
# /bin/su -p -s /bin/sh httpd exec authbind --deep /usr/local/http/bin/apachectl start
/bin/su: unrecognized option '--deep'
Try '/bin/su --help' for more information.
# 

Pergunta 1:

funciona authbind em RHEL / Ambiente do CentOS / Fedora ?

Pergunta 2:

Quais devem ser meus comandos? É necessário exec ou --deep junto com authbind?

testando authbind com root user não tem problema!

# authbind /usr/local/httpd/bin/apachectl start
# authbind /usr/local/httpd/bin/apachectl stop
#

Pergunta 3:

É necessário / bin / su , -p , -s e / bin / sh com httpd user?

    
por QA_Col 12.07.2015 / 22:13

1 resposta

0

você deve usar a nova versão do authbind suportando IPV6 : link

ou

link

ftp://ftp.debian.com/debian/pool /main/a/authbind/authbind_2.1.1.tar.gz

tar zxvf /home/.../authbind_2.1.1.tar.gz -C /your/path/
cd /your/path/authbind-2.1.1
make
make install

Sobre o usuário e o grupo, o usuário não precisa pertencer ao grupo root ...

useradd -r -c "Httpd User" -s /sbin/nologin httpd
chown -hR httpd: /usr/local/httpd/

Agora, o autho

touch /etc/authbind/byport/80
chown httpd: /etc/authbind/byport/80
chmod 755 /etc/authbind/byport/80

Resposta 1

Eu vi vários tutoriais Authbind para CentOS, RHEL e Fedora, por algum motivo ... funciona, então a resposta é sim ...

Resposta 2

iniciando o servidor tente isso no seu script:

/bin/su -p -s /bin/sh httpd -c "/usr/local/bin/authbind /usr/local/httpd/bin/apachectl start"

ou

/bin/su -p -s /bin/sh $SERVICE_USER -c "/usr/local/bin/authbind $SERVICE_HOME/bin/apachectl start"

parando o servidor tenta isso no seu script:

/bin/su -p -s /bin/sh httpd -c "/usr/local/bin/authbind /usr/local/httpd/bin/apachectl stop"

ou

/bin/su -p -s /bin/sh $SERVICE_USER -c "/usr/local/bin/authbind $SERVICE_HOME/bin/apachectl stop"

Resposta 3

Sobre a sua pergunta 3, verifique: su e sh

    
por 13.07.2015 / 06:42