Bobcares

Troubleshooting Apache using strace

by | Nov 4, 2006

Occasionally system administrators can run into situations where the conventional way of troubleshooting an issue may not yield results. The conventional way means using test scripts, observing the log files, tweaking configuration settings and the like. In such cases, one will have to dig deeper into the internals of the server.

Bobcares helps online businesses maintain reliable web services. Quick troubleshooting is essential to avoid extended downtime in case of web server errors. In our web server management services, we use several specialized tools to detect the root cause of an issue. One such tool is Strace.

The strace utility intercepts and records the system calls which are made by a process and the signals which are received by a process. This article shows how to use strace to troubleshoot Apache by illustrating a real-world issue. I will begin with the problem statement and then move on to describe the initial troubleshooting attempts. The inner workings of the Apache server are briefly explained just before examining the strace results. Various options of strace and its internal working is beyond the scope of this article, so please refer to the man pages for the same.

Problem statement

ISSUE: Can’t send mail from web pages using PHP ‘mail()’ function.
OS: RedHat
SMTP Server: Sendmail
Web Server: Apache/1.3.22 – It’s a virtual hosting environment, there are many sites hosted in the server.
PHP version: 4.0.6

Initial troubleshooting attempts

Let me first recreate the issue and see the error for myself. I will create a test script, ‘mail.php’, that will use the ‘mail()’ function for sending mail. The test script is as follows.

<?php
error_reporting(E_ALL);
$to = "Vishnu <we2cares@fastmail.fm>";
$subject = "This is a test email";
$message = "This is a test email, please ignore.";

if (mail($to,$subject,$message))
{
echo "Thank you for sending email";
}
else
{
echo "Can't send email";
}
?>

I placed mail.php into the web area of the virtual domain in question, and then accessed it through a browser. The resulting page displayed an echoed message “Can’t send email”, no PHP specific error messages were shown. Analyzing the maillog shows no trace of mail injected from the virtual domain in question. I needed to verify whether the issue is specific to the virtual host in question or whether the issue is server wide. The same test script was used in a few other virtual hosts and produced the same result. That means the issue is not specific to a virtual host, it’s a server wide issue. Looks like Apache/PHP is broken.

Let me see whether the mail() function is disabled in the php.ini file using disable_functions.

[root@dns1 root]# grep disable_functions /etc/php.ini
disable_functions =

No, mail function is not disabled.

I have turned on display_errors and display_startup_errors in php.ini so that any internal PHP error is displayed on the web page, but that didn’t help either. The test PHP page doesn’t display any error, there are no error messages in the Apache, sendmail or other system logs. What next?

As I mentioned earlier, in order to know what’s happening at the process level, the strace utility is very useful. Before using strace to troubleshoot the issue, I will give a brief explanation of how Apache serves an incoming request.

Detour into Apache

Apache starts by creating a parent process with root privileges. This is the main process, it is responsible for forking child processes and maintaining them. The main Apache process doesn’t serve any requests, the requests are served by child processes. The number of idle child processes at a given time is determined by the MinSpareServers and MaxSpareServers directives in httpd.conf. When a new request comes in, it is served by one of the idle child processes. If there are no idle child processes, then a new child process is forked by the parent, to serve an incoming request. From the ps result shown below, it’s clear the the process with PID 1861 is the Apache parent process. It is running with “root” privileges, all the child processes are running as user “apache”.

[root@haqmail ~]# ps aux | grep httpd
USER       PID %CPU      %MEM      VSZ  RSS TTY      STAT     START   TIME     COMMAND
root      1861  0.0      0.4       25680 1992 ?        Ss      Sep24   0:02     /usr/sbin/httpd
apache    2295  0.0      0.4       25852 2024 ?        S       Sep24   0:00     /usr/sbin/httpd
apache    2296  0.0      0.4       25852 2024 ?        S       Sep24   0:00     /usr/sbin/httpd
apache    2297  0.0      0.4       25852 2024 ?        S       Sep24   0:00     /usr/sbin/httpd
apache    2298  0.0      0.4       25852 2024 ?        S       Sep24   0:00     /usr/sbin/httpd
apache    2299  0.0      0.4       25852 2024 ?        S       Sep24   0:00     /usr/sbin/httpd
apache    2300  0.0      0.4       25852 2024 ?        S       Sep24   0:00     /usr/sbin/httpd
apache    2301  0.0      0.4       25852 2024 ?        S       Sep24   0:00     /usr/sbin/httpd
apache    2302  0.0      0.4       25852 2024 ?        S       Sep24   0:00     /usr/sbin/httpd

A better view of parent child relationship is available from the pstree result.

