We use automounted user home directories on our CentOS 6.3 desktops, and on the desktops on which we start apache, I have noticed that all 900+ home directories listed in NIS get (and stay!) mounted. If I don't start apache, this doesn't happen.
We don't need access to home directories from apache, so I would like to prevent apache from mounting these home directories, but I haven't been able to figure out how to do it. We use the stock httpd.conf file, and I commented out the "LoadModule userdir_module" line to no avail. Any other suggestions?
Alfred
On 19.11.2012 16:14, Alfred von Campe wrote:
We use automounted user home directories on our CentOS 6.3 desktops, and on the desktops on which we start apache, I have noticed that all 900+ home directories listed in NIS get (and stay!) mounted. If I don't start apache, this doesn't happen.
We don't need access to home directories from apache, so I would like to prevent apache from mounting these home directories, but I haven't been able to figure out how to do it. We use the stock httpd.conf file, and I commented out the "LoadModule userdir_module" line to no avail. Any other suggestions?
Instead of omitting LoadModule you could try to leave it enabled, but specify a different userdir, i.e. not under /home.
On Nov 19, 2012, at 11:20, Nux! wrote:
Instead of omitting LoadModule you could try to leave it enabled, but specify a different userdir, i.e. not under /home.
There is no reference to /home anywhere that I can find. I assume that apache just expands ~ to list all home directories and then it mounts them.
Alfred
On Nov 19, 2012, at 11:20, Nux! wrote:
Instead of omitting LoadModule you could try to leave it enabled, but specify a different userdir, i.e. not under /home.
There is no reference to /home anywhere that I can find. I assume that apache just expands ~ to list all home directories and then it mounts them.
Unless you've removed it from each and every Linux system (desktop included), /etc/httpd/conf/httpd.conf contains the following:
<IfModule mod_userdir.c> # # UserDir is disabled by default since it can confirm the presence # of a username on the system (depending on home directory # permissions). # #UserDir disable
# # To enable requests to /~user/ to serve the user's public_html # directory, remove the "UserDir disable" line above, and uncomment # the following line instead: # UserDir public_html
</IfModule>
# # Control access to UserDir directories. The following is an example # for a site where these directories are restricted to read-only. # <Directory /home/*/public_html> AllowOverride FileInfo AuthConfig Limit Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec <Limit GET POST OPTIONS> Order allow,deny Allow from all </Limit> <LimitExcept GET POST OPTIONS> Order deny,allow Deny from all </LimitExcept> </Directory>
The <Directory> directive pointing at /home/*/public_html is likely your issue.
On Nov 19, 2012, at 15:22, Mike Burger wrote:
Unless you've removed it from each and every Linux system (desktop included), /etc/httpd/conf/httpd.conf contains the following:
I have removed this on one of our test systems, rebooted, and it's still automounting all home directories.
Alfred
We use automounted user home directories on our CentOS 6.3 desktops, and on the desktops on which we start apache, I have noticed that all 900+ home directories listed in NIS get (and stay!) mounted. If I don't start apache, this doesn't happen.
We don't need access to home directories from apache, so I would like to prevent apache from mounting these home directories, but I haven't been able to figure out how to do it. We use the stock httpd.conf file, and I commented out the "LoadModule userdir_module" line to no avail. Any other suggestions?
Alfred
If I may...why are you running Apache on your desktops?
On Nov 19, 2012, at 11:29, Mike Burger wrote:
If I may...why are you running Apache on your desktops?
The products we develop need access to a web server, and some developers need a web server to test with. It's all just on our internal network; nothing is exposed to the Internet.
Alfred
Alfred von Campe wrote:
On Nov 19, 2012, at 11:29, Mike Burger wrote:
If I may...why are you running Apache on your desktops?
The products we develop need access to a web server, and some developers need a web server to test with. It's all just on our internal network; nothing is exposed to the Internet.
Not the way I'd do it: where I've worked, and work, we have apache running on servers, so we can guarantee their working ->correctly<-, and the developers have directories that they can put things in and test that way.
I've also seen gnome want to mount *everybody*....
mark
On Nov 19, 2012, at 12:02, m.roth@5-cent.us wrote:
Not the way I'd do it: where I've worked, and work, we have apache running on servers, so we can guarantee their working ->correctly<-, and the developers have directories that they can put things in and test that way.
Well, all we need to do is download a file via http, so having users start httpd with a stock config is usually sufficient.
I've also seen gnome want to mount *everybody*....
