Tags:
create new tag
, view all tags

SID-02311: Group write permission to /twiki/ - not working

Status: Answered Answered TWiki version: 5.1.0 Perl version: 5.16.3
Category: CategoryInstallation Server OS: Amazon Linux Last update: 1 hour ago

I am moving twiki from an old CentOS server to a new one. I am getting 500 Internal Server Errors on both http://twiki.domain.com/bin/configure and http://twiki.domain.com/bin/view. I know that this is because of read/write permission needed by apache on /twiki/ and I know I can fix this by chown -R apache:apache /twiki/.

What I want to do instead is make apache part of a group (www) and give that group read/write access. Can anyone please help me in figuring out how to do that?

This is what I have done so far;

1. Added apache to www: sudo usermod -a -G www apache [ec2-user@ip- ~]$ getent group www www:x:501:ec2-user,apache

2. Change ownership to apache: sudo chown -R apache /var/www

3. Change group ownership to www: sudo chgrp -R www /var/www

4. Changed directory permissions: sudo chmod 2775 /var/www

find /var/www -type d -exec sudo chmod 2775 {} \;

find /var/www -type f -exec sudo chmod 0664 {} \;

End result;

[ec2-user@ip-xxtwiki]$ ll
total 456
-rw-rw-r-- 1 apache www 13440 Dec 1 2015 AUTHORS
drwxrwsr-x 3 apache www 4096 Dec 2 2015 bin
-rw-rw-r-- 1 apache www 331 Dec 1 2015 COPYING
-rw-rw-r-- 1 apache www 354 Dec 1 2015 COPYRIGHT
drwxrwsr-x 9 apache www 4096 Apr 14 07:31 data
-rw-rw-r-- 1 apache www 370070 Dec 2 2015 favicon.ico
-rw-rw-r-- 1 apache www 2159 Dec 1 2015 index.html
drwxrwsr-x 5 apache www 4096 Dec 1 2015 lib
-rw-rw-r-- 1 apache www 19157 Dec 1 2015 LICENSE
drwxrwsr-x 2 apache www 4096 Dec 1 2015 locale
drwxrwsr-x 2 apache www 4096 Dec 1 2015 misc
drwxrwsr-x 8 apache www 4096 Dec 2 2015 pub
-rw-rw-r-- 1 apache www 3350 Dec 1 2015 README.txt
-rw-rw-r-- 1 apache www 25 Dec 4 2015 robots.txt
drwxrwsr-x 2 apache www 4096 Dec 1 2015 templates
drwxrwsr-x 2 apache www 4096 Dec 1 2015 tools
drwxrwsr-x 5 apache www 4096 Dec 1 2015 working

What the error log says:

[Fri Apr 14 07:46:24.593063 2017] [cgi:error] [pid 568] [client xxx.39:50176] End of script output before headers: view
[Fri Apr 14 07:47:09.390231 2017] [cgi:error] [pid 565] [client xxx:50186] AH01215: (13)Permission denied: exec of '/var/www/html/twiki/bin/view' failed: /var/www/html/twiki/bin/view
[Fri Apr 14 07:47:09.390623 2017] [cgi:error] [pid 565] [client xxx:50186] End of script output before headers: view
[Fri Apr 14 07:47:12.176035 2017] [cgi:error] [pid 566] [client xxx:50185] AH01215: (13)Permission denied: exec of '/var/www/html/twiki/bin/configure' failed: /var/www/html/twiki/bin/configure

-- Waqas Tariq - 2017-04-14

Discussion and Answer


I am not familiar with CentOS, but there's a hint in your log:

  • find /var/www -type f -exec sudo chmod 0664 {} \;
With this command you effectively remove the execution rights from your scripts in var/www/bin, so Apache will not accept them as executable. Try sudo chmod +x /var/www/bin/*.

