------------ Original Message ------------ > Date: Tuesday, August 11, 2015 11:43:21 -0400 > From: m.roth at 5-cent.us > > We started updating via CR over a week ago, before 6.7 was > official, and just today identified an issue.... For (alleged) > security, the agency I work as a contractor for runs SiteMinder, > from CA. > ># insert rant_against_CA.h > > Anyway, starting late last week, we found issues - as in, its > process, which runs under, and is started by, apache, was suddenly > pegging a CPU or so. Trying to stop httpd, that worked... but this > idiot process never did (and it's ugly to clean up after). > > What we just this morning found out to be the problem is that some > package seems to change the permissions on /var/log/httpd to 700 > from 770. The result was that this ...thing... couldn't write to > its own logs, running as apache:root, while /var/log/httpd was > root:root. > > I just did rpm -q httpd --scripts, and that doesn't show anything, > so as I don't know what package did it.... If anyone knows, I'd > like to know. > > mark I didn't try poking at the rpm too much, but just checked and found that the httpd-2.2.15-45 rpm, that's part of the (regular) 6.7 update, will change the permissions on the /var/log/httpd directory (but not the files in it) to 700 and the ownership (again, of the directory, not the included files) to root.root from whatever you may have set them to. Those are the same ownerships/permissions that are the default in 6.6. I.e., it appears that someone/thing modified the /var/log/httpd directory permissions and ownerships from the default and the updated httpd put them back. Isn't there a bit of a security issue in your (modified) setup with those files being able to be written to by the apache user?