I just hit this problem on RHEL 5..2 The v2.5.6 modsec_debug.log was
recording "Permission denied" when trying to create the subfolders for the
log files. I tried your method of "su - apache" and it confirmed there was a
permissions problem with the apache account. The only problem was that
SELinux was not causing it.
The Apache logs were being written to /etc/httpd/logs, which is where I
pointed MLOGC as well, and the apache account was the owner of the folder
and files. But it still was getting denied.
/etc/httpd/logs was a symbolic link to /var/logs/httpd and that was where
the problem was. Even though the apache account showed as the owner of
/etc/httpd/logs, it was not the owner of /var/logs/httpd. Once I made it the
owner of /var/logs/httpd everything started working.
"Brian Rectanus" <Brian.Rectanus@...> wrote in message
PIotr Kowalski wrote:
> Dnia 17-09-2008 o godz. 19:56 Brian Rectanus napisa³(a):
>> PIotr Kowalski wrote:
>> > I've read about similar problems, but none of proposed suggestions
>> > helped me. I build mlogc binary on my RHEL server, but after copy it to
>> > /usr/bin and restart of apache, error_log complains about permission
>> > denied to create subdirectories in /var/log/mlogc/data. My permissions
>> > to thes folders are:
>> > /var/log 755 root root
>> > /var/log/mlogc 755 root root
>> > /var/log/data 770 apache apache
>> Did you mean /var/log/mlogc/data above, or did you create /var/log/data
>> in the wrong place? If you really have this:
>> /var/log/mlogc/data 770 apache apache
>> Then that looks correct, provided /var is 755 as well and Apache is
>> really running as apache:apache. Another issue may be if there are
>> already directories under the data directory that have wrong
>> permissions. You may want to add the group sticky bit to the data dir
>> as well (chmod g+s /var/log/mlogc/data) so that all new dir/files are
>> created with the correct group.
>> Brian Rectanus
>> Breach Security
> I did exactly like you said with sticky bit and I have created only
> /var/log/mlogc and /var/log/mlogc/data without any other inside. It is
> quite strange. I have thought that maybe SELinux is blocking but I have
> inspected logs and I have not found anything strange.
I am keeping this on the list so others benefit...
Could be SELinux. To test this, login as root, change to the "apache"
user, then recurse to each dir and see where it fails:
su - apache
If any of those fail, then that is the issue.
BTW, this is not mlogc, but mod_security that is giving this error (ie
writing the audit log - mlogc just reads it and may remove it).
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great
Grand prize is a trip for two to an Open Source event anywhere in the world