[BlueOnyx:07080] Re: IMPORTANT: Last nights YUM updates - official fix

Jimmy Gross grossj at constantino.net
Sun Apr 17 09:02:44 -05 2011 

I just updated my server and cannot login through the GUI.

I ran the commands below and get the following errors:

ind: /etc/httpd/alias: No such file or directory
ind: /etc/httpd/alias: No such file or directory

please help.

Thanks.

jimmy
  -----Original Message-----
  From: blueonyx-bounces at blueonyx.it [mailto:blueonyx-bounces at blueonyx.it]On Behalf Of Michael Stauber
  Sent: Sunday, April 10, 2011 5:45 AM
  To: BlueOnyx General Mailing List
  Subject: [BlueOnyx:06956] IMPORTANT: Last nights YUM updates - official fix


  Hi all,


  As mentioned in [BlueOnyx:06936], last nights YUM updates contained a nasty surprise. The problem is with CentOS-5.6's mod_nss-1.0.8-3.el5 RPM.


  Here is the official fix:

  ===============


  1.) Login to the box by SSH as "admin".


  2.) Type "su -" to gain root access. 


  3.) Run the following commands:


  /etc/init.d/httpd stop

  find /etc/httpd/alias -user root -name "*.db" -exec /bin/chgrp apache {} \;

  find /etc/httpd/alias -user root -name "*.db" -exec /bin/chmod g+r {} \;

  /etc/init.d/httpd start


  That should fix the issues.


  There are also reports of BlueOnyx's GUI defaulting back to the initial setup wizard after these updates, which I cannot confirm yet. If you run into that, please perform the setup wizard again.


  --------------------------------------------------------------------------------------


  Why it happened:

  =============


  The guys at RedHat (and CentOS) who rolled up the new "mod_nss" addressed some security issues with "mod_nss", which also changed around the required ownerships and permissions of the /etc/httpd/alias/ databases. 


  In the past the files in /etc/httpd/alias/ were all root owned and had these ownerships and permissions:


  OLD:

  ====


  [root at derelik alias]# ls -la /etc/httpd/alias/*.db

  -rw------- 1 root root 65536 Sep 23 2010 /etc/httpd/alias/cert8.db

  -rw------- 1 root root 16384 Sep 23 2010 /etc/httpd/alias/key3.db

  -rw------- 1 root root 16384 Sep 23 2010 /etc/httpd/alias/secmod.db


  Now they're supposed to be this way:


  NEW:

  ====


  [root at cbq alias]# ls -la /etc/httpd/alias/*.db

  -rw-r----- 1 root apache 65536 Sep 23 2010 /etc/httpd/alias/cert8.db

  -rw-r----- 1 root apache 16384 Sep 23 2010 /etc/httpd/alias/key3.db

  -rw-r----- 1 root apache 16384 Sep 23 2010 /etc/httpd/alias/secmod.db


  As you can see: The group ownership got changed from "root" to "apache" and the databases are now also group readable, which they weren't in the past.


  CentOS-5.6's new mod_nss-1.0.8-3.el5 RPM (which owns these files) was supposed to fix the ownerships and permissions, but didn't. Hence the problems.


  I'll release an update to the BlueOnyx YUM repository which will automatically take care of this problem. But first I need to fix www.blueonyx.it and the mirrors as well. \o/


  Thanks to Rodrigo and the others who helped to address the issue in the meantime!


  -- 

  With best regards


  Michael Stauber

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20110417/f77563a8/attachment.html>

More information about the Blueonyx mailing list