-- Harald Jörg - 2017-04-14

@HaraldJoerg I ran the command: sudo chmod +x /var/www/html/twiki/bin/* Here is what it did:

[ec2-user@ip-xxxx twiki]$ ll
total 456
-rw-r--r-- 1 ec2-user www 13440 Dec 1 2015 AUTHORS
drwxr-sr-x 3 ec2-user www 4096 Dec 2 2015 bin
-rw-r--r-- 1 ec2-user www 331 Dec 1 2015 COPYING
-rw-r--r-- 1 ec2-user www 354 Dec 1 2015 COPYRIGHT
drwxr-sr-x 9 ec2-user www 4096 Apr 4 11:35 data
-rw-r--r-- 1 ec2-user www 370070 Dec 2 2015 favicon.ico
-rw-r--r-- 1 ec2-user www 2159 Dec 1 2015 index.html
drwxr-sr-x 5 ec2-user www 4096 Dec 1 2015 lib
-rw-r--r-- 1 ec2-user www 19157 Dec 1 2015 LICENSE
drwxr-sr-x 2 ec2-user www 4096 Dec 1 2015 locale
drwxr-sr-x 2 ec2-user www 4096 Dec 1 2015 misc
drwxr-sr-x 8 ec2-user www 4096 Dec 2 2015 pub
-rw-r--r-- 1 ec2-user www 3350 Dec 1 2015 README.txt
-rw-r--r-- 1 ec2-user www 25 Dec 4 2015 robots.txt
drwxr-sr-x 2 ec2-user www 4096 Dec 1 2015 templates
drwxr-sr-x 2 ec2-user www 4096 Dec 1 2015 tools
drwxr-sr-x 5 ec2-user www 4096 Dec 1 2015 working

On /bin/configure I also see 3 errors relating to: Error: /var/www/html/twiki/data/ is not writable

-- Waqas Tariq - 2017-04-14

If you compare your outputs, you'll see that this is indeed the case: data is no longer writable by the group (but it was on your first listing), and it does no longer belong to apache (instead, it now belongs to ec2-user).

-- Harald Jörg - 2017-04-14

Duh! I did the entire thing and above was the result.

I redid it again and now I only see a white page at /bin/login/Main/WebHome?origurl=/bin/view

[root@ip- twiki]# ll
total 456
-rw-r--r-- 1 apache apache 13440 Dec 1 2015 AUTHORS
drwxr-sr-x 3 apache apache 4096 Dec 2 2015 bin
-rw-r--r-- 1 apache apache 331 Dec 1 2015 COPYING
-rw-r--r-- 1 apache apache 354 Dec 1 2015 COPYRIGHT
drwxr-sr-x 9 apache apache 4096 Apr 17 17:57 data
-rw-r--r-- 1 apache apache 370070 Dec 2 2015 favicon.ico
-rw-r--r-- 1 apache apache 2159 Dec 1 2015 index.html
drwxr-sr-x 5 apache apache 4096 Dec 1 2015 lib
-rw-r--r-- 1 apache apache 19157 Dec 1 2015 LICENSE
drwxr-sr-x 2 apache apache 4096 Dec 1 2015 locale
drwxr-sr-x 2 apache apache 4096 Dec 1 2015 misc
drwxr-sr-x 8 apache apache 4096 Dec 2 2015 pub
-rw-r--r-- 1 apache apache 3350 Dec 1 2015 README.txt
-rw-r--r-- 1 apache apache 25 Dec 4 2015 robots.txt
drwxr-sr-x 2 apache apache 4096 Dec 1 2015 templates
drwxr-sr-x 2 apache apache 4096 Dec 1 2015 tools
drwxr-sr-x 5 apache apache 4096 Dec 1 2015 working

