3

I am having this error:

[Mon Dec 05 10:22:23 2011] [warn] mod_rewrite: Running external rewrite maps without defining a RewriteLock is DANGEROUS!
[Mon Dec 05 10:22:23 2011] [error] (13)Permission denied: mod_rewrite: could not start RewriteMap program /etc/httpd/conf.d/upsell_by_id.py

This error is associated with this line : RewriteMap upsells prg:/etc/httpd/conf.d/upsell_by_id.py

I realize that this probably means that the execution user for apache cannot execute these files. How do I determine what the execution environ ment is for apache? How do I make this file upsell_by_id.py executable to apache?

I get this error when I try to run the upsell_by_id.py as apache:
Traceback (most recent call last):
  File "/etc/httpd/conf.d/upsell_by_id.py", line 8, in <module>
    keyword_groups = pickle.load(open("/home/zumodo/upsell_backup/upsells.pkl", "rb" ) )
IOError: [Errno 13] Permission denied: '/home/zumodo/upsell_backup/upsells.pkl'

This is despite the fact that the file upsells.pkl appears to have all the neccessary permission:

-rwxrwxrwx.  1 skline skline 6.4M Dec  5 08:50 upsells.pkl
Spencer
  • 201
  • 1
  • 2
  • 6
  • possible duplicate of [Trouble Opening a File As The Apache User](http://serverfault.com/questions/337934/trouble-opening-a-file-as-the-apache-user) – mailq Dec 05 '11 at 23:13

2 Answers2

3

You actually have two errors there. The permissions one first:

Apache will need appropriate permissions in each of the directories leading up to the upsells.pkl file as well as on the file itself.

Try this to determine what permissions the directories have (note the spaces are important):

ls -ld /home/ /home/zumodo/ /home/zumodo/upsell_backup/

The Apache user will need the x permission on each of those directories. /home usually has the required permissions but it's quite common for everything in /home/* to have mode 750 (rwxr-x---) or even mode 700 (rwx------). Either of these would cause your problem. The permissions problem could easily be on the upsell_backup directory as well.

Move the upsells.pkl file to a more appropriate path (such as /var/www/) or change the permissions on the restrictive directory.

The error message about the RewriteLock is correct; not having one is dangerous.

Apache is either multi-threaded or spawns multiple children which means that any two of them can receive requests at the same time. The RewriteLock is used internally by Apache to make sure that only one child or thread is talking to the external process at a time. If you don't specify one, the output of the program can end up being mixed together, completely messing up your rewrite rules and possibly your entire server. The most likely result is that when your server gets busy you will generate a lot of 500 responses. Significantly worse results are possible.

Ladadadada
  • 25,847
  • 7
  • 57
  • 90
  • Thank you so much. i think this is it How do I change the permissions for /home /home/zumodo and /home/zumodo/upsell_backup/. I am new to all of this. – Spencer Dec 05 '11 at 22:52
  • The easiest way is `chmod +rx `. What this does is grant read and execute permissions on `` for all users. A full [unix file permissions tutorial](http://www.dartmouth.edu/~rc/help/faq/permissions.html) will not fit in this comment but a link to one will. – Ladadadada Dec 05 '11 at 23:02
  • I have accepted your answer because I got the command:sudo -u apache /etc/httpd/conf.d/upsell_by_id.py. Yet even though this command runs, I still get the same error when I try to start my apache server. Whe I look in the logs I also get an error related to SELINUX. Do you have any suggestions, I am really pulling my hair out. – Spencer Dec 05 '11 at 23:07
  • To save your hair I would recommend [changing SELinux to permissive mode](http://www.cyberciti.biz/tips/enable-permissive-mode-for-selinux-troubleshooting-purpose.html) until you have figured out why SELinux is blocking access. If it's a different enough error message, it might also be worthwhile asking a new question with your SELinux error message. – Ladadadada Dec 05 '11 at 23:11
  • So here it is 11 years later and this article comes up in search results as I'm struggling with some mod_rewrite issues... so I figured it was worth dropping this hint here in the thread... – jrypkahauer Aug 10 '22 at 15:32
1

For time being disable RewriteMap upsells line and see if apache starts or not. If it starts check user running apache.

Run following command.

ps axho user,comm|grep -E "httpd|apache"|uniq|grep -v "root"|awk 'END {print $1}'

This command will give you user running apache server. Then check ownership and permissions of the file. I think the file should be executable for the user running apache/httpd process.

Then by using following command set appropriate permissions and ownership of the file.

chown root.apache /etc/httpd/conf.d/upsell_by_id.py

chmod +x /etc/httpd/conf.d/upsell_by_id.py

Sachin Divekar
  • 2,445
  • 2
  • 20
  • 23
  • skline 1900 1809 0 13:12 pts/0 00:00:00 grep --color=auto httpd. However, I can run this file as skline. What could be the problem? – Spencer Dec 05 '11 at 21:14
  • What you pasted is your grep process not an httpd process – thinice Dec 05 '11 at 21:19
  • @Peter please check the updated answer. – Sachin Divekar Dec 05 '11 at 21:22
  • Thanks a lot, I upvoted your answer. Now I posted the results and to this command with Apache running. It looks like it is Apache running it. How do I give the Apache user the appropriate permissions? – Spencer Dec 05 '11 at 21:28
  • I appreciate your help, but sadly even after granting these permissions I still get the same error. I am at a loss for what is going on... – Spencer Dec 05 '11 at 21:36
  • Could it possibly have something to do with mod_rewrite? Could mod_rewrite be a separate user? – Spencer Dec 05 '11 at 21:40
  • Paste output of `ls -l /etc/httpd/conf.d/upsell_by_id.py` and `ls -ld /etc/httpd/conf.d`. – Sachin Divekar Dec 05 '11 at 21:45
  • 3
    It is not appropriate for the apache user to own its configuration files, since it shouldn't be able to write to them. – sciurus Dec 05 '11 at 21:51
  • 2
    What is the output of `sudo -u apache /etc/httpd/conf.d/upsell_by_id.py`? – sciurus Dec 05 '11 at 21:54
  • @sciurus +1 I have updated my answer. – Sachin Divekar Dec 05 '11 at 21:56
  • @sciurus thank you very much. The output is this:Traceback (most recent call last): File "/etc/httpd/conf.d/upsell_by_id.py", line 8, in keyword_groups = pickle.load(open("/home/zumodo/upsell_backup/upsells.pkl", "rb" ) ) IOError: [Errno 13] Permission denied: '/home/zumodo/upsell_backup/upsells.pkl' – Spencer Dec 05 '11 at 22:24