Red Hat Bugzilla – Bug 971606
'service httpd status' doesn't run as non root _and_ returns incorrect status
Last modified: 2016-01-04 09:47:10 EST
There are two closely related issues here:
I would expect this command to succeed as a non root user?
$ service httpd status
httpd dead but subsys locked
If that's not possible fair enough.
But the issue is compounded by...
...the init script return code is incorrect:
$ echo $?
states that "2" means the service is dead.
In this case "4" should be returned so that status
for this service can be presented correctly.
I have checked httpd initscript and it uses "status" function from /etc/rc.d/init.d/functions (from package "initscripts") and returns its return code.
This function checks if the /var/run/httpd/httpd.pid exists, but /var/run/httpd directory has mode 0710, so as a user, you are not allowed to read its content. status function in /etc/init.d/functions should probably check for this case and return 4. I think this should be filed as a bug against initscripts package.
I will ask Joe Orton, if it's possible change the /var/run/httpd permissions to allow users reading the PID file. I don't see any reason why not to do that (and lot of daemons do that), but maybe I'm missing something...
We put other stuff in /var/run/httpd - AF_UNIX sockets notably (mod_cgid, mod_wsgi, etc). I'm not sure it's a actively harmful... do we guarantee that the status command works as non-root? What do the SELinux rules enforce?
Lacking any strong motivation I don't think we should change this. I don't think we could or should guarantee that the "status" command will work properly for non-root users in all cases; there may well be many exceptional cases which we couldn't anticipate. systemd addresses this issue properly.