I installed redmine 2.6.6.stable in a centos 7 vm (kernel 3.10.0-229.7.2.el7.x86_64). So far it's fine, but I'm currently unable to upload files. Googling around I found out that the Passenger writes these files (https://www.redmine.org/issues/8817), and it's probably without the correct write permissions. But I tried to fix it for the last 2 hours, with no success.

Apache's error_log when I try to upload something:

App 3419 stderr: Errno::EACCES (Permission denied - /var/www/html/vhosts/redmine/files/2015/08/150811151550_icon.png):
App 3419 stderr:   app/models/attachment.rb:108:in `initialize'
App 3419 stderr:   app/models/attachment.rb:108:in `open'
App 3419 stderr:   app/models/attachment.rb:108:in `files_to_final_location'
App 3419 stderr:   app/controllers/attachments_controller.rb:88:in `upload'

These are the current permissions for my redmine directory:

[root@server ~]# ls -l /var/www/html/vhosts/redmine/
total 44
drwxr-xr-x. 7 apache apache   78 Jul  7 16:47 app
drwxr-xr-x. 5 apache apache 4096 Jul 24 08:42 config
-rwxr-xr-x. 1 apache apache  160 Jul  7 16:47 config.ru
-rwxr-xr-x. 1 apache apache  240 Jul  7 16:47 CONTRIBUTING.md
drwxr-xr-x. 3 apache apache   36 Jul 24 08:37 db
drwxr-xr-x. 2 apache apache  107 Jul  7 16:47 doc
drwxr-xr-x. 5 apache apache   55 Jul  7 16:47 extra
drwxrwxr-x. 3 apache nobody   33 Aug 11 15:05 files
-rwxr-xr-x. 1 apache apache 3714 Jul  7 16:47 Gemfile
-rwxr-xr-x. 1 apache apache 3668 Jul 24 08:24 Gemfile.lock
drwxr-xr-x. 8 apache apache 4096 Jul  7 16:47 lib
drwxr-xr-x. 2 apache apache   43 Jul 24 08:36 log
drwxr-xr-x. 2 apache apache   19 Jul  7 16:47 plugins
drwxr-xr-x. 8 apache apache 4096 Jul 24 08:38 public
-rwxr-xr-x. 1 apache apache  275 Jul  7 16:47 Rakefile
-rwxr-xr-x. 1 apache apache  205 Jul  7 16:47 README.rdoc
drwxr-xr-x. 2 apache apache   30 Jul  7 16:47 script
drwxr-xr-x. 9 apache apache 4096 Jul  7 16:46 test
drwxr-xr-x. 8 apache apache   85 Jul  7 16:47 tmp
drwxr-xr-x. 2 apache apache    6 Jul  7 16:47 vendor

I tried to change the user that passenger runs, but had no success. Apparently it has some trouble in centos 7, and this server also runs a gitlab instance, so I quit trying to change it and tryed chmoding and chowning my files directory. My passenger conf:

[root@server ~]# cat /etc/httpd/conf.d/passenger.conf 
LoadModule passenger_module /usr/local/share/gems/gems/passenger-5.0.14/buildout/apache2/mod_passenger.so
   <IfModule mod_passenger.c>
     PassengerRoot /usr/local/share/gems/gems/passenger-5.0.14
     PassengerDefaultRuby /usr/bin/ruby
     PassengerUser apache

No matter how I try to change the PassengerUser (also tried PassengerDefaultUser a few times) parameter, I get the "nobody" user to run it:

[root@server ~]# ps aux | grep Passenger
root      2785  0.0  0.2 430108  4604 ?        Ssl  15:09   0:00 Passenger watchdog
root      2789  0.0  0.3 645040  6348 ?        Sl   15:09   0:00 Passenger core
nobody    2798  0.0  0.2 298768  4676 ?        Sl   15:09   0:00 Passenger ust-router
apache    3448  0.0  5.6 414536 106948 ?       Sl   15:15   0:00 Passenger RubyApp: /var/www/html/vhosts/redmine
root      4556  0.0  0.0 112640   972 pts/0    R+   15:26   0:00 grep --color=auto Passenger
none

Did somebody get the same issue? How can I troubleshoot it?

none
  none
  none
  • Make sure this directry has /var/www/html/vhosts/redmine/files/2015/08/ write access for web server user & also try setting SElinux to permissive mode. – serverliving.com Aug 12 '15 at 11:17
  • Hi @StackPlayer ! Thanks for helping me. I checked the permissions but had no success: `[root@server files]# pwd` `/var/www/html/vhosts/redmine/files` `[root@server files]# ls -l` `total 4` `drwxrwxr-x. 3 apache nobody 15 Aug 11 15:07 2015` `-rwxrwxr-x. 1 apache nobody 36 Jul 7 16:47 delete.me` `[root@server files]# cd 2015/` `[root@server 2015]# ls -l` `total 0` `drwxrwxr-x. 2 apache nobody 6 Aug 11 15:07 08` `[root@server 2015]# cd 08/` `[root@server 08]# ls -l` `total 0` I will try changing SELinux right now. Be right back – Bruno Lamps Aug 12 '15 at 11:29
  • @StackPlayer it worked! Thanks! How can I add this "exception" to selinux, so I can put it back in enforcing mode? – Bruno Lamps Aug 12 '15 at 11:37
  • The solution to keep selinux enforcing was to add the following rule: **semanage fcontext -a -t httpd_sys_rw_content_t “/var/www/html/vhosts/redmine/files(/.*)?”**, and then apply the settings with **restorecon -Rv /var/www/html/vhosts/redmine**. Source: http://www.serverlab.ca/tutorials/linux/web-servers-linux/configuring-selinux-policies-for-apache-web-servers/ – Bruno Lamps Aug 12 '15 at 12:51

The solution to keep selinux enforcing was to add the following rule: semanage fcontext -a -t httpd_sys_rw_content_t “/var/www/html/vhosts/redmine/files(/.*)?”, and then apply the settings with restorecon -Rv /var/www/html/vhosts/redmine.

Source: http://www.serverlab.ca/tutorials/linux/web-servers-linux/configuring-selinux-policies-for-apache-web-servers/

Thanks @StackPlayer for showing that SELinux was probably responsable for this.

none
  none
  none