The error log:
[Mon Apr 17 17:53:52.636275 2017] [cgi:error] [pid 21837] [client 159.my.ip:57112] AH01215: [Mon Apr 17 17:53:52 2017] configure: Unquoted string "useful" may clash with future reserved word at /var/www/html/twiki/lib/TWiki/Plugins/WatchlistPlugin/Config.spec line 34, <DATA> line 1.: /var/www/html/twiki/bin/configure, referer: https://twiki.my-domain/bin/configure?t=1492451055
[Mon Apr 17 17:53:52.755603 2017] [cgi:error] [pid 21837] [client 159.my.ip:57112] AH01215: [Mon Apr 17 17:53:52 2017] configure: defined(%hash) is deprecated at /var/www/html/twiki/lib/CPAN/lib//Locale/Maketext/Lexicon.pm line 286.: /var/www/html/twiki/bin/configure, referer: https://twiki.my-domain/bin/configure?t=1492451055
[Mon Apr 17 17:53:52.755716 2017] [cgi:error] [pid 21837] [client 159.my.ip:57112] AH01215: [Mon Apr 17 17:53:52 2017] configure: \t(Maybe you should just omit the defined()?): /var/www/html/twiki/bin/configure, referer: https://twiki.my-domain/bin/configure?t=1492451055
[Mon Apr 17 17:57:38.082797 2017] [cgi:error] [pid 21835] [client 159.my.ip:57132] AH01215: [Mon Apr 17 17:57:38 2017] configure: Unquoted string "useful" may clash with future reserved word at /var/www/html/twiki/lib/TWiki/Plugins/WatchlistPlugin/Config.spec line 34, <DATA> line 1.: /var/www/html/twiki/bin/configure, referer: https://twiki.my-domain/bin/configure?t=1492451055
[Mon Apr 17 17:57:38.202374 2017] [cgi:error] [pid 21835] [client 159.my.ip:57132] AH01215: [Mon Apr 17 17:57:38 2017] configure: defined(%hash) is deprecated at /var/www/html/twiki/lib/CPAN/lib//Locale/Maketext/Lexicon.pm line 286.: /var/www/html/twiki/bin/configure, referer: https://twiki.my-domain/bin/configure?t=1492451055
[Mon Apr 17 17:57:38.202484 2017] [cgi:error] [pid 21835] [client 159.my.ip:57132] AH01215: [Mon Apr 17 17:57:38 2017] configure: \t(Maybe you should just omit the defined()?): /var/www/html/twiki/bin/configure, referer: https://twiki.my-domain/bin/configure?t=1492451055

-- Waqas Tariq - 2017-04-17

I was able to fix the issues by going through https://twiki.processmodel.com/bin/configure and fixing {TemplatePath}, {MimeTypesFileName} and {Htpasswd}{FileName}. I am now able to load and view the site (mostly).

Now the issue is that the images and css files wont load. I get a 403 forbidden message like; Forbidden: You don't have permission to access /pub/TWiki/TWikiDocGraphics/menu-down.gif on this server. Forbidden: You don't have permission to access /pub/TWiki/JQueryPlugin/jquery-all.css on this server.

What do I need to do?

-- Waqas Tariq - 2017-04-17

That looks like a mismatch between your TWiki configuration and your Apache configuration. The warnings from your error log are annoying but harmless. In this errpr log, please check the lines corresponding to the 403 error codes: Apache should write the directory where access was not granted. Then check whether this directory matches your {PubDir} and whether {PubUrlPath} matches /pub. These two configuration variables need to show up in an Alias directive of the Apache configuration.

-- Harald Jörg - 2017-04-17

Thank you, I went into the error logs and it said that it could not find FollowSymLinks so it was denying access for protection. I went to /etc/httpd/conf.d/ssl.conf (where I copied my ApacheConfig code). It looked like this;

<Directory "/var/www/html/twiki/pub">
# Options None
Options FollowSymLinks MultiViews
AllowOverride None
Require all granted
Deny from env=blockAccess

# Disable execusion of PHP scripts
php_admin_flag engine off

# This line will redefine the mime type for the most common types of scripts
AddType text/plain .shtml .php .php3 .phtml .phtm .pl .py .cgi
</Directory>

I commented Options None and added Options FollowSymLinks MultiViews. This worked for me. Why would ApacheConfigGenerator set Options None to /pub?

