Bugzilla Apache Error (Permission denied at Bugzilla/Util.pm)

[RangaRajan N]

Apache - Version 2.4

OS : RHEL 7

Database " Postgresql 11


First error: undef error - Error in tempfile() using template data/assets/.tmp.XXXXXXXXXX: Could not create temp file data/assets/.tmp.nNhvqZmzrf: Permission denied at Bugzilla/Util.pm line 125.
Second error: undef error - Error in tempfile() using template data/assets/.tmp.XXXXXXXXXX: Could not create temp file data/assets/.tmp.8HMLUfG65m: Permission denied at Bugzilla/Util.pm line 125.

[Thorsten Schöning]

Guten Tag RangaRajan N,
am Donnerstag, 7. Januar 2021 um 10:29 schrieben Sie:

> First error: undef error - Error in tempfile() using template
> data/assets/.tmp.XXXXXXXXXX: Could not create temp file
> data/assets/.tmp.nNhvqZmzrf: Permission denied at Bugzilla/Util.pm line 125.
> Second error: undef error - Error in tempfile() using template
> data/assets/.tmp.XXXXXXXXXX: Could not create temp file
> data/assets/.tmp.8HMLUfG65m: Permission denied at Bugzilla/Util.pm line 125.

Your configuration of "localconfig" regarding web server user and
group is most likely wrong. Checksetup sets permissions according to
that config, so you need to provide more details which user runs your
web server, what you have configured in the file, how permissions,
ownership etc. look in the file system of the dirs of the error
message right now etc.

Mit freundlichen Grüßen,

Thorsten Schöning

--
Thorsten Schöning
AM-SoFT IT-Service - Bitstore Hameln GmbH

E-Mail: Thorsten....@AM-SoFT.de
Web: http://www.AM-SoFT.de/

Telefon: 05151- 9468-55
Fax: 05151- 9468-88
Mobil: 0178-8 9468-04

Firmensitz: Bitstore IT-Consulting, Frankfurter Allee 285, 10317 Berlin
Steuernummer 037/230/30566, HR 27198, Amtsgericht Potsdam Geschäftsführer Janine Galonska

[RangaRajan N]

Thanks.
localconfig file has below details :

user: root
Group : apache

and also i have run ./checkserver.pl to set the permissions.

and all the files are own by root:apache .

[RangaRajan N]

No errors in the installation of bugzilla or when configuring

[Emmanuel Seyman]

* RangaRajan N [07/01/2021 01:29] :

>
> First error: undef error - Error in tempfile() using template data/assets/.tmp.XXXXXXXXXX: Could not create temp file data/assets/.tmp.nNhvqZmzrf: Permission denied at Bugzilla/Util.pm line 125.

Are you running checksetup.pl as root or another user?
What are the permissions on the data/assets directory?

Emmanuel

[Thorsten Schöning]

Guten Tag RangaRajan N,
am Donnerstag, 7. Januar 2021 um 10:53 schrieben Sie:

> and all the files are own by root:apache .

Because that is what checksetup.pl sets because of your configuration.
Make sure that "apache" REALLY is the group used by your web server
and your config of Bugzilla in that, keep in mind that the server
might be configured to spawn additional processes with different group
memberships. Thing of FastCGI, SuexecUserGroup and stuff like that.

Additionally look at the concretely mentioned subdir "data/assets",
that permissions of that are correct as well. Check if you are using
AppArmor or SELinux and if those might prevent your web server from
writing.

In general OWNERSHIP of the directories is only one part PERMISSIONS
for users and groups are the other. Telling us about OWNERSHIP only
doesn't help too much, when PERMISSIONS in "data/assets" might be
wrong.

[RangaRajan N]

[Thu Jan 07 08:22:03.920097 2021] [lbmethod_heartbeat:notice] [pid 3224] AH02282: No slotmem from mod_heartmonitor

[Thu Jan 07 08:22:04.069715 2021] [mpm_prefork:notice] [pid 3224] AH00163: Apache/2.4.6 () mod_perl/2.0.11 Perl/v5.16.3 configured -- resuming normal operations

[Thu Jan 07 08:22:04.069802 2021] [core:notice] [pid 3224] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'

[Thu Jan 07 08:56:48.743896 2021] [autoindex:error] [pid 3281] [client 49.207.142.253:48726] AH01276: Cannot serve directory /var/www/html/: No matching DirectoryIndex (index.html,index.php) found, and server-generated directory index forbidden by Options directive

[Thu Jan 07 09:49:06.281968 2021] [mpm_prefork:notice] [pid 3224] AH00170: caught SIGWINCH, shutting down gracefully

[Thu Jan 07 09:49:12.973463 2021] [core:notice] [pid 30687] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0

[Thu Jan 07 09:49:12.984381 2021] [suexec:notice] [pid 30687] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)

[Thu Jan 07 09:49:13.212141 2021] [lbmethod_heartbeat:notice] [pid 30687] AH02282: No slotmem from mod_heartmonitor

[Thu Jan 07 09:49:13.295106 2021] [mpm_prefork:notice] [pid 30687] AH00163: Apache/2.4.6 () mod_perl/2.0.11 Perl/v5.16.3 configured -- resuming normal operations

[Thu Jan 07 09:49:13.295174 2021] [core:notice] [pid 30687] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'


drwxr-x---. 16 root apache 4096 Jan 6 19:16 bugzilla



-rwxr-x---. 1 root apache 1465 Apr 18 2019 xmlrpc.cgi

-rwxr-x---. 1 root apache 21779 Apr 18 2019 whine.pl

-rwxr-x---. 1 root apache 2349 Apr 18 2019 whineatnews.pl

-rwxr-x---. 1 root apache 1143 Apr 18 2019 votes.cgi

-rwxr-x---. 1 root apache 20885 Apr 18 2019 userprefs.cgi

-rwxr-x---. 1 root apache 10600 Apr 18 2019 token.cgi

-rwxr-x---. 1 root apache 7752 Apr 18 2019 testserver.pl

-rwxr-x---. 1 root apache 631 Apr 18 2019 testagent.cgi

-rw-------. 1 root apache 7033 Apr 18 2019 taskgraph.json

-rwxr-x---. 1 root apache 11006 Apr 18 2019 summarize_time.cgi

-rwxr-x---. 1 root apache 4606 Apr 18 2019 showdependencytree.cgi

-rwxr-x---. 1 root apache 10510 Apr 18 2019 showdependencygraph.cgi

-rwxr-x---. 1 root apache 3691 Apr 18 2019 show_bug.cgi

-rwxr-x---. 1 root apache 1580 Apr 18 2019 show_activity.cgi

-rwxr-x---. 1 root apache 960 Apr 18 2019 search_plugin.cgi

-rwxr-x---. 1 root apache 2639 Apr 18 2019 sanitycheck.pl

-rwxr-x---. 1 root apache 34769 Apr 18 2019 sanitycheck.cgi

-rwx------. 1 root apache 646 Apr 18 2019 runtests.pl

-rw-r-----. 1 root apache 44 Apr 18 2019 robots.txt

-rwxr-x---. 1 root apache 871 Apr 18 2019 rest.cgi

-rwxr-x---. 1 root apache 13592 Apr 18 2019 request.cgi

-rwxr-x---. 1 root apache 6238 Apr 18 2019 reports.cgi

-rwxr-x---. 1 root apache 14276 Apr 18 2019 report.cgi

-rwxr-x---. 1 root apache 6900 Apr 18 2019 relogin.cgi

-rw-------. 1 root apache 1541 Apr 18 2019 README

-rwxr-x---. 1 root apache 4440 Apr 18 2019 quips.cgi

-rwxr-x---. 1 root apache 9428 Apr 18 2019 query.cgi

-rwxr-x---. 1 root apache 14537 Apr 18 2019 process_bug.cgi

-rwxr-x---. 1 root apache 7136 Apr 18 2019 post_bug.cgi

-rwxr-x---. 1 root apache 2404 Apr 18 2019 page.cgi

-rw-r-----. 1 root apache 5373 Apr 18 2019 mod_perl.pl

-rwx------. 1 root apache 2834 Apr 18 2019 migrate.pl

-rw-------. 1 root apache 1105 Apr 18 2019 MANIFEST.SKIP

-rw-------. 1 root apache 16726 Apr 18 2019 LICENSE

-rwxr-x---. 1 root apache 850 Apr 18 2019 jsonrpc.cgi

-rwx------. 1 root apache 2664 Apr 18 2019 jobqueue.pl

-rwx------. 1 root apache 4318 Apr 18 2019 install-module.pl

-rwxr-x---. 1 root apache 2171 Apr 18 2019 index.cgi

-rwxr-x---. 1 root apache 44937 Apr 18 2019 importxml.pl

-rwxr-x---. 1 root apache 12532 Apr 18 2019 enter_bug.cgi

-rwxr-x---. 1 root apache 20646 Apr 18 2019 email_in.pl

-rwxr-x---. 1 root apache 4411 Apr 18 2019 editworkflow.cgi

-rwxr-x---. 1 root apache 13744 Apr 18 2019 editwhines.cgi

-rwxr-x---. 1 root apache 5545 Apr 18 2019 editversions.cgi

-rwxr-x---. 1 root apache 5122 Apr 18 2019 editvalues.cgi

-rwxr-x---. 1 root apache 26625 Apr 18 2019 editusers.cgi

-rwxr-x---. 1 root apache 2028 Apr 18 2019 editsettings.cgi

-rwxr-x---. 1 root apache 13905 Apr 18 2019 editproducts.cgi

-rwxr-x---. 1 root apache 4791 Apr 18 2019 editparams.cgi

-rwxr-x---. 1 root apache 6101 Apr 18 2019 editmilestones.cgi

-rwxr-x---. 1 root apache 4094 Apr 18 2019 editkeywords.cgi

-rwxr-x---. 1 root apache 13988 Apr 18 2019 editgroups.cgi

-rwxr-x---. 1 root apache 19196 Apr 18 2019 editflagtypes.cgi

-rwxr-x---. 1 root apache 5754 Apr 18 2019 editfields.cgi

-rwxr-x---. 1 root apache 7148 Apr 18 2019 editcomponents.cgi

-rwxr-x---. 1 root apache 6132 Apr 18 2019 editclassifications.cgi

-rwxr-x---. 1 root apache 7638 Apr 18 2019 duplicates.cgi

-rwxr-x---. 1 root apache 898 Apr 18 2019 describekeywords.cgi

-rwxr-x---. 1 root apache 2548 Apr 18 2019 describecomponents.cgi

-rwxr-x---. 1 root apache 1506 Apr 18 2019 createaccount.cgi

-rwxr-x---. 1 root apache 4849 Apr 18 2019 config.cgi

-rwxr-x---. 1 root apache 16762 Apr 18 2019 collectstats.pl

-rwxr-x---. 1 root apache 5332 Apr 18 2019 colchange.cgi

-rwxr-x---. 1 root apache 949 Apr 18 2019 clean-bug-user-last-visit.pl

-rwx------. 1 root apache 15537 Apr 18 2019 checksetup.pl

-rwxr-x---. 1 root apache 10952 Apr 18 2019 chart.cgi

-rw-------. 1 root apache 1801 Apr 18 2019 Build.PL

-rw-r-----. 1 root apache 32816 Apr 18 2019 Bugzilla.pm

-rwxr-x---. 1 root apache 40978 Apr 18 2019 buglist.cgi

-rwxr-x---. 1 root apache 27890 Apr 18 2019 attachment.cgi

-rwxr-x---. 1 root apache 804 Apr 18 2019 admin.cgi

drwxr-x---. 7 root apache 4096 Jan 5 14:58 extensions

drwxr-x---. 4 root apache 75 Jan 5 14:58 docs

drwxr-x---. 4 root apache 4096 Jan 5 14:58 js

drwxr-x---. 2 root apache 4096 Jan 5 14:58 images

-rw-r-----. 1 root apache 5633 Jan 5 18:12 localconfig_backup

drwxr-x---. 5 root apache 65 Jan 6 17:54 skins

drwxr-x---. 96 root apache 4096 Jan 6 17:54 lib

drwxrwx---. 2 root apache 23 Jan 6 17:54 graphs

drwxr-x---. 3 root apache 33 Jan 6 17:54 template

drwx------. 4 root apache 4096 Jan 6 17:54 contrib

drwx------. 3 root apache 64 Jan 6 17:54 xt

drwx------. 3 root apache 4096 Jan 6 17:54 t

drwxr-x---. 19 root apache 4096 Jan 7 06:28 Bugzilla

-rw-r-----. 1 root apache 5634 Jan 7 07:50 localconfig

drwxrwx---. 9 root apache 4096 Jan 7 07:50 data





-bash-4.2# ls -la

/var/www/html/bugzilla/data



total 16

drwxrwx---. 9 root apache 4096 Jan 7 07:50 .

drwxr-x---. 16 root apache 4096 Jan 6 19:16 ..

drwxrwx---. 2 root apache 69 Jan 7 07:50 assets

drwxrwx---. 2 root apache 23 Jan 6 17:54 attachments

drwxrwx---. 2 root apache 6 Jan 6 17:54 db

drwxr-x---. 2 root apache 24 Jan 6 17:54 extensions

-rw-r-----. 1 root apache 300 Jan 6 17:54 .htaccess

-rw-rw----. 1 root apache 0 Jan 6 17:54 mailer.testfile

drwxr-x---. 2 root apache 6 Jan 6 17:54 mining

-rw-rw----. 1 root apache 3439 Jan 7 07:50 params.json

drwxrwx---. 4 root apache 33 Jan 7 07:50 template

drwxrwx---. 2 root apache 23 Jan 6 17:54 webdot





-bash-4.2# id apache

uid=48(apache) gid=48(apache) groups=48(apache)

-bash-4.2#





-bash-4.2# more .htaccess

# Allow access to .css files

<FilesMatch \.(css|js)$>

<IfModule mod_version.c>

<IfVersion < 2.4>

Allow from all

</IfVersion>

<IfVersion >= 2.4>

Require all granted

</IfVersion>

</IfModule>

<IfModule !mod_version.c>

Allow from all

</IfModule>

</FilesMatch>



# And no directory listings, either.

<IfModule mod_version.c>

<IfVersion < 2.4>

Deny from all

</IfVersion>

<IfVersion >= 2.4>

Require all denied

</IfVersion>

</IfModule>

<IfModule !mod_version.c>

Deny from all

</IfModule>





#

# If you wish httpd to run as a different user or group, you must run

# httpd as root initially and it will switch.

#

# User/Group: The name (or #number) of the user/group to run httpd as.

# It is usually good practice to create a dedicated user and group for

# running httpd, as with most system services.

#

User apache

Group apache





# Supplemental configuration

#

# Load config files in the "/etc/httpd/conf.d" directory, if any.

IncludeOptional conf.d/*.conf

<Directory /var/www/html/bugzilla>

AddHandler cgi-script .cgi

Options +Indexes +ExecCGI +FollowSymLinks

DirectoryIndex index.cgi index.html

AllowOverride none

Require all granted

</Directory>





# This file controls the state of SELinux on the system.

# SELINUX= can take one of these three values:

# enforcing - SELinux security policy is enforced.

# permissive - SELinux prints warnings instead of enforcing.

# disabled - No SELinux policy is loaded.

SELINUX=enforcing

# SELINUXTYPE= can take one of three values:

# targeted - Targeted processes are protected,

# minimum - Modification of targeted policy. Only selected processes are protected.

# mls - Multi Level Security protection.

SELINUXTYPE=targeted

[Thorsten Schöning]

Guten Tag RangaRajan N,
am Donnerstag, 7. Januar 2021 um 13:30 schrieben Sie:

> SELINUX=enforcing
> SELINUXTYPE=targeted

Please remember that I'm trying to help you, NOT trying to do your
work. So simply copying&pasting that much data obviously without even
THINKING about what I have written and you are copying, should be
reconsidered.

IF you would have done YOUR work, I would have expected some
explanations about e.g. SELINUX: Why it is the way it is, if you
tried other settings already etc.

[RangaRajan N]

Apologies. yes i tried multiple options to change selinux to permissive and also i have tried
chcon -R -t httpd_sys_content_t /var/www/html/Bugzilla


Earlier before this error i got Permission denied: exec of '/var/www/html/bugzilla/index.cgi' failed

but after running the above command , it has fixed. but after that , i am getting this error First error: undef error - Error in tempfile() using template data/assets/.tmp.XXXXXXXXXX: Could not create temp file data/assets/.tmp.nNhvqZmzrf: Permission denied at Bugzilla/Util.pm line 125.

[Thorsten Schöning]

Guten Tag RangaRajan N,
am Donnerstag, 7. Januar 2021 um 16:05 schrieben Sie:

> chcon -R -t httpd_sys_content_t /var/www/html/Bugzilla

From the docs:

> By default, files and directories labeled with this type cannot be
> written to or modified by httpd or other processes.

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/managing_confined_services/sect-managing_confined_services-the_apache_http_server-types

Have a look at the following:

> httpd_sys_script_exec_t
> httpd_sys_rw_content_t

[RangaRajan N]

Thanks

httpd_unconfined_script_exec_t

Resolved the issue.