Squid proxy server on centos 5 conflict with vncserver!
Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Squid proxy server on centos 5 conflict with vncserver!
Hi
we have a proxy server (squid) on a linux machine (centos 5.1).
The server was working ok until now. Suddenly squid decides to stop working. When I try to start it from the console (service squid start) it throws an error: "vnc server stopped : 2: username [FAILED]". (Or something like this... I do not remember)
So I remove the vnc server from Add/remove Applications an try again but the message changed to: "Starting VNC server: no displays configured [ OK ]" and squid is down!
The strange is that in GUI services when I click to squid the description is about vnc server (xvnc is stopped)!!! Even if the vncserver is removed.
I am not linux guru and I know very little about linux... but I suppose that the connection between squid and vnc is very strange!
Thanks
There is nothing that WE did...
But I found something useful... in the /etc/init.d/squid file that run when the squid service starts there is this script:
Code:
#!/bin/bash
#
# chkconfig: - 91 35
# description: Starts and stops vncserver. \
# used to provide remote X administration services.
# Source function library.
. /etc/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0
unset VNCSERVERARGS
VNCSERVERS=""
[ -f /etc/sysconfig/vncservers ] && . /etc/sysconfig/vncservers
prog=$"VNC server"
start() {
echo -n $"Starting $prog: "
ulimit -S -c 0 >/dev/null 2>&1
RETVAL=0
if [ ! -d /tmp/.X11-unix ]
then
mkdir -m 1777 /tmp/.X11-unix || :
restorecon /tmp/.X11-unix 2>/dev/null || :
fi
NOSERV=1
for display in ${VNCSERVERS}
do
NOSERV=
echo -n "${display} "
unset BASH_ENV ENV
DISP="${display%%:*}"
export USER="${display##*:}"
export VNCUSERARGS="${VNCSERVERARGS[${DISP}]}"
runuser -l ${USER} -c "cd ~${USER} && [ -f .vnc/passwd ] && vncserver :${DISP} ${VNCUSERARGS}"
RETVAL=$?
[ "$RETVAL" -ne 0 ] && break
done
if test -n "$NOSERV"; then echo -n "no displays configured "; fi
[ "$RETVAL" -eq 0 ] && success $"vncserver startup" || \
failure $"vncserver start"
echo
[ "$RETVAL" -eq 0 ] && touch /var/lock/subsys/vncserver
}
stop() {
echo -n $"Shutting down $prog: "
for display in ${VNCSERVERS}
do
echo -n "${display} "
unset BASH_ENV ENV
export USER="${display##*:}"
runuser ${USER} -c "vncserver -kill :${display%%:*}" >/dev/null 2>&1
done
RETVAL=$?
[ "$RETVAL" -eq 0 ] && success $"vncserver shutdown" || \
failure $"vncserver shutdown"
echo
[ "$RETVAL" -eq 0 ] && rm -f /var/lock/subsys/vncserver
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
restart|reload)
stop
sleep 3
start
;;
condrestart)
if [ -f /var/lock/subsys/vncserver ]; then
stop
sleep 3
start
fi
;;
status)
status Xvnc
;;
*)
echo $"Usage: $0 {start|stop|restart|condrestart|status}"
exit 1
esac
This script try to start the vncserver service. This script I think that is the same with the script that resides in the /etc/init.d/vncserver that is doing the same.
Someone copy and paste the code to the squid file to open the vncserver the same time squid starts. But why... why he didn't it with separate process...
So when the squid service try to start this code try simultaneously to start vncserver and failed... I replaced this code with the original code found in the centos site (http://www.faqs.org/docs/securing/chap28sec233.html) and squid is ok. But the next question is why this code stopped working? I removed the vnc server and re-installed it but I have the same problem.... The strange is that when I try to run the vncserver from services I take back a popup message that vncserver is ok and starts normally and I can use vnc-client on another machine to connect to it BUT in services appears as stopped!!!
So the problem is with the vncserver!
Thanks in advance
Last edited by nonlinearly; 02-15-2013 at 04:56 AM.
There is nothing that WE did...
But I found something useful... in the /etc/init.d/squid file that run when the squid service starts there is this script:
This script try to start the vncserver service. This script I think that is the same with the script that resides in the /etc/init.d/vncserver that is doing the same. Someone copy and paste the code to the squid file to open the vncserver the same time squid starts. But why... why he didn't it with separate process...
...which is what r0b0 pointed out: SOMEONE changed it, and you say someone changed it...then also say that it wasn't something that "we" did? Who else can modify things on your server?? If you or your admin team didn't make those changes (and can't find out who DID), you have VERY SERIOUS security problems. And since you can't have two of the same service running on the same port at the same time, the squid script would error out, since it couldn't start VNC a second time.
Quote:
So when the squid service try to start this code try simultaneously to start vncserver and failed... I replaced this code with the original code found in the centos site and squid is ok. But the next question is why this code stopped working?
Because VNC is obviously starting before squid, and when squid tries to start, it's trying to start ANOTHER copy of VNC, which it can't. See previous comment about if it wasn't you or the other admins, and you can't figure out who changed it, you have serious security issues.
Hmmm... My admin was recently fired!
But I did not understand what the problem is and what is the change made?
I think that this code inserted to have remote control when the squid opens... and I think that this code was always there without problems.
Since I took out and replaced it the squid starts but I have to open vncserver manually (even now when I manually start vncserver then I have remote control from other computers but in the list o services the vncserver says that is stopped!!!).
So obviously something happens with the vnc server. If this was ok then the script above would be running without problems.
Do not forget I am not linux guru...
Thanks anyway...
Hmmm... My admin was recently fired!
But I did not understand what the problem is and what is the change made?
Really?? Not sure what you don't understand, since it's very, VERY clear, and has been explained a few time already. Again: someone edited the squid startup script, to start VNC. Since squid started first, it started VNC also...so when the VNC script tried to run IT WAS ALREADY RUNNING, and couldn't start. You said yourself that you put the script back to the original one, and it worked.
Quote:
I think that this code inserted to have remote control when the squid opens... and I think that this code was always there without problems.
Nope. Someone edited that script, and it was only going to work until an upgrade took place, the box was restarted, or the VNC service was enabled independently.
Quote:
Since I took out and replaced it the squid starts but I have to open vncserver manually (even now when I manually start vncserver then I have remote control from other computers but in the list o services the vncserver says that is stopped!!!).
So obviously something happens with the vnc server. If this was ok then the script above would be running without problems.
Do not forget I am not linux guru...
Thanks anyway...
Right...again, the VNC startup script IS FAILING TO RUN, because VNC is ALREADY RUNNING. So, since the VNC startup script is failing, the service is marked as failed. Simple. If VNC is getting started from ANYWHERE else, the stand-alone startup script will fail, unless you're calling it with a "vnc restart"...which would stop the service first, THEN start it back...which would succeed.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
