3

I am having this error:

[Mon Dec 05 10:22:23 2011] [warn] mod_rewrite: Running external rewrite maps without defining a RewriteLock is DANGEROUS! [Mon Dec 05 10:22:23 2011] [error] (13)Permission denied: mod_rewrite: could not start RewriteMap program /etc/httpd/conf.d/upsell_by_id.py

This error is associated with this line : RewriteMap upsells prg:/etc/httpd/conf.d/upsell_by_id.py

I realize that this probably means that the execution user for apache cannot execute these files. How do I determine what the execution environ ment is for apache? How do I make this file upsell_by_id.py executable to apache?

I get this error when I try to run the upsell_by_id.py as apache: Traceback (most recent call last): File "/etc/httpd/conf.d/upsell_by_id.py", line 8, in <module> keyword_groups = pickle.load(open("/home/zumodo/upsell_backup/upsells.pkl", "rb" ) ) IOError: [Errno 13] Permission denied: '/home/zumodo/upsell_backup/upsells.pkl'

This is despite the fact that the file upsells.pkl appears to have all the neccessary permission:

-rwxrwxrwx. 1 skline skline 6.4M Dec 5 08:50 upsells.pkl
Improve this question
1

2 Answers 2

Reset to default
3

You actually have two errors there. The permissions one first:

Apache will need appropriate permissions in each of the directories leading up to the upsells.pkl file as well as on the file itself.

Try this to determine what permissions the directories have (note the spaces are important):

ls -ld /home/ /home/zumodo/ /home/zumodo/upsell_backup/

The Apache user will need the x permission on each of those directories. /home usually has the required permissions but it's quite common for everything in /home/* to have mode 750 (rwxr-x---) or even mode 700 (rwx------). Either of these would cause your problem. The permissions problem could easily be on the upsell_backup directory as well.

Move the upsells.pkl file to a more appropriate path (such as /var/www/) or change the permissions on the restrictive directory.

The error message about the RewriteLock is correct; not having one is dangerous.

Apache is either multi-threaded or spawns multiple children which means that any two of them can receive requests at the same time. The RewriteLock is used internally by Apache to make sure that only one child or thread is talking to the external process at a time. If you don't specify one, the output of the program can end up being mixed together, completely messing up your rewrite rules and possibly your entire server. The most likely result is that when your server gets busy you will generate a lot of 500 responses. Significantly worse results are possible.

Improve this answer
5
  • Thank you so much. i think this is it How do I change the permissions for /home /home/zumodo and /home/zumodo/upsell_backup/. I am new to all of this. Commented Dec 5, 2011 at 22:52
  • The easiest way is chmod +rx <directory>. What this does is grant read and execute permissions on <directory> for all users. A full unix file permissions tutorial will not fit in this comment but a link to one will. Commented Dec 5, 2011 at 23:02
  • I have accepted your answer because I got the command:sudo -u apache /etc/httpd/conf.d/upsell_by_id.py. Yet even though this command runs, I still get the same error when I try to start my apache server. Whe I look in the logs I also get an error related to SELINUX. Do you have any suggestions, I am really pulling my hair out. Commented Dec 5, 2011 at 23:07
  • To save your hair I would recommend changing SELinux to permissive mode until you have figured out why SELinux is blocking access. If it's a different enough error message, it might also be worthwhile asking a new question with your SELinux error message. Commented Dec 5, 2011 at 23:11
  • So here it is 11 years later and this article comes up in search results as I'm struggling with some mod_rewrite issues... so I figured it was worth dropping this hint here in the thread... Commented Aug 10, 2022 at 15:32
1

For time being disable RewriteMap upsells line and see if apache starts or not. If it starts check user running apache.

Run following command.

ps axho user,comm|grep -E "httpd|apache"|uniq|grep -v "root"|awk 'END {print $1}'

This command will give you user running apache server. Then check ownership and permissions of the file. I think the file should be executable for the user running apache/httpd process.

Then by using following command set appropriate permissions and ownership of the file.

chown root.apache /etc/httpd/conf.d/upsell_by_id.py

chmod +x /etc/httpd/conf.d/upsell_by_id.py

Improve this answer
11
  • skline 1900 1809 0 13:12 pts/0 00:00:00 grep --color=auto httpd. However, I can run this file as skline. What could be the problem? Commented Dec 5, 2011 at 21:14
  • What you pasted is your grep process not an httpd process Commented Dec 5, 2011 at 21:19
  • @Peter please check the updated answer. Commented Dec 5, 2011 at 21:22
  • 3
    It is not appropriate for the apache user to own its configuration files, since it shouldn't be able to write to them. Commented Dec 5, 2011 at 21:51
  • 2
    What is the output of sudo -u apache /etc/httpd/conf.d/upsell_by_id.py? Commented Dec 5, 2011 at 21:54

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.