I have an Apache server running,
httpd -v produces
Server version: Apache/2.2.31 (Unix)
Server built: Aug 13 2015 23:45:37
But, I can't seem to find any directories with the name Apache in them. Running ps -ef | grep apache results in
user1 16741 30600 0 15:24 pts/0 00:00:00 grep apache
instead of showing the path for a directory it comes up with 'grep apache'.
It looks like you are using Red Hat. The Apache configuration files are in /etc/httpd, and the name of the Apache process, if it is running, is httpd.
Related
fuser can show you ONLY if original file is in use.
fuser DOESN'T SHOW YOU IF SYMLINK IS IN USE which calls original file. That's the issue. You don't know if symlink unused and can be removed.
I have started two processes (24261 opened original file and 24262 opened symlink) :
root#server DEV # ls -l /lib64/libgcc_s-4.4.7-20120601.so.1
-rwxr-xr-x 1 root root 93320 Sep 1 2014 /lib64/libgcc_s-4.4.7-20120601.so.1
root#server DEV # ls -l /usr/lib/gcc/x86_64-redhat-linux/4.4.4/libgcc_s.so
lrwxrwxrwx. 1 root root 20 Oct 19 2015 /usr/lib/gcc/x86_64-redhat-linux/4.4.4/libgcc_s.so -> /lib64/libgcc_s.so.1
root#server DEV #
root#server DEV # tail -f /lib64/libgcc_s.so.1 &
[1] 24261
root#server DEV #
root#server DEV # cd /usr/lib/gcc/x86_64-redhat-linux/4.4.4
root#server DEV # tail -f libgcc_s.so &
[2] 24262
root#server DEV #
root#server DEV # ps -ef | grep tail
root 24261 3265 0 13:39 pts/1 00:00:00 tail -f /lib64/libgcc_s.so.1
root 24262 3265 0 13:39 pts/1 00:00:00 tail -f libgcc_s.so
root 24492 3265 0 13:40 pts/1 00:00:00 grep tail
root#server DEV #
In both cases fuser tells that symlink and original file is in use (there are two processes for each command):
root#server DEV # fuser /lib64/libgcc_s.so.1
/lib64/libgcc_s.so.1: 24261 24262
root#server DEV # fuser /usr/lib/gcc/x86_64-redhat-linux/4.4.4/libgcc_s.so
/usr/lib/gcc/x86_64-redhat-linux/4.4.4/libgcc_s.so: 24261 24262
root#server DEV #
But we know that symlink was not used for the first process. It can be even removed and will not affect first process.
Let's say I want to remove 'gcc' package if the package is not in use.
Original file comes from 'libgcc' package.
root#server DEV # rpm -qf /lib64/libgcc_s.so.1
libgcc-4.4.7-11.el6.x86_64
Symlink comes from 'gcc' package:
root#server DEV # rpm -qf /usr/lib/gcc/x86_64-redhat-linux/4.4.4/libgcc_s.so
gcc-4.4.7-11.el6.x86_64
If I will remove 'gcc' package which contains only symlink, I will affect second process! How I can see if symlink is unused?
In my case 'ps -ef' shows that I used command:
root 24262 3265 0 13:39 pts/1 00:00:00 tail -f libgcc_s.so
So ps cannot even tell you that symlink was used.
Any Linux guru?
EDITED:
There is partial solution checking cwd - current working directory:
root#server DEV # ls -l /proc/24262/cwd
lrwxrwxrwx 1 root root 0 Jun 20 13:57 /proc/24262/cwd -> /usr/lib/gcc/x86_64-redhat-linux/4.4.4
root#server DEV #
So from here you see the path "/usr/lib/gcc/x86_64-redhat-linux/4.4.4" and you can get file name from ps.
This doesn't work if you do:
root#server DEV # cd /root
root#server DEV # cat script.sh
/usr/bin/tail -f /usr/lib/gcc/x86_64-redhat-linux/4.4.4/libgcc_s.so
root#server DEV #
root#server DEV # nohup ./script.sh &
[2] 26713
root#server DEV #
root#server DEV # ls -l /proc/26713/cwd
lrwxrwxrwx 1 root root 0 Jun 20 14:32 /proc/26713/cwd -> /root
It shows cwd for /root, but symlink is inside the script/program. So then you need to check ps chill process for /usr/lib/gcc/x86_64-redhat-linux/4.4.4/libgcc_s.so.
root#server DEV # ps -ef | grep 26713
root 26713 3265 0 14:32 pts/1 00:00:00 /bin/sh ./script.sh
root 26714 26713 0 14:32 pts/1 00:00:00 /usr/bin/tail -f /usr/lib/gcc/x86_64-redhat-linux/4.4.4/libgcc_s.so
root 26780 3265 0 14:38 pts/1 00:00:00 grep 26713
root#server DEV #
This is very confusing when you want to automate package removal (if the package is not in use).
