Apache Server: Editing httpd.conf file (permission denied)

Question

So I just recently downloaded Apache server with all of its files (httpd, apr, apr-util, pcre) following the instructions dictated here: http://httpd.apache.org/docs/2.4/install.html

However, after set-up, when I tried to start my Apache server, which is located in my usr/local/bin/, I was prompted with this message:

[allen@allen-lnx ~]$ /usr/local/bin/apachectl start
(13)Permission denied: AH00091: httpd: could not open error log file /usr/local/logs/error_log.
AH00015: Unable to open logs

After some research, I have found that I need to edit my httpd.conf file, which I did so earlier to allow for the correct ServerName and Listen options. However, I am unsure as to how to edit my conf file to allow for access to the "logs" directory.

Notably, the command will run when I use the "sudo" command, but I would prefer to not always use that since it seems like a work around.

Any help would appreciated. Thanks!

Edit: I've actually noticed that I may have two httpd.conf files, which is proving to be a little troublesome. The other one is located in my root /etc/ directory (etc/httpd/conf/httpd.conf). I think my modified question now is... which one should I be keeping? Is the /etc/ version the one that is built in, as indicated by faff's comment below?

Current Solution: I figured I would just accept the fact that I need to use sudo when editing this file since I need to be root. I might change it later so that I'm always running as root, but for now, sudo will suffice.

Answer 1

For those who are stuck with the SElinux policies, I was able to do it by creating a custom policy

Basically I wanted to move the /var/log/httpd to my own directory under /r/

So I run the following

semanage fcontext -a -t httpd_sys_content_t "/r/www(/.*)?"
semanage fcontext -a -t httpd_log_t "/r/logs(/.*)?"

restorecon -Rv /z/logs/
restorecon -Rv /z/www/

service httpd restart
# worked

Answer 2

Changing SELinux security policy to permissive fixed my problem.

Before fix my SELinux worked with enforced mode:

$ sestatus -v
sestatus -v
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      30

I changed security policy in SELinux configuration file and in the system.

#/etc/selinux/config
SELINUX=permissive

# In terminal set SELinux to run in permissive mode.
$ setenforce 0

After fix my SELinux worked with enforced mode:

$ sestatus -v
SELinux status:                 enabled
Current mode:                   permissive
Mode from config file:          permissive
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      30

Answer 3

For everyone that is using SELinux, if you deleted the folder or come across similar problems you may need to do several things.

Re-link the folder with ln -s /var/log/httpd /etc/httpd/logs By default logs are kept under the var folder but are referenced in the /etc/httpd/logs folder

Apply SELinux security permissions with chcon system_u:object_r:httpd_config_t:s0 /etc/httpd/logs

And of course run everything as admin

Answer 4

This looks like an issue with he filesystem permissions. Make sure the /usr/local/logs/ directory exists and is writeable by the user you're running Apache as.

If you don't want to have your logs directory writeable by normal user, you can create the log file:

sudo touch /usr/local/logs/error_log

And then change the owner of the file to the correct user:

sudo chown allen /usr/local/logs/error_log

Assuming you want to run Apache as the user allen.

If you want to change the location of Apache logfile, look for the ErrorLog directive in your httpd.conf file (you will have to add it if it's not there):

ErrorLog path/to/logfile