FWIW, I also have this issue (mounting all home directories) on one of our servers. But only those running 6.3; the systems running 5.8 do not seem to have this issue.
Alfred
On 19.11.2012 20:00, Alfred von Campe wrote:
On Nov 19, 2012, at 12:02, m.roth@5-cent.us wrote:
Not the way I'd do it: where I've worked, and work, we have apache running on servers, so we can guarantee their working ->correctly<-, and the developers have directories that they can put things in and test that way.
Well, all we need to do is download a file via http, so having users start httpd with a stock config is usually sufficient.
I've also seen gnome want to mount *everybody*....
FWIW, I also have this issue (mounting all home directories) on one of our servers. But only those running 6.3; the systems running 5.8 do not seem to have this issue.
Alfred
So automount will mount a directory if that directory is being read/accessed, yes? Then run fuser or lsof ro whatever is cool these days on those mount points, see what's using them.
Nux! wrote:
On 19.11.2012 20:00, Alfred von Campe wrote:
On Nov 19, 2012, at 12:02, m.roth@5-cent.us wrote:
<snip>
I've also seen gnome want to mount *everybody*....
FWIW, I also have this issue (mounting all home directories) on one of our servers. But only those running 6.3; the systems running 5.8 do not seem to have this issue.
So automount will mount a directory if that directory is being read/accessed, yes? Then run fuser or lsof ro whatever is cool these days on those mount points, see what's using them.
Ah, no. If it's running GUI, which none of our servers are, it wants *everyone* who isn't nologin mounted. Including people who've never been on that machine, nor will be.
mark
On 11/19/12 12:37 PM, m.roth@5-cent.us wrote:
Ah, no. If it's running GUI, which none of our servers are, it wants *everyone* who isn't nologin mounted. Including people who've never been on that machine, nor will be.
as an aside... while I don't use automounted home directories anymore, when I did (on Solaris 10+ years ago), we mounted /home/$SERVER and the user directories were /home/$SERVER/$USER .. on the server side, it was /export/home/$USER, so $SERVER:/export/home would be mounted as /home/$SERVER
this cuts WAY down on the number of nfs mounts
On Nov 19, 2012, at 15:37, m.roth@5-cent.us wrote:
Ah, no. If it's running GUI, which none of our servers are, it wants *everyone* who isn't nologin mounted. Including people who've never been on that machine, nor will be.
When you say "*it* wants", are you referring to apache or the GUI manager? Because you have definitely hit the nail on the head. So now that we know what the problem is, is there a solution (or even a kludgy workaround) for this?
Alfred
Alfred von Campe wrote:
On Nov 19, 2012, at 15:37, m.roth@5-cent.us wrote:
Ah, no. If it's running GUI, which none of our servers are, it wants *everyone* who isn't nologin mounted. Including people who've never been on that machine, nor will be.
When you say "*it* wants", are you referring to apache or the GUI manager? Because you have definitely hit the nail on the head. So now that we know what the problem is, is there a solution (or even a kludgy workaround) for this?
For me, it's a gnome thing, not apache.
mark "no, I don't like gnome"
On Nov 19, 2012, at 16:43, m.roth@5-cent.us wrote:
For me, it's a gnome thing, not apache.
Well, it's a combination of both. Gnome by itself doesn't do this; it only happens when you add apache to the mix.
I set the init level to 3 on one of my test systems and rebooted. I also configured apache to no start automatically. After a few minutes I logged in and checked /home and there were no directories mounted. As soon as I did a "service httpd start" the home directories started to get mounted. And this is at run level 3 with no GUI running!
This does not happen in CentOS 5.8. I think it's a bug (not a CentOS specific bug, but rather an upstream bug) and would love to know if anyone knows of a workaround. I don't have any RHEL system so I am wondering if I can file a bug with Red Hat about this or not.
Alfred
On Nov 19, 2012, at 11:14, I wrote:
We use automounted user home directories on our CentOS 6.3 desktops, and on the desktops on which we start apache, I have noticed that all 900+ home directories listed in NIS get (and stay!) mounted. If I don't start apache, this doesn't happen.
After trying and failing to reproduce the problem on a test RHEL 6.3 server, I compared the apache configs on the two servers and noticed one difference: the CentOS system had mod_dnssd installed. After doing a "yum erase mod_dnssd" (which also removed gnome-user-share) the issue went away. Problem SOLVED!
Alfred
-
Alfred von Campe -
John R Pierce -
m.roth@5-cent.us -
Mike Burger -
Nux!