[rt-users] RT 3.2.2, FastCGI, FC3

Kanwar Ranbir Sandhu m3freak at rogers.com
Sun Jan 30 19:12:02 EST 2005

Hi Everyone,

I've been running RT 3.0.9 with FastCGI on a FC1 system happily.  I'm
now moving to RT 3.2.2 with FastCGI on a FC3 system.

I've read the docs on the Wiki, and like on my FC1 server, want to run
RT with suexec.  I believe I've set up Apache correctly, however, I'm
running into a selinux problem.  

Here are the lines from the apache log:

[Sun Jan 30 18:53:31 2005] [notice] suEXEC mechanism enabled
(wrapper: /usr/sbin/suexec)
[Sun Jan 30 18:53:33 2005] [notice] Digest: generating secret for digest
authentication ...
[Sun Jan 30 18:53:33 2005] [notice] Digest: done
[Sun Jan 30 18:53:33 2005] [notice] LDAP: Built with OpenLDAP LDAP SDK
[Sun Jan 30 18:53:33 2005] [notice] LDAP: SSL support unavailable
[Sun Jan 30 18:53:33 2005] [notice] FastCGI: wrapper mechanism enabled
(wrapper: /usr/sbin/suexec)
[Sun Jan 30 18:53:33 2005] [notice] FastCGI: process manager initialized
(pid 32601)
[Sun Jan 30 18:53:33 2005] [warn] FastCGI: server
"/var/www/rt/mason_handler.fcgi" (uid 48, gid 48) started (pid 32602)
failed to open log file
fopen: Permission denied

And here's the reason why permission was denied:

avc:  denied  { write } for  pid=32659 exe=/usr/sbin/suexec name=httpd
dev=dm-5 ino=129038 scontext=root:system_r:httpd_suexec_t
tcontext=system_u:object_r:httpd_log_t tclass=dir

I'm sure I can solve this by adding the Apache user as a member of the
rt group, but I'd rather not.  I've tried changing the security context,
but that hasn't helped either (I'm not a selinux guru...I can work with
it on a basic level).

Does anyone else here have RT 3.2.2 running with FastCGI on a FC3
machine, preferably with suexec?

For good measure, the Virtualhost entry in httpd.conf:

# Request Tracker
FastCgiWrapper /usr/sbin/suexec
FastCgiIpcDir /tmp
FastCgiServer /var/www/rt/mason_handler.fcgi -idle-timeout 300 -
processes 4 -init-start-delay 5

<VirtualHost x.x.x.x:80>
     ServerName blah.blah.com
     ServerAlias blah
     ErrorLog /var/log/httpd/error_log_rt
     CustomLog /var/log/httpd/access_log_rt combined
     DocumentRoot /var/www/rt/share/html
     SuExecUserGroup root rt

     # these lines apply to Apache2+mod_fastcgi: {{{
     AddHandler fastcgi-script fcgi
     Alias /NoAuth/images/ /var/www/rt/share/html/NoAuth/images/
     ScriptAlias / /var/www/rt/mason_handler.fcgi/
     # }}}

     <Location />
             SetHandler fastcgi-script
             AddDefaultCharset UTF-8

Thanks in advance.


Kanwar Ranbir Sandhu
Linux Consultant
Systems Aligned Inc.

More information about the rt-users mailing list