[rt-users] RT 3.2.2, FastCGI, FC3
Kanwar Ranbir Sandhu
m3freak at rogers.com
Sun Jan 30 19:12:02 EST 2005
Hi Everyone,
I've been running RT 3.0.9 with FastCGI on a FC1 system happily. I'm
now moving to RT 3.2.2 with FastCGI on a FC3 system.
I've read the docs on the Wiki, and like on my FC1 server, want to run
RT with suexec. I believe I've set up Apache correctly, however, I'm
running into a selinux problem.
Here are the lines from the apache log:
[Sun Jan 30 18:53:31 2005] [notice] suEXEC mechanism enabled
(wrapper: /usr/sbin/suexec)
[Sun Jan 30 18:53:33 2005] [notice] Digest: generating secret for digest
authentication ...
[Sun Jan 30 18:53:33 2005] [notice] Digest: done
[Sun Jan 30 18:53:33 2005] [notice] LDAP: Built with OpenLDAP LDAP SDK
[Sun Jan 30 18:53:33 2005] [notice] LDAP: SSL support unavailable
[Sun Jan 30 18:53:33 2005] [notice] FastCGI: wrapper mechanism enabled
(wrapper: /usr/sbin/suexec)
[Sun Jan 30 18:53:33 2005] [notice] FastCGI: process manager initialized
(pid 32601)
[Sun Jan 30 18:53:33 2005] [warn] FastCGI: server
"/var/www/rt/mason_handler.fcgi" (uid 48, gid 48) started (pid 32602)
failed to open log file
fopen: Permission denied
And here's the reason why permission was denied:
avc: denied { write } for pid=32659 exe=/usr/sbin/suexec name=httpd
dev=dm-5 ino=129038 scontext=root:system_r:httpd_suexec_t
tcontext=system_u:object_r:httpd_log_t tclass=dir
I'm sure I can solve this by adding the Apache user as a member of the
rt group, but I'd rather not. I've tried changing the security context,
but that hasn't helped either (I'm not a selinux guru...I can work with
it on a basic level).
Does anyone else here have RT 3.2.2 running with FastCGI on a FC3
machine, preferably with suexec?
For good measure, the Virtualhost entry in httpd.conf:
# Request Tracker
FastCgiWrapper /usr/sbin/suexec
FastCgiIpcDir /tmp
FastCgiServer /var/www/rt/mason_handler.fcgi -idle-timeout 300 -
processes 4 -init-start-delay 5
<VirtualHost x.x.x.x:80>
ServerName blah.blah.com
ServerAlias blah
ErrorLog /var/log/httpd/error_log_rt
CustomLog /var/log/httpd/access_log_rt combined
DocumentRoot /var/www/rt/share/html
SuExecUserGroup root rt
# these lines apply to Apache2+mod_fastcgi: {{{
AddHandler fastcgi-script fcgi
Alias /NoAuth/images/ /var/www/rt/share/html/NoAuth/images/
ScriptAlias / /var/www/rt/mason_handler.fcgi/
# }}}
<Location />
SetHandler fastcgi-script
AddDefaultCharset UTF-8
</Location>
</VirtualHost>
Thanks in advance.
Regards,
Ranbir
--
Kanwar Ranbir Sandhu
Linux Consultant
Systems Aligned Inc.
www.systemsaligned.com
More information about the rt-users
mailing list