It will be great if someone can see simpler way of this. Also if someone can confirm the accuracy of using cwd and ps child processes for symlink in use detection.
What will happen if script.sh would be binary file? Will I still able to see full symlink path in 'ps' or cwd?
Symlinks are not usual files: they cannot be opened with open() like regular files or directories. Symlink actually is just a constant string, which is automatically interpreted internally during path resolution.
Because of that symlinks are not "used" in the sence of utilities like fuser. When you call fuser for symlink, it actually shows info about file pointed by the link.
If by "in use" you mean "one or more programs is using the link as its path name for the file", then there is no way to tell. It could have been used yesterday, and it might be used tomorrow. Unix is designed so that, unless you are specifically using tools designed for that specific purpose, a symlink looks just like the file it points to. Programs like fuser or lsof will just go right through the links without even telling you it's a link.
If by "in use" you mean "points to a valid file", then there are ways to tell. The simplest being ls -L
$ ls -l foo
/bin/ls: cannot access foo: No such file or directory
$ ls -l g
lrwxrwxrwx 1 hymie users 3 2016-06-20 10:09 g -> foo
$ ls -lL g
/bin/ls: cannot access g: No such file or directory
Unfortunately, Linux kernel is designed to assign original file from the symlink in the start up phase. So when the process is running there is no possibility to check if file called directly or through symlink.
All you can do is to check what was current working directory ls -l /proc/<process_id>/cwd, command line arguments strings /proc/<process_id>/cmdline, what user started the process ps -ef | grep <process_id> then you can check user startup scripts and $PATH, ldd can show you which libraries are called from particular library. If you want to restart the process to see if symlink called then strace is your friend.
The premise of this question (identifying unused packages with fuser / lsof) is fundamentally flawed:
Not every file your system needs to work properly will referenced by an open file descriptor at any random time.
For example, you would have a bad time if you removed /bin/systemctl (since things like /sbin/shutdown are symlinks to it), but lsof shows nothing using it.
It's easy to come up with many more examples, like /bin/grep on my system. It's used all over the place in shell scripts, but I don't happen to have any long-running instances of it.
$ jcmd -l
418 sun.tools.jcmd.JCmd -l
$ jstat -gcutil -t 10 250ms 1
10 not found
I am aware of the bug in jdk related to attaching jstat as root to a process running as a different user.
Here, this docker container has one user root and as can be seen below from the ps command, cassandra is running under root.
$ whoami
root
I have tried to do the following:
$ sudo -u root jcmd -l
Any help is appreciated.
Docker container is debian:jessie
running java version:
openjdk version "1.8.0_66-internal"
Here's the output of ps -ef:
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 17:40 ? 00:00:00 /bin/bash /run.sh
root 10 1 11 17:40 ? 00:02:25 java -ea -javaagent:/usr/share/c
root 375 0 0 17:49 ? 00:00:00 bash
root 451 375 0 18:00 ? 00:00:00 ps -ef
Aside: jstack successfully dumps out the stack traces of the threads.
I know at least two possible reasons why this can happen.
Java is run with -XX:+PerfDisableSharedMem option. This option helps sometimes to reduce JVM safepoint pauses, but it also makes JVM invisible to jps and jstat. This is a very likely case, because you are running Cassandra, and recent Cassandra has this option ON by default.
Java process has a different mount namespace, so that /tmp of Java process is not physically the same directory as /tmp of your shell. The directory /tmp/hsperfdata_root must be accessible in order to use jps or jstat. This is also a plausible reason since you are using docker containers.
I am Using Linux rhel6 2.6.32-220.el6.x86_64 #1 SMP Wed Nov 9 08:03:13 EST 2011 x86_64 x86_64 x86_64 GNU/Linux.
I can access tomcat from browser at port 8080. I am trying get PID of this .
I tried all the folling command but unable to fing the PID
lsof -i :8080
no output
netstat -tulpn | grep :8080
no output
also there is no log nor any httpd process running.
