Apache (httpd) - You don't have permission to access - apache

I'm trying to run the below command from my linux server
curl -T helloworld.txt -u user:pwd http://<ip>/record/helloworld.txt
Not able to upload a helloworld.txt file to my http url
Error:
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /record/helloworld.txt
on this server.</p>
<hr>
<address>Apache/2.2.3 (Red Hat) Server at <ip> Port 80</address>
</body>
</html>
httpd.conf:
Alias /record /usr/bin/Test/web/record
<Directory /usr/bin/Test/web/record>
DAV On
Options Indexes MultiViews FollowSymLinks
EnableSendfile off
AllowOverride None
Order allow,deny
allow from all
</Directory>
<Location "/record">
DAV On
AuthType Basic
AuthName "user"
AuthUserFile /usr/bin/Test/web/.htpasswd
Require valid-user
RewriteEngine off
</Location>
httpd error logs:
[Thu Aug 27 16:54:39 2015] [notice] caught SIGTERM, shutting down
[Thu Aug 27 16:54:39 2015] [notice] SELinux policy enabled; httpd running as context root:system_r:httpd_t:s0
[Thu Aug 27 16:54:39 2015] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Aug 27 16:54:39 2015] [notice] Digest: generating secret for digest authentication ...
[Thu Aug 27 16:54:39 2015] [notice] Digest: done
[Thu Aug 27 16:54:39 2015] [notice] Apache/2.2.3 (Red Hat) configured -- resuming normal operations
[Thu Aug 27 16:56:41 2015] [error] [client <ip>] Unable to PUT new contents for /record/helloworld.txt. [403, #0]
[Thu Aug 27 16:56:41 2015] [error] [client <ip>] (13)Permission denied: An error occurred while opening a resource. [500, #0]

Related

Red Hat Apache HTTPD error

Have setup a new test server and configure HTTPD conf file as per below:
NameVirtualHost *:443
Listen 443
# URL:y1.y3t.com
<VirtualHost *:443>
ServerAdmin gis#y3t.com
ServerName y1.y3t.com
ServerAlias y1.y3t.com
ProxyTimeout 2700
Timeout 2700
SSLEngine on
# SSLProtocol -SSLv2
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /home/ssl/y3t.com.crt
SSLCertificateKeyFile /home/ssl/y3t.com.key
SSLCertificateChainFile /home/ssl/intermediate.crt
ProxyPass / http://10.0.0.2/
ProxyPassReverse / http://10.0.0.2/
ErrorLog /appl/httpd/logs/y1.y3t.com-error_log
CustomLog /appl/httpd/logs/y1.y3t.com-access_log common
</VirtualHost>
However, there seems to be some errors as per the httpd error_log.
Error Message:-
[root#sgdc-pvl-web03 ~]# tail -f /var/log/httpd/error_log
[Tue Dec 13 16:22:47 2016] [notice] Digest: generating secret for digest authentication ...
[Tue Dec 13 16:22:47 2016] [notice] Digest: done
[Tue Dec 13 16:22:47 2016] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads.
[Tue Dec 13 16:22:47 2016] [notice] SSL FIPS mode disabled
[Tue Dec 13 16:22:47 2016] [notice] Apache/2.2.3 (Red Hat) configured -- resuming normal operations
[Tue Dec 13 16:27:21 2016] [notice] caught SIGTERM, shutting down
[Tue Dec 13 16:27:22 2016] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Dec 13 16:27:22 2016] [notice] SSL FIPS mode disabled
[Tue Dec 13 16:31:13 2016] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Dec 13 16:31:13 2016] [notice] SSL FIPS mode disabled
[Tue Dec 13 16:32:14 2016] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Dec 13 16:32:14 2016] [notice] SSL FIPS mode disabled
Can anyone advise on how can i resolve this? I'm still a newbie on this, really appreciate any help given!
Thanks for your help!
this lines in error_log is only "notice" and are not error massages
like the informasion about "SSL FIPS mode" that is disable (in last line)
[Tue Dec 13 16:32:14 2016] [notice] SSL FIPS mode disabled
does your web interface work correctly ?

Connection fail for Apache LDAP Authentication

I'm trying to let my Apache2 docker box(Ubuntu based) works with AD authentication, but I'm getting the error message
Fri Nov 18 14:59:38.508164 2016] [authnz_ldap:debug] [pid 2906:tid 140020857906944] mod_authnz_ldap.c(516): [client 192.168.56.1:61467] AH01691: auth_ldap authenticate: using URL ldap://192.168.56.150/CN=Users,DC=comp,DC=local?sAMAccountName?sub?(objectClass=user)
[Fri Nov 18 14:59:38.508181 2016] [authnz_ldap:trace1] [pid 2906:tid 140020857906944] mod_authnz_ldap.c(537): [client 192.168.56.1:61467] auth_ldap authenticate: final authn filter is (&(objectClass=user)(sAMAccountName=testuser01))
[Fri Nov 18 14:59:38.508350 2016] [ldap:trace5] [pid 2906:tid 140020857906944] util_ldap.c(329): [client 192.168.56.1:61467] LDC 7f593ab9e0a0 init
[Fri Nov 18 14:59:38.548846 2016] [ldap:trace5] [pid 2906:tid 140020857906944] util_ldap.c(186): [client 192.168.56.1:61467] LDC 7f593ab9e0a0 unbind
[Fri Nov 18 14:59:38.549037 2016] [authnz_ldap:info] [pid 2906:tid 140020857906944] [client 192.168.56.1:61467] AH01695: auth_ldap authenticate: user testuser01 authentication failed; URI /repos [LDAP: ldap_start_tls_s() failed][Connect error]
[Fri Nov 18 14:59:38.549047 2016] [core:trace3] [pid 2906:tid 140020857906944] request.c(119): [client 192.168.56.1:61467] auth phase 'check user' gave status 500: /repos
[Fri Nov 18 14:59:38.549088 2016] [http:trace3] [pid 2906:tid 140020857906944] http_filters.c(1006): [client 192.168.56.1:61467] Response sent with status 500, headers:
As you can see my AD server IP is 192.168.56.150. STL force enabled, Apache configuration is:
<VirtualHost *:80>
ServerAdmin webmaster#localhost
LogLevel trace8
ErrorLog ${APACHE_LOG_DIR}/svn-error.log
CustomLog ${APACHE_LOG_DIR}/svn-access.log combined
<Location / >
DAV svn
SVNParentPath /var/www/svn
SVNReposName "Subversion Repository"
AuthBasicProvider ldap
AuthType Basic
AuthName "AD Authorization Realm"
AuthLDAPURL "ldap://192.168.56.150/CN=Users,DC=comp,DC=local?sAMAccountName?sub?(objectClass=user)" STARTTLS
AuthLDAPBindDN cn=coops,cn=users,dc=comp,dc=local
AuthLDAPBindPassword 123456
Require valid-user
Require ldap-group CN=developers,CN=Users,DC=comp,DC=local
AuthLDAPGroupAttribute member
AuthLDAPGroupAttributeIsDN off
</Location>
</VirtualHost>
LDAPTrustedMode STARTTLS
LDAPVerifyServerCert on
LDAPTrustedGlobalCert CA_BASE64 /etc/apache2/certs/caroot.crt
I'm able to access AD from some LDAP client.
Anybody knows why my Apache server doesn't work?

