F11 httpd - non-root "service httpd status" reports wrong
shmuel siegel
fedora at shmuelhome.mine.nu
Fri Sep 4 07:31:28 UTC 2009
Jason Farrell wrote:
> On Thu, Sep 3, 2009 at 11:21 AM, G.Wolfe
> Woodbury<ggw at wolves.durham.nc.us> wrote:
>
>> F11+updates doing a "service httpd status" reports that the subsystem is
>> locked but httpd dead. Examination of ps output shows the httpd processes,
>> and pidof reports them. Prepending sudo to the service command does things
>> right.
>>
>> Not sure why the sudo makes a difference, but it seems to me that it
>> shouldn't require root privleges to simply inquire for the status of
>> something.
>>
>
> That would be because the pidfile is located in /var/run/httpd vs
> /var/run (as in rhel), and is not readable by nonroot:
> drwx------. 2 root root 4096 2009-09-02 16:04 /var/run/httpd
>
> Not really a bug since regular users don't need to be querying service
> status, and httpd isn't singled out.
>
>
As pointed out by others, it is a bug since it is saying something that
is wrong.
But I would argue even further:
1) The information should be available to the normal user - just
like yum list and rpm -q
2) What have you gained by hiding the info that can be found by os
3) We want to minimize the need for privilege escalation, not maximize
More information about the fedora-test-list
mailing list