2009/10/29 Paul Howarth <paul@xxxxxxxxxxxx>: > On 29/10/09 11:29, Clodoaldo Neto wrote: >> >> I've been using Fedora 10 and while trying F12 beta I noticed a >> problem in the httpd run directory permission. Then I tried F11 and >> the same problem happens: >> >> [Wed Oct 28 12:05:02 2009] [notice] Apache/2.2.13 (Unix) DAV/2 >> PHP/5.2.9 mod_python/3.3.1 Python/2.6 mod_ssl/2.2.13 >> OpenSSL/0.9.8k-fips mod_wsgi/2.6 mod_perl/2.0.4 Perl/v5.10.0 >> configured -- resuming normal operations >> [Wed Oct 28 12:05:09 2009] [error] [client 10.0.2.15] (13)Permission >> denied: mod_wsgi (pid=2722): Unable to connect to WSGI daemon process >> 'mygroup' on '/etc/httpd/run/wsgi.2692.0.1.sock' after multiple >> attempts. >> >> The problem is that until F10 the httpd socket directory was /var/run/ >> and in F11 and F12 it is /var/run/httpd: >> >> # ll /etc/httpd/run >> lrwxrwxrwx. 1 root root 19 2009-10-28 11:04 /etc/httpd/run -> >> ../../var/run/httpd >> >> # ll -d /var/run/httpd >> drwx------. 2 root root 4096 2009-10-28 11:51 /var/run/httpd >> >> # ll -d /var/run >> drwxr-xr-x. 31 root root 4096 2009-10-28 11:35 /var/run >> >> # ll /var/run/httpd/ >> total 4 >> -rw-r--r--. 1 root root 5 2009-10-28 12:05 httpd.pid >> srwx------. 1 apache root 0 2009-10-28 12:05 wsgi.2692.0.1.sock >> >> That can break some apache modules like mod_wsgi which rely on sockets. >> >> Any of these solve the problem: >> >> # chmod o+x /var/run/httpd >> # chown apache.root /var/run/httpd >> >> Is there a reason for the /var/run/httpd permissions to be as in >> F11/12 ? Is it necessary to have the user intervention to fix it? I >> have posted at the mod_wsgi list: >> >> http://groups.google.com/group/modwsgi/t/c5f5abc122088478 > > I had exactly the same problem with mod_fcgid and ended up creating a > separate socket directory /var/run/mod_fcgid with appropriate permissions > instead of following /etc/httpd/run. > > If you create a directory matching /var/run/mod_.* with suitable permissions > and include that directory in your package then it should get the right > SELinux context set so that it will work out of the box. Thanks for the workaround. But then what is the point of having a default httpd run directory as a symlink in the /etc/httpd directory? I could just set /var/run or run/.. as the socket directory avoiding the extra work and future maintenance of creating a directory. What I mean is why restrict the httpd run directory read permission to root if apache will run as the apache user and not as root? Regards, Clodoaldo > > Paul. > > -- > fedora-devel-list mailing list > fedora-devel-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-devel-list > -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