503 service unavailable. Apache crashes once in 7-10 days

I use Apache server on Ubuntu 14.04. In order redirect all requests from mypage.com to mypage.com:8080/myapp I use mod_proxy. My 000-default.conf looks as follows:
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ProxyPass / http://mypage.com:8080/myapp/ retry=0 timeout=10
ProxyPassReverse / http://mypage.com:8080/myapp/
ServerName mypage.com
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
And that is my ports.conf
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf
Listen 80
Listen 81
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
And everything works fine until in a several days I always get 503 Service Unavailable error page. and this is written in error.log before error occurs
[Sun Oct 25 21:22:27.779422 2015] [core:error] [pid 14595] [client 38.104.233.252:45239] AH00126: Invalid URI in request GET HTTP/1.1 HTTP/1.1
[Mon Oct 26 02:30:20.925532 2015] [core:error] [pid 15416] [client 190.252.95.102:53508] AH00126: Invalid URI in request GET: index.php HTTP/1.0
[Mon Oct 26 08:22:27.771751 2015] [proxy:error] [pid 15402] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.1.1:8080 (mypage.com) failed
[Mon Oct 26 08:22:27.774040 2015] [proxy:error] [pid 15402] AH00959: ap_proxy_connect_backend disabling worker for (mypage.com) for 0s
[Mon Oct 26 08:22:27.774111 2015] [proxy_http:error] [pid 15402] [client 5.28.160.27:48692] AH01114: HTTP: failed to make connection to backend: mypage.com
[Mon Oct 26 10:55:51.655213 2015] [proxy:error] [pid 15406] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.1.1:8080 (mypage.com) failed
[Mon Oct 26 10:55:51.655422 2015] [proxy:error] [pid 15406] AH00959: ap_proxy_connect_backend disabling worker for (mypage.com) for 0s
[Mon Oct 26 10:55:51.655470 2015] [proxy_http:error] [pid 15406] [client 169.57.5.20:60000] AH01114: HTTP: failed to make connection to backend: mypage.com
[Mon Oct 26 13:32:00.442031 2015] [proxy:error] [pid 15408] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.1.1:8080 (mypage.com) failed
[Mon Oct 26 13:32:00.442356 2015] [proxy:error] [pid 15408] AH00959: ap_proxy_connect_backend disabling worker for (mypage.com) for 0s
[Mon Oct 26 13:32:00.442413 2015] [proxy_http:error] [pid 15408] [client 217.168.189.15:50222] AH01114: HTTP: failed to make connection to backend: mypage.com, referer: http://mypage.com/admn
[Mon Oct 26 13:32:12.245050 2015] [proxy:error] [pid 15402] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.1.1:8080 (mypage.com) failed
[Mon Oct 26 13:32:12.245179 2015] [proxy:error] [pid 15402] AH00959: ap_proxy_connect_backend disabling worker for (mypage.com) for 0s
[Mon Oct 26 13:32:12.245190 2015] [proxy_http:error] [pid 15402] [client 217.168.189.15:50225] AH01114: HTTP: failed to make connection to backend: mypage.com, referer: http://mypage.com/admn
[Mon Oct 26 13:34:44.343614 2015] [mpm_prefork:notice] [pid 991] AH00169: caught SIGTERM, shutting down
[Mon Oct 26 13:36:07.703185 2015] [mpm_prefork:notice] [pid 991] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.11 configured -- resuming normal operations
[Mon Oct 26 13:36:07.708761 2015] [core:notice] [pid 991] AH00094: Command line: '/usr/sbin/apache2'
[Tue Oct 27 01:20:23.236327 2015] [mpm_prefork:notice] [pid 991] AH00169: caught SIGTERM, shutting down
[Tue Oct 27 01:20:24.265160 2015] [mpm_prefork:notice] [pid 3247] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.11 configured -- resuming normal operations
[Tue Oct 27 01:20:24.265243 2015] [core:notice] [pid 3247] AH00094: Command line: '/usr/sbin/apache2'
[Tue Oct 27 01:41:17.177723 2015] [mpm_prefork:notice] [pid 3247] AH00169: caught SIGTERM, shutting down
[Tue Oct 27 01:41:18.219244 2015] [mpm_prefork:notice] [pid 11636] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.11 configured -- resuming normal operations
[Tue Oct 27 01:41:18.219351 2015] [core:notice] [pid 11636] AH00094: Command line: '/usr/sbin/apache2'
After I restart my machine it works fine again. Then in 7-10 days it crashes again. Tried a lots of things in internet but always get this error at most in several weeks. Struggling with already for some months.
SELinux is disabled.