[root@haqmail ~]# pstree -p | grep httpd
        +-httpd(1861)---httpd(2295)
        |             +-httpd(2296)
        |             +-httpd(2297)
        |             +-httpd(2298)
        |             +-httpd(2299)
        |             +-httpd(2300)
        |             +-httpd(2301)
        |             +-httpd(2302)

 

Using strace

Now we know that our request for mail.php is served by one of the Apache child processes and that strace can be used to get details of how requests are served, but there is one more problem: Which child process serves the mail.php request? We either know the process ID of the exact child process, or we trace all the child processes and then sort out the output of strace. There is no way to know in advance which child process will serve the mail.php request, so we will have to trace the parent Apache and all its child processes. The “-f” strace option traces child processes as they are created by currently traced processes as a result of the ‘fork’ system call.

Here we go…
First stop Apache and then restart Apache with strace.

[root@dns1 root]# strace -f -o trace.txt /etc/rc.d/init.d/httpd start

The “-o” option saves the result to “trace.txt” file. Now access the test PHP page through the browser. Stop strace and restart Apache as usual. It may be necessary to send the strace process a SIGKILL signal, because it captures some signals it gets from the terminal session.

Let us now go ahead and examine the strace result in the trace.txt file.

[root@dns1 root]# grep mail.php trace.txt
21837 read(7, "GET /mail.php HTTP/1.1rnUser-Age"..., 4096) = 472
21837 stat64("/var/www/virtdomain/mail.php", {st_mode=S_IFREG|0644, st_size=587, ...}) = 0

From the above grep result it’s clear that the Apache child process serving our request for mail.php is the one with PID “21837”. Now grep trace.txt for “21837”. Relevant result is pasted below.

21837 chdir("/var/www/virtdomaint") = 0
21837 open("/var/www/virtdomain/mail.php", O_RDONLY) = 8
.
.
.
.
21837 fork() = 21844

The last line shows that the Apache child process forks another process with PID 21844. Let us grep for 21844 in trace.txt and see what it does.

21844 execve("/bin/sh", ["sh", "-c", "/usr/sbin/sendmail -t -i"],
[/* 21 vars */]) = -1 EACCES (Permission denied)

Well, the process is used for sending mail using /usr/sbin/sendmail, but an incorrect permissions prevent it doing so. Sendmail permissions are set correctly, but checking /bin/sh reveals that it is set to “770” with “root.root” ownership. Since the Apache child process is running as user “apache”, it doesn’t have read and execute permission over /bin/sh, and hence the issue. Changing /bin/sh permission to “755” fixed it.

Conclusion

With a basic understanding of Apache and using strace, we could find the root cause of the issue and hence fix it. Strace is a general purpose utility and it can be used to troubleshoot any program. Strace and GDB (GNU Debugger) are very useful in system level troubleshooting. Here is a good article discussing both the utilities.


Articles by Vishnu RamAbout the author:
is an MTech. in Communication Systems from IIT Madras. He joined Bobcares in 2003 and has been working for Poornam since then.

His areas of interest are Performance tuning, Server monitoring, and Security. He practises Karate, reads books and listens to music.

6 Comments

  1. Sumit

    Nice article indeed.

    A good one to make people understand powers of strace utility. I use strace whenever I have to go beyond normal application level diagnostic techniques (which most of the times is the case).

  2. Rajith

    Good work.. Very nice and useful article 🙂

  3. Sattish

    Hi Vishnu,

    Thanks for the good article. Have been searching for a tutorail on how to debug programs using strace. Your article gave a clear picture on strace. Looking forward from you on articles about performance tuning

    Thanks
    Sattish.

  4. Arun

    Nice article. Very useful.

  5. Nivas

    Really a nice article.. Very useful.. Thanks 🙂

  6. Muhammed Roshan

    Its a wonderfull article.Keep writing blogs.Kudos.

Never again lose customers to poor
server speed! Let us help you.

Privacy Preference Center

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]
PHPSESSID
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid
smartlookCookie
_clck, _clsk, CLID, ANONCHK, MR, MUID, SM

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

_reb2bgeo - The visitor's geographical location

_reb2bloaded - Whether or not the script loaded for the visitor

_reb2bref - The referring URL for the visit

_reb2bsessionID - The visitor's RB2B session ID

_reb2buid - The visitor's RB2B user ID

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie
1P_JAR, NID, DV
NID
hblid
_reb2bgeo, _reb2bloaded, _reb2bref, _reb2bsessionID, _reb2buid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

SID, APISID, HSID, NID, PREF
SID, APISID, HSID, NID, PREF