Fedora directory users - Jun 2007 - [crit] host_ip_init(): PSET failure: Failed to create PSET handle (pset error = )

fedora core 6 - 2.6.20-1.2933.fc6
fedora-ds-1.0.4-1.FC6
httpd-2.2.4-2.fc6

I installed the directory server as a typical install with owner and group set 
to root.

Directory server starts OK

Admin server will not start.

Output of ''admin-serv/logs/error '' shows above subject error.

Output of /tmp file3SRK6D:
Syntax error on line 35 of /opt/fedora-ds/admin-serv/config/console.conf:
Error:\tApache has not been designed to serve pages while\n\trunning as root.  
There are known race conditions that\n\twill allow any local user to read any 
file on the system.\n\tIf you still desire to serve pages as root 
then\n\tadd -DBIG_SECURITY_HOLE to the CFLAGS env variable\n\tand then 
rebuild the server.\n\tIt is strongly suggested that you instead modify the 
User\n\tdirective in your httpd.conf file to list a non-root\n\tuser.\n

Changing the console.conf user and group to apache does not make any 
difference.

Output of ls -l admin-serv/config:
-rw------- 1 root root   337 Jun 24 13:17 adm.conf
-rw------- 1 root root    39 Jun 24 13:17 admpw
-rw------- 1 root root  4588 Jun 24 13:17 admserv.conf
-rw------- 1 root root  1324 Jun 24 13:17 admserv.conf.rej
-rw------- 1 root root  3726 Jun 24 15:54 console.conf
-rw------- 1 root root 30468 Jun 24 15:38 httpd.conf
-rw------- 1 root root  2048 Jun 24 13:17 httpd.conf.rej
-rw-r--r-- 1 root root 19707 Jun 24 13:17 local.conf
-rw------- 1 root root  4573 Jun 24 13:17 nss.conf

I have installed on two separate servers with latest fc6 and have the same 
problem on both boxes.

I would appreciate any ideas from list members as to how to resolve this 
problem.

Anthony M. Farrell wrote:
> fedora core 6 - 2.6.20-1.2933.fc6
> fedora-ds-1.0.4-1.FC6
> httpd-2.2.4-2.fc6
>
> I installed the directory server as a typical install with owner and group
set
> to root.
>
> Directory server starts OK
>
> Admin server will not start.
>
> Output of ''admin-serv/logs/error '' shows above subject
error.
>
> Output of /tmp file3SRK6D:
> Syntax error on line 35 of /opt/fedora-ds/admin-serv/config/console.conf:
> Error:\tApache has not been designed to serve pages while\n\trunning as
root.
> There are known race conditions that\n\twill allow any local user to read
any
> file on the system.\n\tIf you still desire to serve pages as root 
> then\n\tadd -DBIG_SECURITY_HOLE to the CFLAGS env variable\n\tand then 
> rebuild the server.\n\tIt is strongly suggested that you instead modify the
> User\n\tdirective in your httpd.conf file to list a non-root\n\tuser.\n
>   
This error message is telling you that Apache will not run as root.  You 
must change your User in admin-serv/config/console.conf to a non-root 
user, preferably the same user as you run your directory server as (if 
that is also root, I strongly encourage you to use a non-root user).

If you''re not very far along, I suggest starting over from scratch, and
re-installing using a non-root user for both the Directory and Admin 
servers.
> Changing the console.conf user and group to apache does not make any 
> difference.
>
> Output of ls -l admin-serv/config:
> -rw------- 1 root root   337 Jun 24 13:17 adm.conf
> -rw------- 1 root root    39 Jun 24 13:17 admpw
> -rw------- 1 root root  4588 Jun 24 13:17 admserv.conf
> -rw------- 1 root root  1324 Jun 24 13:17 admserv.conf.rej
> -rw------- 1 root root  3726 Jun 24 15:54 console.conf
> -rw------- 1 root root 30468 Jun 24 15:38 httpd.conf
> -rw------- 1 root root  2048 Jun 24 13:17 httpd.conf.rej
> -rw-r--r-- 1 root root 19707 Jun 24 13:17 local.conf
> -rw------- 1 root root  4573 Jun 24 13:17 nss.conf
>
> I have installed on two separate servers with latest fc6 and have the same 
> problem on both boxes.
>
> I would appreciate any ideas from list members as to how to resolve this 
> problem.
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>

On Tue, 26 Jun 2007 00:28:31 Richard Megginson wrote:
> This error message is telling you that Apache will not run as root.  You
> must change your User in admin-serv/config/console.conf to a non-root
> user, preferably the same user as you run your directory server as (if
> that is also root, I strongly encourage you to use a non-root user).
Thanks Richard - I created a fedora-ds user and that solved the problem. My 
interpretation of the installation instructions was that the default port 389 
must run as root. However that is obviously not the case. With your help all 
is now well.

Thanks for the effort you make to assist users on this list. I am sure it is 
much appreciated.

Tony

Anthony M. Farrell wrote:
> On Tue, 26 Jun 2007 00:28:31 Richard Megginson wrote:
>   
>> This error message is telling you that Apache will not run as root. 
You
>> must change your User in admin-serv/config/console.conf to a non-root
>> user, preferably the same user as you run your directory server as (if
>> that is also root, I strongly encourage you to use a non-root user).
>>     
>
> Thanks Richard - I created a fedora-ds user and that solved the problem. My
> interpretation of the installation instructions was that the default port
389
> must run as root. However that is obviously not the case.
You must start the server as the root user (or from init).  Once the 
server binds to port 389, it does a setuid to the non-privileged
user.
> With your help all 
> is now well.
>
> Thanks for the effort you make to assist users on this list. I am sure it
is
> much appreciated.
>
> Tony
>
>
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>