Apache2 with mpm-itk

Wafelijzer · 2015-04-06 08:05:27

Hi all,

I'm trying to use mpm-itk module to assign per-vhost a user/group where the connection will be spawned under.
It seems it doesn't work right and tried different configurations.

I installed and configured the module and having issues when the module is loaded:

Version (from pacman):
~~~
[root@misc001 ~]# httpd -v
Server version: Apache/2.4.12 (Unix)
Server built: Jan 31 2015 11:02:34
~~~

When mpm_itk is enabled:
~~~
[root@misc001 ~]# curl http://localhost/cgi-bin/test.cgi
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>500 Internal Server Error</title>
</head><body>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to complete
your request.</p>
<p>Please contact the server administrator at
you@example.com to inform them of the time this error occurred,
and the actions you performed just before this error.</p>
<p>More information about this error may be available
in the server error log.</p>
<p>Additionally, a 500 Internal Server Error
error was encountered while trying to use an ErrorDocument to handle the request.</p>
</body></html>
~~~

Error in log:
~~~
[Sun Apr 05 15:13:07.462721 2015] [mpm_itk:warn] [pid 3763] (itkmpm: pid=3763 uid=33, gid=33) itk_post_perdir_config(): initgroups(http, 33): Operation not permitted
[Sun Apr 05 15:13:07.463227 2015] [mpm_itk:warn] [pid 3763] (itkmpm: pid=3763 uid=33, gid=33) itk_post_perdir_config(): initgroups(http, 33): Operation not permitted
~~~

Config:
~~~
#LoadModule mpm_event_module modules/mod_mpm_event.so
LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
LoadModule mpm_itk_module modules/mpm_itk.so

<IfModule unixd_module>
#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
#
User http
Group http

</IfModule>
~~~

It seems we can not set User root, Group root then the daemon refuses to start. Also mod_unixd seems to be needed to be loaded because it is part of apache2 base.

Also it seems no article on the wiki how to configure mod_itk and googling did only found:
libapache2-mpm-itk: can no longer set group to one that the user does not belong to
https://bugs.debian.org/cgi-bin/bugrepo … bug=734814

I tried to install Debian 8.0 prerelease in a Virtualbox to see if it works and which version they run. It works perfect and they only use Apache 2.4.10 instead of 2.4.12 and I can't find the unixd_module configuration block. Most probably this is compiled in instead of shared module.

Hope this is clear enough,

Thanks in advance
Jerry

anatolik · 2015-04-06 16:50:11

It sounds similar to issue reported upstream http://lists.err.no/pipermail/mpm-itk/2 … 00846.html But there is no solution for it yet.

BTW the debian bug you posted mentions that the problem exists in apache 2.4.7-1 (and it worked fine with Debians' apache 2.4.6-3). Do you have chance to downgrade Debian apache to 2.4.7-1 and see if the problem appeared?

Wafelijzer · 2015-04-06 18:40:50

I'm running Apache 2.4.12 with mpm-itk under Arch Linux, I justed added the note on Debian 8.0 for clearification that it works on that distro.

anatolik · 2015-04-06 21:05:04

Let me rephrase it.

According to the bug report above Debian apache2 2.4.7-1 has this problem, and you say that Debian apache2 2.4.10 does not have. Obviously some change has been made to Debian package that fixes the issue. If you can find a version where this regression has been fixed on Debian then it will be easier for you to fix the problem at Arch.

Arch Linux

#1 2015-04-06 08:05:27

Apache2 with mpm-itk

#2 2015-04-06 16:50:11

Re: Apache2 with mpm-itk

#3 2015-04-06 18:40:50

Re: Apache2 with mpm-itk

#4 2015-04-06 21:05:04

Re: Apache2 with mpm-itk

Board footer