[BlueOnyx:07082] Re: IMPORTANT: Last nights YUM updates - officialfix
Richard Morgan
richard at morgan-web.co.uk
Sun Apr 17 09:38:48 -05 2011
Hi Jimmy
A reboot fixed the problems for me... have you tried that? It was a rather large bundle of updates and I think it was Michael who suggest it was worth doing routinely after such an update.
Richard
----- Original Message -----
From: Jimmy Gross
To: BlueOnyx General Mailing List
Sent: Sunday, April 17, 2011 3:02 PM
Subject: [BlueOnyx:07080] Re: IMPORTANT: Last nights YUM updates - officialfix
I just updated my server and cannot login through the GUI.
I ran the commands below and get the following errors:
ind: /etc/httpd/alias: No such file or directory
ind: /etc/httpd/alias: No such file or directory
please help.
Thanks.
jimmy
-----Original Message-----
From: blueonyx-bounces at blueonyx.it [mailto:blueonyx-bounces at blueonyx.it]On Behalf Of Michael Stauber
Sent: Sunday, April 10, 2011 5:45 AM
To: BlueOnyx General Mailing List
Subject: [BlueOnyx:06956] IMPORTANT: Last nights YUM updates - official fix
Hi all,
As mentioned in [BlueOnyx:06936], last nights YUM updates contained a nasty surprise. The problem is with CentOS-5.6's mod_nss-1.0.8-3.el5 RPM.
Here is the official fix:
===============
1.) Login to the box by SSH as "admin".
2.) Type "su -" to gain root access.
3.) Run the following commands:
/etc/init.d/httpd stop
find /etc/httpd/alias -user root -name "*.db" -exec /bin/chgrp apache {} \;
find /etc/httpd/alias -user root -name "*.db" -exec /bin/chmod g+r {} \;
/etc/init.d/httpd start
That should fix the issues.
There are also reports of BlueOnyx's GUI defaulting back to the initial setup wizard after these updates, which I cannot confirm yet. If you run into that, please perform the setup wizard again.
--------------------------------------------------------------------------------------
Why it happened:
=============
The guys at RedHat (and CentOS) who rolled up the new "mod_nss" addressed some security issues with "mod_nss", which also changed around the required ownerships and permissions of the /etc/httpd/alias/ databases.
In the past the files in /etc/httpd/alias/ were all root owned and had these ownerships and permissions:
OLD:
====
[root at derelik alias]# ls -la /etc/httpd/alias/*.db
-rw------- 1 root root 65536 Sep 23 2010 /etc/httpd/alias/cert8.db
-rw------- 1 root root 16384 Sep 23 2010 /etc/httpd/alias/key3.db
-rw------- 1 root root 16384 Sep 23 2010 /etc/httpd/alias/secmod.db
Now they're supposed to be this way:
NEW:
====
[root at cbq alias]# ls -la /etc/httpd/alias/*.db
-rw-r----- 1 root apache 65536 Sep 23 2010 /etc/httpd/alias/cert8.db
-rw-r----- 1 root apache 16384 Sep 23 2010 /etc/httpd/alias/key3.db
-rw-r----- 1 root apache 16384 Sep 23 2010 /etc/httpd/alias/secmod.db
As you can see: The group ownership got changed from "root" to "apache" and the databases are now also group readable, which they weren't in the past.
CentOS-5.6's new mod_nss-1.0.8-3.el5 RPM (which owns these files) was supposed to fix the ownerships and permissions, but didn't. Hence the problems.
I'll release an update to the BlueOnyx YUM repository which will automatically take care of this problem. But first I need to fix www.blueonyx.it and the mirrors as well. \o/
Thanks to Rodrigo and the others who helped to address the issue in the meantime!
--
With best regards
Michael Stauber
------------------------------------------------------------------------------
_______________________________________________
Blueonyx mailing list
Blueonyx at mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20110417/4fa154f9/attachment.html>
More information about the Blueonyx
mailing list