.htaccess and pcfg_openfile error

[1and1user]

Hi everbody,

I've been struggling with this problem for a while now. I'm on a hosted root server with vhost setup, and Plex.

I can set up and get pages to display in subdirs of httpdocs, but not my bugzilla directory, where I have put an .htaccess file. When I try to access it, I get the following error. Based on research, I verified that permissions are correct on the .htaccess file, so I don't know why the file is not readable.

/home/httpd/vhosts/nanswi.com/httpdocs/bugzilla-2.18.3/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
[root@u15158424 httpdocs]# ls -ltr .ht*
-rw-r--r-- 1 root root 239 Sep 3 12:24 .htaccess

[Tue Sep 13 00:17:27 2005] [crit] [client 61.7.137.152] (13)Permission denied: /home/httpd/vhosts/nanswi.com/httpdocs/bugzilla-2.18.3/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
[root@u15158424 httpdocs]# ls -ltr bugzilla-2.18.3/.htaccess*
-rw-r--r-- 1 root root 239 Sep 12 09:51 bugzilla-2.18.3/.htaccessx
[root@u15158424 httpdocs]#

[root@u15158424 httpdocs]# ls -ltr | grep bugz
lrwxrwxrwx 1 root apache 15 Sep 4 06:52 bugzilla -> bugzilla-2.18.3
dr-xr--r-- 13 root apache 4096 Sep 13 00:17 bugzilla-2.18.3
[root@u15158424 httpdocs]#

I've tried a variety of things to see what's making this happen, but so far no luck.

I found an older post, on a different forum, about the pcfg_openfile error, and updated the vhost section of my httpd.conf file to reflect that, but the error did not change, as has been typical of all my attempts!

Is this Plex related?

Please help!

 

[jamesyeeoc]

Have you tried changing the ownership of the .htaccess file to ftpusername : psaserv ?

cd /home/httpd/vhosts/nanswi.com/httpdocs/bugzilla-2.18.3

chown ftpusernamesaserve .htaccess

(change 'ftpusername' to the ftp user of the domain)

 

[1and1user]

Thanks, jamesyeeoc,

Thanks for your suggestion.

By ftpusername, I presume you mean the user, or any user, that is permitted to log in via FTP, or SCP. It's already set to that.

I do plan to create another user for ftp soon, but rignt now what I have is expedient for setup.

I did change the group on this particular version of .htaccess to the preset group for apache and bugzilla.

I've changed owner/group before, with no change to the error or result.

To sum up, nothing anyone has suggested, based on my interenet searches, has solved this problem.

Does Plex allow me to set/change the ftp user? I'm looking for this setting now.

Thanks again, any other suggestions welcomed.

 

[1and1user]

Addendum.

I tried to change the owner to psacln, but got:
chown: `psacln': invalid user

Based on notes in /etc/proftpd.conf, I changed owner of .htacces to nobody, and also to a username I set up in Plex in the domain-user setup, with ftp permissions.

None of these changed the error.

I'm guessing I somehow disabled the default psacln user, but I'm not yet user how.

 

[jamesyeeoc]

When you issued the chown command, you put 'psacln' as the GROUP GID(after the colon), not the user GID (before the colon), right?

chown ftpuser:psacln filename
or
chown ftpuser:psaserv filename

Or have you tried using psaserv as the group GID as well?

A quick way to tell if the GROUP exists is to give the "groupmod psacln" or "groupmod psaserv" command at the SSH shell prompt. If it gives no output then the group exists. If the group does NOT exist, then it will display "groupmod: group psacln does not exist"

 

[1and1user]

Not familiar with chown used this way, with a colon:

[root@u15158424 bugzilla]# chown nobody;psacln .htaccess
chown: too few arguments
Try `chown --help' for more information.
-bash: psacln: command not found


[root@u15158424 bugzilla]# chown psacln ftpusersacln .htaccess
chown: `psacln': invalid user

sorry about the last part.

Not clear on that, even from reading the man page.

 

[jamesyeeoc]

Sorry about my last post, it was before my first cup of coffee. I have corrected it. Should have been:

chown ftpuser:psacln filename
or
chown ftpuser:psaserv filename

where 'filename' can be either a filename, directoryname, or wildcarded.

The colon separates the UID from the GID, by specifying both you can set both at the same time. If you wanted to only change the GID, then it would be like:

chown :psacln filename
or
chown :psaserv filename

You would still have to put the colon... IMO it's better to do both just to be sure both get set properly.

 

[1and1user]

Okay, thanks for replying before your coffee - you may not realize it but I'm doing thing from Thailand right now, where it is almost 1:30am, so you're helping a lot.

[root@u15158424 bugzilla]# chown nobodysaserv .htaccess
[root@u15158424 bugzilla]# lsl .htaccess
-rwxr-xr-x 1 nobody psaserv 297 Sep 13 14:17 .htaccess

Based on feedback from another forum dialog, I changed permissions on the .htaccess and the bugzilla directory to 755.

This resulted in a directory listing, and "text" display of the index.cgi file, which of course is not what I want.

