Security – CentOS apache startup config file security error

apache-2.2centos6configurationSecurity

I am setting up a NetDisco machine on CentOS, which entails adding an include to the apache httpd.conf file.

When I start apache by running "httpd" from a root command prompt, the process launches.

When I try start apache by running "service httpd start", I get the following output:

Starting httpd: httpd: Syntax error on line 1010 of /etc/httpd/conf/httpd.conf: 
Could not open configuration file /usr/local/netdisco/netdisco_apache.conf: 
Permission denied
                                                                  [FAILED]

That file has these permissions:

-rw-r--r--. 1 root root  1798 Apr 22 18:46 netdisco_apache.conf

And httpd.conf has these permissions:

-rw-r--r--. 1 root root 34520 Apr 22 17:06 httpd.conf

What gives, surely a file with the EXACT same permissions should be accessible to the apache service?

Best Answer

Try checking the permissions on the folder that contains netdisco_apache.conf

You are right Apache should be able to access the file as it has the same permissions, but it might not be able to access the folder it is contained in.

If you don't want to change folder permissions, just move netdisco_apache.conf to the /etc/httpd/conf directory (remember to update the reference to it in the /etc/httpd/conf/httpd.conf file if you do that.)

Related Solutions

Compiling Apache mod_ssl for different target hardware (hardware capability unsupported SSE2 error)

Here are the steps that I have done to successfully build and install the Apache httpd-2.4.10 and OpenSSL openssl-1.0.1j on Solaris 10.

Download following software
openssl-1.0.1j.tar.gz
httpd-2.4.10.tar.gz
apr-1.5.1.tar.gz
apr-util-1.5.4.tar.gz
pcre-8.36.tar.gz
Verify Make and CC
By default gcc is at /usr/sfw/bin/gcc and make is at /usr/ccs/bin/make

Include following in the PATH
usr/local/ssl/bin:/usr/sfw/bin:/usr/local/bin:/usr/ccs/bin

Include following in the LD_LIBRARY_PATH
/usr/local/lib:/usr/local/ssl/lib
Build and install openssl-1.0.1j
Unzip and un-tar openssl-1.0.1j.tar.gz to /usr/local/openssl-1.0.1j
Execute following commands in order. The shared parameter is very important so that it can be linked with httpd-2.4.10 build for SSL enabling.
```
$ cd /usr/local/openssl-1.0.1j
$ ./config shared
$ make
$ make test
$ make install
```
By default it installs openssl at /usr/local/ssl
Install pcre-8.36 Unzip and un-tar pcre-8.36.tar.gz to /usr/local/ pcre-8.36

Execute following commands in order
```
$ cd /usr/local/ pcre-8.36
$ ./configure 
$ make
$ make install
```
By default, make install installs the package's commands under /usr/local/bin, include files under /usr/local/include, etc.
Build and install httpd-2.4.10

Unzip and un-tar httpd-2.4.10.tar.gz to /usr/local/httpd-2.4.10

Unzip and un-tar apr-1.5.1.tar.gz to /usr/local/httpd-2.4.10/srclib
Rename /usr/local/apr-1.5.1 to /usr/local/apr

Unzip and un-tar apr-util-1.5.4.tar.gz to /usr/local/httpd-2.4.10/srclib
Rename /usr/local/apr-util to /usr/local/apr-util

Execute following commands in order
```
$ ./configure --prefix=/usr/local/apache2 --with-included-apr --enable-so –enable-ssl=shared --with-ssl=/usr/local/ssl
$ make
$ make install
```
It installs it at /usr/local/apache2

The installation is complete. To enable SSL and Proxy, update /usr/local/apache2/conf/httpd.conf with uncommentting following lines

LoadModule socache_shmcb_module modules/mod_socache_shmcb.so

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_express_module modules/mod_proxy_express.so

LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
LoadModule ssl_module modules/mod_ssl.so

Include conf/extra/httpd-ssl.conf

Now you can work on httpd-ssl.conf as you usually do to complete your configuration

Linux – Can’t start apache in linux, because of proxy module

Make sure there is a line to load proxy_module in httpd.conf:

LoadModule proxy_module modules/mod_proxy.so

And make sure that that file exist and has reasonable permissions.

Best Answer

Related Solutions

Compiling Apache mod_ssl for different target hardware (hardware capability unsupported SSE2 error)

Linux – Can’t start apache in linux, because of proxy module

Related Topic