The problem is not with Apache because its still serving a 503 page
The problem is with the application running on port number 8080, you are reverse proxying / to http://mypage.com:8080/myapp/ and when Apache is trying to proxy the request its not getting back the response from the 8080 app and so its trowing the message 'Service Unavailable' . Its inferred from the underlying part of the log.
[Mon Oct 26 13:32:00.442031 2015] [proxy:error] [pid 15408] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.1.1:8080 (mypage.com) failed
[Mon Oct 26 13:32:00.442356 2015] [proxy:error] [pid 15408] AH00959: ap_proxy_connect_backend disabling worker for (mypage.com) for 0s
[Mon Oct 26 13:32:00.442413 2015] [proxy_http:error] [pid 15408] [client 217.168.189.15:50222] AH01114: HTTP: failed to make connection to backend: mypage.com, referer: http://mypage.com/admn
[Mon Oct 26 13:32:12.245050 2015] [proxy:error] [pid 15402] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.1.1:8080 (mypage.com) failed
So check and post(if necessary) the logs of the server running on port number 8080

Apache as Proxy for Tomcat with Subdomain

Even though I found some similar reports on SO no suggestion solved my issue. So I decided to raise a question myself.
I am running Confluence (and Jira) as WARs on a Tomcat instance on Ubuntu. The application is accessible via http://localhost:8080/confluence. I would like to configure apache as a proxy to allow public access via http://confluence.<servername>.de. Following the instructions on https://confluence.atlassian.com/display/DOC/Using+Apache+with+mod_proxy#UsingApachewithmod_proxy-complex I did the following steps:
appended the attributes proxyName="confluence.<servername>.de" and proxyPort="80" to the Connector element in /var/lib/tomcat7/conf/server.xml.
Defined a virtual host in /etc/apache2/sites-enabled/confluence.conf
The confluence.conf has the following content:
<VirtualHost *:80>
ServerName confluence.<servername>.de
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://localhost:8080/confluence
ProxyPassReverse / http://localhost:8080/confluence
ProxyHTMLURLMap / /confluence/
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>
With this configuration I cannot invoke http://localhost:8080/confluence due to this (wget) output:
--2014-12-23 08:38:13-- http://localhost:8080/confluence
Resolving localhost (localhost)... ::1, 127.0.0.1
Connecting to localhost (localhost)|::1|:8080... failed: Connection refused.
Connecting to localhost (localhost)|127.0.0.1|:8080... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://confluence.<servername>.de/confluence/ [following]
--2014-12-23 08:38:13-- http://confluence.<servername>.de/confluence/
Resolving confluence.<servername>.de (confluence.<servername>.de)... 92.51.163.197
Connecting to confluence.<servername>.de (confluence.<servername>.de)|92.51.163.197|:80... connected.
HTTP request sent, awaiting response... 404 Not Found
2014-12-23 08:38:13 ERROR 404: Not Found.