Though now the twiki is working fine and I was able to create a backup using the BackupRestoreConsole. Now the issue is that I am unable to edit the documents. Here is what I get;

On webpage on edit;

TWiki detected an internal error - please check your TWiki logs and webserver logs for more information.

Can't locate HTMLpath in @INC (@INC contains: path . path path path path path path path path-linux-thread-multi path path)

Error log;

AH01215: Can't locate HTML/Entities.pm in @INC (@INC contains: /var/www/html/twiki/lib . /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 /var/www/html/twiki/lib/CPAN/lib//arch /var/www/html/twiki/lib/CPAN/lib//5.16.3/x86_64-linux-thread-multi /var/www/html/twiki/lib/CPAN/lib//5.16.3 /var/www/html/twiki/lib/CPAN/lib/) at /var/www/html/twiki/lib/TWiki/Plugins/WysiwygPlugin/Constants.pm line 28.: /var/www/html/twiki/bin/edit, referer: https://twiki.domain-name.com/bin/view/home/home123
AH01215: BEGIN failed--compilation aborted at /var/www/html/twiki/lib/TWiki/Plugins/WysiwygPlugin/Constants.pm line 28.: /var/www/html/twiki/bin/edit, referer: https://twiki.domain-name.com/bin/view/home/home123
Compilation failed in require at /var/www/html/twiki/lib/TWiki/Plugins/WysiwygPlugin/Handlers.pm line 38.: /var/www/html/twiki/bin/edit, referer: https://twiki.domain-name.com/bin/view/home/home123
BEGIN failed--compilation aborted at /var/www/html/twiki/lib/TWiki/Plugins/WysiwygPlugin/Handlers.pm line 38.: /var/www/html/twiki/bin/edit, referer: https://twiki.domain-name.com/bin/view/home/home123
Compilation failed in require at /var/www/html/twiki/lib/TWiki/Plugins/WysiwygPlugin.pm line 102.: /var/www/html/twiki/bin/edit, referer: https://twiki.domain-name.com/bin/view/home/home123

I think I am missing some PERL extension here? What should I do to fix this?

-- Waqas Tariq - 2017-04-17

  • Why would ApacheConfigGenerator set Options None to /pub? - FollowSymLinks is only needed if your pub directory is a symlink which usually isn't the case. I'm glad that the error log pointed you into the correct direction.
  • I think I am missing some PERL extension here? What should I do to fix this? - That's true: For WYSIWYG editing you need to install the Perl module HTML::Parser. We can't include this in TWiki because HTML::Entities contains a component which needs to be compiled, it depends on the platform. I am not familiar with Amazon Linux, but the package you need to install is probably named perl-HTML-Parser (as in Red Hat or SUSE Linux) or =libhtml-parser-perl (as in Debian or Ubuntu).
As far as I know Amazon doesn't offer the development environment needed to install directly from CPAN. BTW: Raw editing works without this module!

-- Harald Jörg - 2017-04-18

Thank you @HaraldJoerg you are a lifesaver! I appreciate all the help you have provided me in good will.

The following fixed the issue;

sudo yum install perl-HTML-Parser

Thank you again

-- Waqas Tariq - 2017-04-18

      Change status to:

ALERT! If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.
SupportForm
Status Answered
Title Group write permission to /twiki/ - not working
SupportCategory CategoryInstallation
TWiki version 5.1.0
Server OS Amazon Linux
Web server Apache/2.4.25 (Amazon)
Perl version 5.16.3
Browser & version Chrome 57.0.2987.133
Edit | Attach | Watch | Print version | History: r9 < r8 < r7 < r6 < r5 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r9 - 2017-04-18 - WaqasTariq
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.