RT on RHEL 4 with FastCGI

OK, made changes to my httpd.conf as thus:

<VirtualHost *:80>
DocumentRoot /var/www/html/

AddHandler fastcgi-script fcgi

<Directory “/opt/rt3/share/html”>
Options FollowSymLinks ExecCGI
AllowOverride None

Pass through requests to display images

Alias /NoAuth/images/ /opt/rt3/share/html/NoAuth/images/

FastCgiServer /opt/rt3/bin/mason_handler.fcgi -idle-timeout 120
ScriptAlias /rt /opt/rt3/bin/mason_handler.fcgi

And a quick change to my RT_SiteConfig.pm:
Set($WebPath , “/rt”);

Lo and behold, Apache starts now. But something is still wrong somewhere… I can serve non-RT related pages, but my error_log just keeps filling up with the same error:

[Wed Mar 16 16:54:12 2005] [crit] (13)Permission denied: FastCGI: can’t create server “/opt/rt3/bin/mason_handler.fcgi”: bind() failed [/etc/httpd/logs/fastcgi/362fab4db3d651b6d082c0358ebb4d83]

about once per second…

This leads me to believe its a permissions issue - FastCGI doesn’t have permission to create files in /etc/httpd/logs/fastcgi/ for some reason. Let’s check that:

[root]ls -la /etc/httpd/logs/
drwxrwxrwx 3 apache apache 4096 Mar 16 12:28 fastcgi

So its owned by apache, grouped by apache, and has rwx access by absolutely everyone.

Suggestions?

Lo and behold, Apache starts now. But something is still wrong somewhere… I can serve non-RT related pages, but my error_log just keeps filling up with the same error:

[Wed Mar 16 16:54:12 2005] [crit] (13)Permission denied: FastCGI: can’t create server “/opt/rt3/bin/mason_handler.fcgi”: bind() failed [/etc/httpd/logs/fastcgi/362fab4db3d651b6d082c0358ebb4d83]

about once per second…

This leads me to believe its a permissions issue - FastCGI doesn’t have permission to create files in /etc/httpd/logs/fastcgi/ for some reason. Let’s check that:

[root]ls -la /etc/httpd/logs/
drwxrwxrwx 3 apache apache 4096 Mar 16 12:28 fastcgi

So its owned by apache, grouped by apache, and has rwx access by absolutely everyone.

Do you happen to have SELINUX enabled? It adds its own permission
concepts to what you expect.

Les Mikesell
les@futuresource.com

FastCgiServer /opt/rt3/bin/mason_handler.fcgi -idle-timeout 120
ScriptAlias /rt /opt/rt3/bin/mason_handler.fcgi

And a quick change to my RT_SiteConfig.pm:
Set($WebPath , “/rt”);

Lo and behold, Apache starts now. But something is still wrong somewhere… I can serve non-RT related pages, but my error_log just keeps filling up with the same error:

[Wed Mar 16 16:54:12 2005] [crit] (13)Permission denied: FastCGI: can’t create server “/opt/rt3/bin/mason_handler.fcgi”: bind() failed [/etc/httpd/logs/fastcgi/362fab4db3d651b6d082c0358ebb4d83]

about once per second…

This leads me to believe its a permissions issue - FastCGI doesn’t have permission to create files in /etc/httpd/logs/fastcgi/ for some reason. Let’s check that:

Is apache able to access /opt/rt3/bin/mason_handler.fcgi? I stumbled
over this when installing a new instance of the WebUI with fastcgi.

Bye,

 J�rg

Do you happen to have SELINUX enabled? It adds its own permission
concepts to what you expect.

I did. A quick edit of /etc/selinux/config to change to:
SELINX=disabled

and a reboot to make it take effect. Start apache and the same error pops up in the log over and over:

[timestamp] [crit] (13)Permission denied: FastCGI: can’t create s
erver “/opt/rt3/bin/mason_handler.fcgi”: bind() failed [/etc/httpd/logs/fastcgi/
362fab4db3d651b6d082c0358ebb4d83]

sigh

So close, and yet so far…

Do you happen to have SELINUX enabled? It adds its own permission
concepts to what you expect.

I did. A quick edit of /etc/selinux/config to change to:
SELINX=disabled

and a reboot to make it take effect. Start apache and the same error pops up in the log over and over:

[timestamp] [crit] (13)Permission denied: FastCGI: can’t create s
erver “/opt/rt3/bin/mason_handler.fcgi”: bind() failed [/etc/httpd/logs/fastcgi/
362fab4db3d651b6d082c0358ebb4d83]

I found an old bug report that sounds like this problem:
http://www.fastcgi.com/archives/fastcgi-developers/2002-December/002472.html
Something about apache not liking the RH symlink setup from /etc/httpd/logs
to /var/log/httpd. Try changing the FastCgiIpcDir to an absolute path where
you know permissions are OK. Hmmm, I have:
FastCgiIpcDir /tmp/fastcgi
but don’t remember now if I was following instructions when I added that
or if I put it there to fix that same permission problem (on an FC2 install).

Les Mikesell
les@futuresource.com

The problem is most definitely with the location and permissions of the
log file in /etc/httpd/logs/fastcgi/.

For one, make sure that the entire path /var/logs/httpd (that’s where
/etc/httpd/logs points to) is world executable and world readable.

Then, make sure that the user “apache” and group “apache” have full
read-write-execute access on the fastcgi directory iteslf. If you still
have problems, just make that directory world read-write-execute…
that’ll get you running, then back off on the permissions until you are
comfortable with them.

-Rich

The problem is most definitely with the location and permissions of the
log file in /etc/httpd/logs/fastcgi/.

For one, make sure that the entire path /var/logs/httpd (that’s where
/etc/httpd/logs points to) is world executable and world readable.

An old bug report I found suggested a problem with the entry being
/etc/httpd/logs which is a symlink in RH/fedora based systems
even though /var/logs/httpd had appropriate permissions. Maybe
it relates to the Apache option FollowSymLinks in the
associated context.

Les Mikesell
les@futuresource.com

nod

I’ve been running RT under RH (and other Unix variants) for years, and,
with each upgrade and install under RH, I always bump in to the
permissions problem. It really is a pain in the rear. :frowning:

Simply changing the perms on the /var/logs/httpd/fastcgi directory and
insuring that everyone has rx permissions on /var/log/httpd allows the
FastCGI server to start up. From there, you’re up and running!

Be sure to optimize your FastCGI implementation by tweaking the
-idle-timeout and the -processes options. Common settings for those are
"-idle-timeout 120 -processes 5"… you’ll see a significant improvement
in performance.

-Rich

I’ve been running RT under RH (and other Unix variants) for years, and,
with each upgrade and install under RH, I always bump in to the
permissions problem. It really is a pain in the rear. :frowning:

Simply changing the perms on the /var/logs/httpd/fastcgi directory and
insuring that everyone has rx permissions on /var/log/httpd allows the
FastCGI server to start up. From there, you’re up and running!

Be sure to optimize your FastCGI implementation by tweaking the
-idle-timeout and the -processes options. Common settings for those are
"-idle-timeout 120 -processes 5"… you’ll see a significant improvement
in performance.

Hey, Rich: Could you plug a note on that into the appropriate spot on
the Wiki?

Cheers,
– jra
Jay R. Ashworth jra@baylink.com
Designer Baylink RFC 2100
Ashworth & Associates The Things I Think '87 e24
St Petersburg FL USA http://baylink.pitas.com +1 727 647 1274

  If you can read this... thank a system adminstrator.  Or two.  --me