If I remove the attributes proxyName and proxyPort this access is possible. However, the invocation via http://confluence.<servername>.de still yields errors. The output of Apache log suggests that the URL rewrite is corrupt:
[Tue Dec 23 08:50:47.952647 2014] [authz_core:debug] [pid 24715:tid 140609413170944] mod_authz_core.c(828): [client 37.201.226.149:11808] AH01628: authorization result: granted (no directives)
[Tue Dec 23 08:50:47.952809 2014] [proxy:debug] [pid 24715:tid 140609413170944] mod_proxy.c(1104): [client 37.201.226.149:11808] AH01143: Running scheme http handler (attempt 0)
[Tue Dec 23 08:50:47.952838 2014] [proxy:debug] [pid 24715:tid 140609413170944] proxy_util.c(2020): AH00942: HTTP: has acquired connection for (localhost)
[Tue Dec 23 08:50:47.952851 2014] [proxy:debug] [pid 24715:tid 140609413170944] proxy_util.c(2072): [client 37.201.226.149:11808] AH00944: connecting http://localhost:8080/confluence to localhost:8080
[Tue Dec 23 08:50:47.953069 2014] [proxy:debug] [pid 24715:tid 140609413170944] proxy_util.c(2206): [client 37.201.226.149:11808] AH00947: connected /confluence to localhost:8080
[Tue Dec 23 08:50:47.953176 2014] [proxy:debug] [pid 24715:tid 140609413170944] proxy_util.c(2483): (111)Connection refused: AH00957: HTTP: attempt to connect to [::1]:8080 (localhost) failed
[Tue Dec 23 08:50:47.953277 2014] [proxy:debug] [pid 24715:tid 140609413170944] proxy_util.c(2610): AH00962: HTTP: connection complete to [::1]:8080 (localhost)
[Tue Dec 23 08:50:47.956860 2014] [proxy:debug] [pid 24715:tid 140609413170944] proxy_util.c(2035): AH00943: http: has released connection for (localhost)
[Tue Dec 23 08:50:47.988123 2014] [authz_core:debug] [pid 24715:tid 140609402681088] mod_authz_core.c(828): [client 37.201.226.149:11808] AH01628: authorization result: granted (no directives)
[Tue Dec 23 08:50:47.988231 2014] [proxy:debug] [pid 24715:tid 140609402681088] mod_proxy.c(1104): [client 37.201.226.149:11808] AH01143: Running scheme http handler (attempt 0)
[Tue Dec 23 08:50:47.988250 2014] [proxy:debug] [pid 24715:tid 140609402681088] proxy_util.c(2020): AH00942: HTTP: has acquired connection for (localhost)
[Tue Dec 23 08:50:47.988264 2014] [proxy:debug] [pid 24715:tid 140609402681088] proxy_util.c(2072): [client 37.201.226.149:11808] AH00944: connecting http://localhost:8080/confluenceconfluence/ to localhost:8080
[Tue Dec 23 08:50:47.988277 2014] [proxy:debug] [pid 24715:tid 140609402681088] proxy_util.c(2206): [client 37.201.226.149:11808] AH00947: connected /confluenceconfluence/ to localhost:8080
[Tue Dec 23 08:50:47.990134 2014] [proxy:debug] [pid 24715:tid 140609402681088] proxy_util.c(2035): AH00943: http: has released connection for (localhost)
Am I missing anything? By the way, if I adjust the virtual host configuration in a way that the URL http://<servername>.de/confluence is used as a proxy everything works fine.
Any suggestion would be greatly appreciated.
My personal preference is to deploy applications in subfolders and set up proxy like:
ProxyPass "/confluence/" "http://localhost:8080/confluence/"
ProxyPassReverse "/confluence/" "http://localhost:8080/confluence/"
No need for ProxyHTMLURLMap, that's probably why you see "AH00944: connecting http://localhost:8080/confluenceconfluence/ to localhost:8080"
Setting up like you intended might be a little tricky, since you need the fully qualified domain name of your machine to be confluence.servername.de and you need an A record in your local DNS for this as well. I second Slash's question: can you ping confluence.servername.de?
When this is taken care of, you may also want to look into using these directives, as needed:
ProxyRequests Off
ProxyVia Off
RemoteIPHeader X-Forwarded-For
RequestHeader unset Accept-Encoding
ProxyHTMLEnable On
ProxyHTMLExtended On
<Proxy *>
Require all granted
</Proxy>

Apache2 + FastCGI + php-fpm on CentOS 6.4 ==> Works, but errors in error_log

Please help.
I've been trying to configure FastCGI + php-fpm on CentOS 6.4.
Finally it's working, but there are some errors at Apache log. I'd like to understand them and get rid of them.
Here's what I did after fresh install of CentOS (minimal) + MySQL + Apache2 + PHP:
# echo "" > /var/log/httpd/error_log
# service httpd restart
# cat /var/log/httpd/error_log
[Fri Apr 26 05:06:49 2013] [notice] caught SIGTERM, shutting down
[Fri Apr 26 05:06:50 2013] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
[Fri Apr 26 05:06:50 2013] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Fri Apr 26 05:06:50 2013] [notice] Digest: generating secret for digest authentication ...
