Web lists-archives.com

Re: apache2: Could not open configuration file /etc/apache2/apache2.conf: Permission denied




Le 17-10-2018, à 05:38:11 +0000, Steve Kemp a écrit :


 To recap you reported the original error:

 apache2: Could not open configuration file /etc/apache2/apache2.conf:
 Permission denied

 Now you've provided more details, from your audit-log:

type=AVC msg=audit(1539750555.347:77): apparmor="DENIED"
operation="open" profile="/usr/sbin/apache2"
name="/etc/apache2/apache2.conf" pid=17485 comm="apache2"
requested_mask="r" denied_mask="r" fsuid=0 ouid=0

 There you see "DENIED" along with "exit=-13".  You can lookup
the meaning of "-13" via this command but I'll guess it correpondes to
EPERM ("permission denied"):

   ausearch --interpret --exit -13

 In conclusion: You're using apparmor, it prevented the process from
opening the configuration file, which stopped the service from starting.
That was logged explicitly :)

Good point. But since I have not explicitly installed apparmor and thus
don't know how to use it (was installed during an update I guess), I
didn't really bothered.

 To fix this either:

   1.  Fix apparmor so that you can open the file.

   2.  Disable apparmor.

 The first might be as simple as `systemctl restart apparmor.service`,
that's working on the basis that:

Didn't work, same error message.

   * You had apparmor installed.
   * You've now just installed apache.

To be correct, I just reinstalled it.

Stopped apparmor then tried to start apache2, but same problem.

       * This will have given you new apparmor rules.
       * But they won't be loaded because apparmor wasn't reloaded.
   * So apache failed.

 I'm not 100% sure if that is the case, but it seems likely.  If not
you'll need to do some reading.  Perhaps start here:

   https://wiki.debian.org/AppArmor

Yeah, I think I'm gonna have to do that.

But I must say it's a bit shitty because "before", all I had to do to
run apache was 'apt install apache2'. Don't understand why this apparmor
thing is screwing my habits…

Thanks for your help and pointers.

Steve