Please help me the find this. Thanks in advance
The tomcat application uses Java so that's why there is no httpd process running:
According to the source posted below the PID is posted in a $CATALINA_PID file which means that all you need to do is read that file with (TomCat version 5 or higher)
cat $CATALINA_PID
And that should post the PID.
Source:
Is Tomcat running?
I use to find open ports programs like this:
# lsof -i -n -P | grep LIST | grep 8080
python 10335 xxxxxxxxx 3u IPv4 10663405 0t0 TCP *:8080 (LISTEN)
The PID is usually defined in the init script. So you should take a look at
/etc/init.d/tomcat
Many init scripts seem to use this command for $PID:
ps aux | grep org.apache.catalina.startup.Bootstrap | grep -v grep | awk '{ print $2 }'
echo $CATALINA_PID will only return the PID if $CATALINA_PID which is not necassary the case.
source for init
I would like to create a httpd.conf file to upload to my Apache server. I need to create this file in order to configure the SSLCertificateChainFile. Does anybody have any idea on how to do this?
I dont think you want to create it. You just need to find and configure it. You may try this:
It's possible to configure this there is no "default location" so I usually do:
$ ps -ef | grep apache
which gives me a list like
deploy#cmd01:/$ ps -ef | grep apache
root 4053 1 0 06:26 ? 00:00:04 /usr/sbin/apache2 -k start
www 5189 4053 0 11:00 ? 00:00:00 /usr/sbin/apache2 -k start
www 5199 4053 0 11:00 ? 00:00:00 /usr/sbin/apache2 -k start
...
Then simply run
$ /usr/sbin/apache2 -V
and you will get the details you need, specifically this
Server compiled with....
-D SERVER_CONFIG_FILE="/etc/apache2/apache2.conf"
The httpd.conf file is typically present, you should just be able to add your specific config settings in there.
Where is my httpd.conf file located apache
I'm trying to run the command, chown -R apache:apache xyz
But I'm getting error, chown: apache:apache': invalid user
Then I tried for the user www-data, but with same results.
Then I tried to check who owns the apache process by running, ps -Af |grep httpd.
I get the following,
root 29577 1 0 18:00 ? 00:00:00 /opt/lampp/bin/httpd -k start -DSSL -DPHP5
nobody 29754 29577 0 18:00 ? 00:00:00 /opt/lampp/bin/httpd -k start -DSSL -DPHP5
nobody 29756 29577 0 18:00 ? 00:00:00 /opt/lampp/bin/httpd -k start -DSSL -DPHP5
nobody 29757 29577 0 18:00 ? 00:00:00 /opt/lampp/bin/httpd -k start -DSSL -DPHP5
nobody 29758 29577 0 18:00 ? 00:00:00 /opt/lampp/bin/httpd -k start -DSSL -DPHP5
nobody 29759 29577 0 18:00 ? 00:00:00 /opt/lampp/bin/httpd -k start -DSSL -DPHP5
nobody 29760 29577 0 18:00 ? 00:00:00 /opt/lampp/bin/httpd -k start -DSSL -DPHP5
root 29785 29358 0 18:04 pts/0 00:00:00 grep httpd
So, where is the apache user?
Thanks.
Your apache runs as the user called "nobody" (Yes nobody is a username).
I have newer seen a linux where the apache user were called apache but you can configure the name in the apache config. Which linux version are you using?
look in the configuration for apache - httpd.conf. The following lines should give you the needed informations.
For the user do:
find / -name httpd.conf | xargs grep -i "^user"
and for the group do:
find / -name httpd.conf | xargs grep -i "^group"
-Martin
the user called "www-data" in apache2
Not all linux servers use apache and group apache. It looks like the server is running the process as nobody.
Are you root on the server? If so you can look in the /etc/groups file to see what groups are defined.
I've got the same problem when triyng to make the chroot with only some libraries. When I tried to su the same message was happened:
su: user xxxxxdoes not exist
Seems not all libraries was copied to the chroot subdirectory, so you can try to copy all if you've prepared the chroot dir
cp --parent -avR /usr/lib64 /CHROOT_DIR
cp --parent -avR /usr/lib /CHROOT_DIR
ln -s /CHROOT_DIR/usr/lib64 /CHROOT_DIR/lib64
ln -s /CHROOT_DIR/usr/lib64 /CHROOT_DIR/lib64
This ps aux | egrep '(apache|httpd)' OR apachectl -S can also help you see what the user is. For me it was www-data