[Fri Apr 26 05:06:50 2013] [notice] Digest: done
[Fri Apr 26 05:06:50 2013] [notice] Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 mod_ssl/2.2.15 OpenSSL/1.0.0-fips configured -- resuming normal operations
# yum -y install php-fpm
# chkconfig --levels 235 php-fpm on
# service php-fpm start
# /etc/init.d/php-fpm status
php-fpm (pid 1644) running...
# cat /var/log/php-fpm/error.log
[26-Apr-2013 05:07:17] NOTICE: fpm is running, pid 1644
[26-Apr-2013 05:07:17] NOTICE: ready to handle connections
# yum -y install wget make gcc libtool httpd-devel apr-devel apr
# wget http://www.fastcgi.com/dist/mod_fastcgi-current.tar.gz
# tar xf mod_fastcgi-current.tar.gz
# cd mod_fastcgi-2.4.6
# make -f Makefile.AP2 top_dir=/usr/lib/httpd
# cp .libs/mod_fastcgi.so /usr/lib/httpd/modules/
# mv /etc/httpd/conf.d/php.conf /etc/httpd/conf.d/php.conf.disabled
# mkdir /var/www/fastcgi
# cat > /etc/httpd/conf.d/fastcgi.conf <<EOF
# LoadModule fastcgi_module modules/mod_fastcgi.so
# FastCgiWrapper Off
# DirectoryIndex index.php index.html index.shtml index.cgi
# Alias /phpfpm /var/www/fastcgi/phpfpm
# AddType application/x-httpd-php .php
# Action application/x-httpd-php /phpfpm
# FastCgiExternalServer /var/www/fastcgi/phpfpm -host 127.0.0.1:9000 -flush -pass-header Authorization
# EOF
# setsebool httpd_can_network_connect on
# echo "" > /var/log/httpd/error_log
# service httpd restart
# sleep 5
# cat /var/log/httpd/error_log
[Fri Apr 26 05:07:33 2013] [notice] caught SIGTERM, shutting down
[Fri Apr 26 05:07:34 2013] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
[Fri Apr 26 05:07:34 2013] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Fri Apr 26 05:07:34 2013] [error] (13)Permission denied: FastCGI: apr_dir_open() failed
[Fri Apr 26 05:07:34 2013] [notice] Digest: generating secret for digest authentication ...
[Fri Apr 26 05:07:34 2013] [notice] Digest: done
[Fri Apr 26 05:07:34 2013] [error] FastCGI: access for server (uid -1, gid -1) failed: read not allowed
[Fri Apr 26 05:07:34 2013] [error] FastCGI: can't create dynamic directory "/etc/httpd/logs/fastcgi/dynamic": access for server (uid -1, gid -1) failed: read not allowed
[Fri Apr 26 05:07:34 2013] [notice] FastCGI: process manager initialized (pid 1841)
[Fri Apr 26 05:07:34 2013] [notice] Apache/2.2.15 (Unix) DAV/2 mod_fastcgi/2.4.6 mod_ssl/2.2.15 OpenSSL/1.0.0-fips configured -- resuming normal operations
# echo "" > /var/log/httpd/error_log
# service httpd restart
# sleep 5
# cat /var/log/httpd/error_log
[Fri Apr 26 05:10:05 2013] [notice] caught SIGTERM, shutting down
[Fri Apr 26 05:10:05 2013] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
[Fri Apr 26 05:10:05 2013] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Fri Apr 26 05:10:05 2013] [error] FastCGI: access for server (uid -1, gid -1) failed: read not allowed
[Fri Apr 26 05:10:05 2013] [error] FastCGI: can't create dynamic directory "/etc/httpd/logs/fastcgi/dynamic": access for server (uid -1, gid -1) failed: read not allowed
[Fri Apr 26 05:10:05 2013] [notice] Digest: generating secret for digest authentication ...
