Red Hat Bugzilla – Bug 971606
'service httpd status' doesn't run as non root _and_ returns incorrect status
Last modified: 2016-01-04 09:47:10 EST
There are two closely related issues here: I would expect this command to succeed as a non root user? $ service httpd status httpd dead but subsys locked If that's not possible fair enough. But the issue is compounded by... ...the init script return code is incorrect: $ echo $? 2 http://refspecs.linuxbase.org/LSB_3.1.1/LSB-Core-generic/LSB-Core-generic/iniscrptact.html states that "2" means the service is dead. In this case "4" should be returned so that status for this service can be presented correctly.
I have checked httpd initscript and it uses "status" function from /etc/rc.d/init.d/functions (from package "initscripts") and returns its return code. This function checks if the /var/run/httpd/httpd.pid exists, but /var/run/httpd directory has mode 0710, so as a user, you are not allowed to read its content. status function in /etc/init.d/functions should probably check for this case and return 4. I think this should be filed as a bug against initscripts package. I will ask Joe Orton, if it's possible change the /var/run/httpd permissions to allow users reading the PID file. I don't see any reason why not to do that (and lot of daemons do that), but maybe I'm missing something...
We put other stuff in /var/run/httpd - AF_UNIX sockets notably (mod_cgid, mod_wsgi, etc). I'm not sure it's a actively harmful... do we guarantee that the status command works as non-root? What do the SELinux rules enforce?
Lacking any strong motivation I don't think we should change this. I don't think we could or should guarantee that the "status" command will work properly for non-root users in all cases; there may well be many exceptional cases which we couldn't anticipate. systemd addresses this issue properly.