Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Apache2 chroot /dev/null permission denied

187 views
Skip to first unread message

Knowledge Seeker

unread,
Mar 17, 2010, 6:50:03 PM3/17/10
to
Hi,
I have an old Debian Etch box, running Apache2 on chroot jail. Yesterday, (it sounds like joke) I turned off the machine and when I started it again the web server did not come to life again.
The problem was a Permission Denied on the /dev/null.

I created my device with the command:  mknod -m 0666 /chroot/dev/null c 1 3
listing the permissions:

crw-rw-rw- 1 root root 1, 3 2010-03-16 18:37 null
crw-rw-rw- 1 root root 1, 8 2010-03-16 18:39 random
crw-rw-rw- 1 root root 1, 9 2010-03-16 18:39 urandom


(When I change the group to sys, don't solve the problem)

Even outside of the chroot when I try to echo something and redirect to this device I get the same message:

-su: null: Permission Denied

My kernel is the default:
2.6.18-6-686 #1 SMP

Everything worked fine 2 days ago.

I really wish to understand and solve this issue.
When I mount all /dev with a bind option, it works fine again, but I wouldn't want to have all my devices available inside chroot.

I really appreciate any help.

Thanks in advance

--
Knoseeker

Wayne

unread,
Mar 17, 2010, 7:30:02 PM3/17/10
to
Knowledge Seeker wrote:
> Hi,
> I have an old Debian Etch box, running Apache2 on chroot jail. Yesterday,
> (it sounds like joke) I turned off the machine and when I started it again
> the web server did not come to life again.
> The problem was a Permission Denied on the /dev/null.
>
> I created my device with the command: mknod -m 0666 /chroot/dev/null c 1 3
> listing the permissions:
>
> crw-rw-rw- 1 root root 1, 3 2010-03-16 18:37 null
> crw-rw-rw- 1 root root 1, 8 2010-03-16 18:39 random
> crw-rw-rw- 1 root root 1, 9 2010-03-16 18:39 urandom
>
>
> (When I change the group to sys, don't solve the problem)
>
> Even outside of the chroot when I try to echo something and redirect to this
> device I get the same message:
>
> -su: null: Permission Denied
>
> My kernel is the default:
> 2.6.18-6-686 #1 SMP
>
> Everything worked fine 2 days ago.
>
> I really wish to understand and solve this issue.
> When I mount all /dev with a bind option, it works fine again, but I

I ran into that after an upgrade on squeeze a few months ago. As a
result a few programs would not run. The atd daemon was the only one I
cared about. Don't know, yet, what caused it but the fix was to put the
following into /root/.bash_profile.

chmod 666 /dev/null
chgrp root /dev/null

/etc/init.d/atd restart

HTH

Wayne


--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: http://lists.debian.org/4BA16444...@gmail.com

Knowledge Seeker

unread,
Mar 17, 2010, 10:10:01 PM3/17/10
to
That is the problem.
The permission is set to 666 and the group is root.
But it still don't work.
--
Knoseeker

Wayne

unread,
Mar 18, 2010, 11:20:02 AM3/18/10
to
Knowledge Seeker wrote:
> That is the problem.
> The permission is set to 666 and the group is root.
> But it still don't work.
>
>

I don't know know what else to suggest.

Maybe it is time to upgrade to lenny?

Sorry I could not be of more help.

Wayne


--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org

Archive: http://lists.debian.org/4BA2429E...@gmail.com

Mike Bird

unread,
Mar 18, 2010, 4:00:02 PM3/18/10
to
On Wed March 17 2010 19:00:35 Knowledge Seeker wrote:
> That is the problem.
> The permission is set to 666 and the group is root.
> But it still don't work.

Please post the exact complete error message, and
also the results of the following three commands run
as root as soon as possible after the error occurs:

# ls -dl /dev
drwxr-xr-x 22 root root 6280 2010-03-14 11:16 /dev
# ls -l /dev/null
crw-rw-rw- 1 root root 1, 3 2010-03-14 11:15 /dev/null
# su www-data -c 'ls -l /dev/null'
crw-rw-rw- 1 root root 1, 3 2010-03-14 11:15 /dev/null

Is there anything in your Apache config that might
be trying to chroot?

--Mike Bird


--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org

Archive: http://lists.debian.org/201003181252.3...@yosemite.net

Knowledge Seeker

unread,
Mar 18, 2010, 11:50:01 PM3/18/10
to
Thanks for the help.
Doing what was asked I figured out and solved the problem.
Another administrator added the option nodev  to the partition of the chroot. Probably He did not umounted and mounted the partition after that and the service did not stopped, when we restart the machine, the problem appeared.

One question.
For security reasons, what the best mount options for the chroot partition?
nosuid I already have.
Is it advisable to have nodev on the chroot and mount another small /chroot/dev partition (maybe ramdisk), without the nodev option containing  the null urandom and random devices?

Thanks again.

[ ]'s
--
Knoseeker

Boyd Stephen Smith Jr.

unread,
Mar 21, 2010, 4:20:02 AM3/21/10
to
On Wednesday 17 March 2010 17:46:34 Knowledge Seeker wrote:
> Even outside of the chroot when I try to echo something and redirect to
> this device I get the same message:
>
> -su: null: Permission Denied

Something mounted with the "nodev" option?
--
Boyd Stephen Smith Jr. ,= ,-_-. =.
b...@iguanasuicide.net ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-'
http://iguanasuicide.net/ \_/

signature.asc
0 new messages