[Fri Apr 26 05:10:05 2013] [notice] Digest: done
[Fri Apr 26 05:10:05 2013] [error] FastCGI: access for server (uid -1, gid -1) failed: read not allowed
[Fri Apr 26 05:10:05 2013] [error] FastCGI: can't create dynamic directory "/etc/httpd/logs/fastcgi/dynamic": access for server (uid -1, gid -1) failed: read not allowed
[Fri Apr 26 05:10:05 2013] [notice] FastCGI: process manager initialized (pid 1866)
[Fri Apr 26 05:10:05 2013] [notice] Apache/2.2.15 (Unix) DAV/2 mod_fastcgi/2.4.6 mod_ssl/2.2.15 OpenSSL/1.0.0-fips configured -- resuming normal operations
UPD:
I completely disabled SELinux (setenforce 0 and SELINUX=disabled in /etc/sysconfig/selinux) and I also disabled suEXEC (mv /usr/sbin/suexec /usr/sbin/suexec.disabled and chmod 600 /usr/sbin/suexec.disabled). Here's what I got:
# echo "" > /var/log/httpd/error_log
# service httpd restart
# sleep 5
# cat /var/log/httpd/error_log
[Tue Apr 30 12:02:52 2013] [notice] caught SIGTERM, shutting down
[Tue Apr 30 12:02:53 2013] [error] FastCGI: access for server (uid -1, gid -1) failed: read not allowed
[Tue Apr 30 12:02:53 2013] [error] FastCGI: can't create dynamic directory "/etc/httpd/logs/fastcgi/dynamic": access for server (uid -1, gid -1) failed: read not allowed
[Tue Apr 30 12:02:53 2013] [notice] Digest: generating secret for digest authentication ...
[Tue Apr 30 12:02:53 2013] [notice] Digest: done
[Tue Apr 30 12:02:53 2013] [error] FastCGI: access for server (uid -1, gid -1) failed: read not allowed
[Tue Apr 30 12:02:53 2013] [error] FastCGI: can't create dynamic directory "/etc/httpd/logs/fastcgi/dynamic": access for server (uid -1, gid -1) failed: read not allowed
[Tue Apr 30 12:02:53 2013] [notice] FastCGI: process manager initialized (pid 1769)
[Tue Apr 30 12:02:53 2013] [notice] Apache/2.2.15 (Unix) DAV/2 mod_fastcgi/2.4.6 mod_ssl/2.2.15 OpenSSL/1.0.0-fips configured -- resuming normal operations
Same errors.
# ls -ld /etc/httpd/logs/fastcgi/dynamic
drwx------. 2 apache apache 4096 Apr 26 05:07 /etc/httpd/logs/fastcgi/dynamic
# chmod 777 /etc/httpd/logs/fastcgi/dynamic
# echo "" > /var/log/httpd/error_log
# service httpd restart
# sleep 5
# cat /var/log/httpd/error_log
[Tue Apr 30 12:18:44 2013] [notice] caught SIGTERM, shutting down
[Tue Apr 30 12:18:44 2013] [error] FastCGI: access for server (uid -1, gid -1) failed: read not allowed
[Tue Apr 30 12:18:44 2013] [notice] Digest: generating secret for digest authentication ...
[Tue Apr 30 12:18:44 2013] [notice] Digest: done
[Tue Apr 30 12:18:44 2013] [error] FastCGI: access for server (uid -1, gid -1) failed: read not allowed
[Tue Apr 30 12:18:44 2013] [notice] FastCGI: process manager initialized (pid 1888)
[Tue Apr 30 12:18:44 2013] [notice] Apache/2.2.15 (Unix) DAV/2 mod_fastcgi/2.4.6 mod_ssl/2.2.15 OpenSSL/1.0.0-fips configured -- resuming normal operations
Still some errors. Any thoughts?
Thanks for your attention.
Best regards, Anton Kizernis.
You did
# chmod 777 /etc/httpd/logs/fastcgi/dynamic
But don't you need to set the readable bit for the grandparent directory, and make the parent directory writable? E.g.
# chmod -R a+rX /etc/httpd/logs
# chmod -R a+w /etc/httpd/logs/fastcgi
This worked for me...
You should disable your selinux security policies. Selinux is not recommended with web server.