Re: apache won't start after upgrade - read-only filesystem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Jul 5, 2024, at 13:40, Alex <mysqlstudent@xxxxxxxxx> wrote:


Hi,

> I've just upgraded from fedora38 to fedora39 and directly to fedora40 and now 
> apache won't start:
>
>
> (30)Read-only file system: AH00091: httpd: could not open error log file 
> /home/httpd/<URL:http://www.mysite.com/logs/error_log>www.mysite.com/logs/err
> or_log.
> AH00015: Unable to open logs
>
>
>
> It has something to do with /home, as it seems it is unable to write anywhere 
> on /home, even after changing the document root for any virtual host to 
> various directories on /home it still fails with the same message, even 
> though I'm confident the path exists and is writable.

I know exactly what this is. I ran into it myself. Say hello to systemd:

ProtectHome=read-only

Do:

systemctl edit httpd

And add:

[Service]
ProtectHome=false

This'll turn this whole thing off.

That indeed was the fix. Thanks so much. That's crazy.

Do you have any idea why this option isn't part of the systemd service file on the other systems I upgraded? The document root for the other systems uses/var/www, but they didn't have this problem, and their home directories are also defined with this path.

I'll work on moving the logs out of the same general tree as the document root, but this seems like a big change. Maybe I missed it in the changelog?

This change is largely because it protects user home directories from malicious httpd attacks against poorly written executable code that would allow remote login (such as dropping a pubkey into a user’s authorized_keys) or by altering an admin’s login environment (replacing their .bashrc). Running web sites out of /home is still possible, they just can’t also write to /home.

-- 
Jonathan Billings
-- 
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux