Tuesday, November 6, 2007

Congratulations to Rat City's newest fresh meat!

Rat City held their annual tryouts this past weekend, and a bunch of my fellow skaters rocked the rink. Big shout-outs to these former PFMs and Rat City's newest fresh meat:

I can't wait to see y'all beating each other 'round on the rink... 2008 is gonna be the best season yet!!

Monday, November 5, 2007

Solving Tough Problems: mod_fcgid and Apache Errors

Almost two weeks ago I ran into some issues with my apache web server configuration running PHP under mod_fcgid. These issues started with an unexpected 403 Forbidden error, caused by a (13) Permission Denied error on my .htaccess file, and finally resulted in (due to my misconfiguration of PHP) a No input file specified error.

Since it caused me a great deal of headache, and took me a while to figure out, I thought I'd share with you my debugging process. Keep in mind, I'm a software developer, not an Apache sysadmin wizard. So you httpd wizards out there, feel free to correct me where I'm missing the obvious.

I'm running a MediaTemple (dv) 3.0 virtual server under Plesk. My problems started shortly after that with arbitrary 403 Forbidden responses to URLs I know should have worked. In fact, retrying the URL showed that it did work. As you'll see, the "sometimes works" part didn't last long.

The first step to solving a problem like this, or anything else, is to check logs. The Apache error log is the right log to start with. For me (MediaTemple (dv) 3.0 / Plesk) this was in the /var/www/vhosts/yourdomain.com/statistics/logs directory. Apart from the usual noise in log files I did see a pretty conspicuous line:

(13)Permission denied: [snip] .htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable

This was pretty alarming because I had no .htaccess file in the particular directory indicated (the "[snip]" part). So I dug around on the internet for a while and found pretty much nothing of help about this problem. Keep in mind that everything was running just fine until this point. So I tried turning off AllowOverride in my global httpd.conf file (actually it goes in my vhost.conf file which Plesk includes for my virtual domain). I restarted Apache (service httpd restart) and much to my dismay, I started getting 403 Prohibited on every request. Yikes!

After finally digging through the MediaTemple knowledge base I found this little tidbit:

[...]permissions (755 or chmod o+x) on a directory created for alternate and subdomains is sufficient to serve web content. Anything else will prohibit Apache from entering the directory and showing your content to visitors.

So I did a stat on my http documents directory and I see:
Access: (0644/drw-r--r--)
One chmod o+x command later and my .html files are once again servable. Not sure what changed to cause the problem, but now everything was looking good and I was just about to close the issue as resolved.

Which brings me to the last problem I was getting on my PHP files: No input file specified. This started another round of fruitless internet searches. The bottom line is that this meant that PHP couldn't execute the file. Well, another stat command on the file in question showed:
Access: (0660/-rw-rw----) Uid: (1000/ someuser) Gid: ( 2000/ somegroup)
but more importantly neither the owner nor group for the file was associated with the suexec user that was being used for mod_fcgid. A quick chown -R suexecuser:suexecgroup command later on the folder holding my http files (-R makes it recursive) and my PHP file was working like a charm. Just make sure you replace suexecuser and suexecgroup with your actual suexec user and group (this is specified in my /var/www/vhosts/yourdomain.com/conf/vhost.conf file).

So in the end, to solve my "(13) Permission Denied" / "403 Unauthorized" / ".htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable" / "No input file specified" errors I had to:

  • Check the Apache error_log file
  • Check the MediaTemple knowledge base
  • Use the stat (or ls) command to check file permissions and ownership
  • Use the chmod o+x command to make sure Apache can descend into any directory holding files you want served
  • Use the chown -R suexecuser:suexecgroup command to make sure Apache can access and execute your code