Revisit: ISPConfig, httpd and wierd logging errors

[zetnsh]

Hi there,

I posted a week or two back re. the difficulties I had getting ISPConfig and apache to work nicely together on a new server I'm building.

Well, it's moved on! I got as far as moving some data onto the machine for a test, but still apache wouldn't start. I found commenting out the line in httpd.conf that deals with piping logs to cronolog fixed it in first testing, but once I started to try real sites, it refused to start with this error:

Code:

(13)Permission denied: httpd: could not open error log file /var/www/web12/log/error.log.
Unable to open logs

This tells me it's not specifically a piped log issue, it's more general. Incidentally, file permissions on /var/www/web12/log/error.log were identical on both servers: owned by w24712_sales:web12 and permission of 644.

Now, this is a migration from another machine. /etc/passwd, /etc/shadow, /etc/group and /etc/gshadow were identical. /etc/httpd/conf/* and /etc/httpd/conf.d/* were identical. Even /var/www was identical (where the web data is kept).

So really I'm just appealing for more wisdom on this. Failing that, I might even go for the paid support option!!

Thanks,

Neil

[zetnsh]

I'm delighted to let you all know that I found the answer!

Having even gone as far as looking through the apache source tree and examining log.c (which didn't really get me anywhere) I did a load more searching on the net for this one.

Everything was pointing to an SELinux problem, but "No" I thought, it can't be - I've disabled it.

Having followed the instructions for disabling SELinux in this howto, I concluded it was indeed disabled. However, my sysadmin instinct told me otherwise, so I did a bit of poking round Fedora.

I found a file called /etc/sysconfig/selinux

On editing it, I found that the system-config-securitylevel-tui had been lying to me! Although this had worked perfectly on another server, selinux was showing as "enforcing". So, I changed the file to read as follows:

Code:

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - SELinux is fully disabled.
SELINUX=disabled
# SELINUXTYPE= type of policy in use. Possible values are:
#       targeted - Only targeted network daemons are protected.
#       strict - Full SELinux protection.
SELINUXTYPE=targeted

# SETLOCALDEFS= Check local definition changes
SETLOCALDEFS=0

I then rebooted the server for good measure, and up pops apache happy as anything.

I guess it might be worth updating the howto to reflect this too...

Just hope that helps someone else. I'll try and backlink this from the other depressed postings I made !!

Thanks for all your help and support so far,

Neil

[zetnsh]

Just another note on this post - do NOT blindly disable SELinux. Doing that may be a security risk for your system depending on how well firewalled the server's external network is. Probably best sit and work out how to configure it to do what you want.

If you are using ISPConfig however, that's fine, because this installs it's own alternate firewall in it's place.