[BlueOnyx:06957] Re: IMPORTANT: Last nights YUM updates - official fix

Sun Apr 10 08:03:04 -05 2011

Michael,

I did what you indicated, but got "no such file or directory" on both find commands.

After the httpd start, I got a bunch of these:

[Sun Apr 10 07:59:01 2011] [warn] NameVirtualHost 69.65.36.46:80 has no VirtualHosts

Is this OK?

-Mark

From: blueonyx-bounces at blueonyx.it [mailto:blueonyx-bounces at blueonyx.it] On Behalf Of Michael Stauber
Sent: Sunday, April 10, 2011 5:45 AM
To: BlueOnyx General Mailing List
Subject: [BlueOnyx:06956] IMPORTANT: Last nights YUM updates - official fix

Hi all,

As mentioned in [BlueOnyx:06936], last nights YUM updates contained a nasty surprise. The problem is with CentOS-5.6's mod_nss-1.0.8-3.el5 RPM.

Here is the official fix:

===============

1.) Login to the box by SSH as "admin".

2.) Type "su -" to gain root access. 

3.) Run the following commands:

/etc/init.d/httpd stop

find /etc/httpd/alias -user root -name "*.db" -exec /bin/chgrp apache {} \;

find /etc/httpd/alias -user root -name "*.db" -exec /bin/chmod g+r {} \;

/etc/init.d/httpd start

That should fix the issues.

There are also reports of BlueOnyx's GUI defaulting back to the initial setup wizard after these updates, which I cannot confirm yet. If you run into that, please perform the setup wizard again.

--------------------------------------------------------------------------------------

Why it happened:

=============

The guys at RedHat (and CentOS) who rolled up the new "mod_nss" addressed some security issues with "mod_nss", which also changed around the required ownerships and permissions of the /etc/httpd/alias/ databases. 

In the past the files in /etc/httpd/alias/ were all root owned and had these ownerships and permissions:

OLD:

====

[root at derelik alias]# ls -la /etc/httpd/alias/*.db

-rw------- 1 root root 65536 Sep 23 2010 /etc/httpd/alias/cert8.db

-rw------- 1 root root 16384 Sep 23 2010 /etc/httpd/alias/key3.db

-rw------- 1 root root 16384 Sep 23 2010 /etc/httpd/alias/secmod.db

Now they're supposed to be this way:

NEW:

====

[root at cbq alias]# ls -la /etc/httpd/alias/*.db

-rw-r----- 1 root apache 65536 Sep 23 2010 /etc/httpd/alias/cert8.db

-rw-r----- 1 root apache 16384 Sep 23 2010 /etc/httpd/alias/key3.db

-rw-r----- 1 root apache 16384 Sep 23 2010 /etc/httpd/alias/secmod.db

As you can see: The group ownership got changed from "root" to "apache" and the databases are now also group readable, which they weren't in the past.

CentOS-5.6's new mod_nss-1.0.8-3.el5 RPM (which owns these files) was supposed to fix the ownerships and permissions, but didn't. Hence the problems.

I'll release an update to the BlueOnyx YUM repository which will automatically take care of this problem. But first I need to fix www.blueonyx.it and the mirrors as well. \o/

Thanks to Rodrigo and the others who helped to address the issue in the meantime!

-- 

With best regards

Michael Stauber

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20110410/d768608e/attachment.html>