I tried what you suggested, and used F5 in Firefox to reload, but it did not change anything.

FYI:

[root]# ls -ltr .htaccess
-rwxr-xr-x 1 nobody psaserv 297 Sep 13 14:17 .htaccess
[root]# cd ..
[root]# ls -ltr | grep bug
lrwxrwxrwx 1 root apache 15 Sep 4 06:52 bugzilla -> bugzilla-2.18.3
drwxr-xr-x 13 root apache 4096 Sep 13 14:17 bugzilla-2.18.3

I've seen this before, and I've been trying to correct it. Clearly, my .htacces is not setup up correctly:

# don't allow people to retrieve non-cgi executable files or our private data
<FilesMatch ^(.*\.pl|.*localconfig.*|runtests.sh)$>
deny from all
</FilesMatch>
<FilesMatch ^(localconfig.js|localconfig.rdf)$>
allow from all
</FilesMatch>

I've commented out some things in my httpd.conf file which may play into that.

Any recommendations for how to setup httpd.conf and/or the .htaccess file to ensure that the buzilla cgi's work as designed?

I got Bugzilla working in a localhost environment under RH9, but this vhost setup on a root server is much trickier, with Plesk involved, it seems.

Thanks again for your help.

 

[1and1user]

Hi, jamesyeeoc,

I got past the pcfg_openfile error (permissions it turns out (755 for .htaccess fixed it), thanks for your help, but now:

As I look into the ftpuser issue, understanding that just creating a user in the usual Linux way is not going to work in my Plex environment.

Following the Plex FAQ for the host I'm using, I discovered that under Package Administration there is no Web Space/Access link between E-mail and Applications.

I suppose that means what the account does not have that level of support enables ($$$), or maybe there is some other version question here (not sure what version I have right now).

If there is no such setup, can I use "adduser" on the command line to accomplish this? - i.e., if I create "webuser", and add this user to the " wheel" group, then edit httpd.conf and localconfig (for Bugzilla), will that work in the Plex environment?

This setup/domain is not intended for multiple web hosters.

I can setup and access the main page and other test subdir pages on the domain, but in the bugzilla dir, I'm getting the "500 Internal Server Error" result, logs:

[Fri Sep 16 08:49:15 2005] [error] [client ...] Premature end of script headers: index.cgi

[2005-09-16 08:49:15]: target uid/gid (10003/10001 or $ld) mismatch with directory (2522/0) or program (48/0)

I do understand that I need a valid "ftpuser", tied to a valid group (psa-related group?).

Another point, we're trying to enable perl/mysql Bugzilla, no php - that's ony Plex.

Thanks again for your help.

 

[jamesyeeoc]

Creating users in Linux is not the same as creating a user in Plesk, you are correct. If you need mail users, you have to create them in Plesk. For FTP users, since Plesk only allows a single FTP user per domain, you can get around this by creating Linux users and setting the appropriate limitations, password, homedir, group (psacln or psaserv).

There is really no need for the Plesk control panel to have to 'know' about the additional FTP users, it's not going to do anything with them anyways.

I posted a short howto recently at:

http://forum.plesk.com/showthread.php?threadid=27183&highlight=useradd

"not intended for multiple web hosters" - if you mean multi-level Resellers, that is correct.

The 500 error/premature end of script headers error has been covered in several recent posts. There were several solutions to the error, each depending on the exact setup and where the person was trying to put the script.

 

[1and1user]

hi jamesyeeoc,

Thanks for your suggestions. I attempted what was suggested by your howto. But I found that when I chowned the files in the bugzilla directory to the new user, the original user (on which the user ID was based) was applied instead of the new user.

Is that what I should expect?

At any rate, that did enable my cgi's to run. The log entries I get now are:

[...](13)Permission denied: exec of '/usr/sbin/suexec' failed
[...]Premature end of script headers: index.cgi

suexec is disabled (Fedora 2 recommendation)m and the default FTP mode is ascii - I also opened and saved the cgi files with pico to make sure they are ascii.

I'm also reading about Proftpd, and wondering how this plays into it.

One recommendation I found was to modify my .htaccess in the bugzilla directory with this:

AddHandler cgi-script cgi
<FilesMatch ^(.*\.cgi)$>
Options +ExecCGI
</FilesMatch>

This solved it for one bloke but not for me.

Any suggestions?

Thanks again.

 

[1and1user]

Correction. It did NOT allow my cgi's to run.

Incidentally:

[root bugzilla]# ./testserver.pl http://www.<domain>.com/bugzilla
TEST-OK Webserver is running under group id in $webservergroup.
TEST-OK Got ant picture.
Use of uninitialized value in pattern match (m//) at ./testserver.pl line 100.
Use of uninitialized value in pattern match (m//) at ./testserver.pl line 100.
TEST-FAILED Webserver is not executing CGI files.
TEST-OK Webserver is preventing fetch of http://www.<domain>.com/bugzilla/localconfig.
[root bugzilla]#

Does this shed any light on the problem?

I can't find much on the internet about this that helps.

Again, I've verified that my cgi's are ascii.