Re: apache won't start after upgrade - read-only filesystem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, 2024-07-04 at 16:31 -0400, Alex wrote:
> I've just upgraded from fedora38 to fedora39 and directly to fedora40
> and now apache won't start:
> 
> (30)Read-only file system: AH00091: httpd: could not open error log
> file /home/httpd/www.mysite.com/logs/error_log.
> AH00015: Unable to open logs
> 
> It has something to do with /home, as it seems it is unable to write
> anywhere on /home, even after changing the document root for any
> virtual host to various directories on /home it still fails with the
> same message, even though I'm confident the path exists and is
> writable.

Why are you trying to write log files into your homespace?

The norm is that you serve website files (pages, pictures, etc) from
somewhere deeper inside /var/www/, and logs are inside /var/log/httpd/

Using other locations results in headbutting with SELinux, which tries
to limit servers from fooling around in areas they should leave alone.

If you must serve files from your own space, the default allowed source
directory was /home/<your-user-name>/public_html/, and you needed to
allow other users access to your homespace and that directory.  It's
more secure not to allow that, it's too easy for things to escape
outside of the server filepaths and read or write where they shouldn't.

One of the many dumb webserving guides I've seen on the net allows
someone accessing the webserver to read the logfiles through the
webserver.  Sometimes I think the various data breaches we keep seeing
in the news are down to barely competent admins following such guides. 
Never use turnkey solutions for public services.  You need to know how
to do it from scratch.

-- 
 
uname -rsvp
Linux 3.10.0-1160.118.1.el7.x86_64 #1 SMP Wed Apr 24 16:01:50 UTC 2024 x86_64
 
Boilerplate:  All unexpected mail to my mailbox is automatically deleted.
I will only get to see the messages that are posted to the mailing list.
 

-- 
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux