Monday, November 25, 2019

Drupal 7 - How To Resolve Permission denied in _locale_parse_js_file() error

Drupal 7 / Centos 7


How To Resolve Permission denied in _locale_parse_js_file() Error:

After clearing cache on my server one day, I started to see this error:

Hmmmm.  

 Here's some context and an explanation of what's going on:  The component in question (EasyRec) makes an outbound connection to a remote server to receive product reccomendations that are then displayed on our eCommerce web server.  This is not a normal client/server connection for apache, because in this case the web server is initiating an outbound connection as opposed to recieving one.  This is an unusual mode for a web server - they usually just wait around hoping to receive an inbound HTTP connection, they don't make outbound HTTP requests.

The words "Permission denied" makes me think that the SELINUX Trinity might be at work:

 1)  Does the file have the right owner?
2)  Does the file have the right permissions?
3)  Does the file have the right SELINUX context?

 So, I went down the line by checking (1) the owner and then (2) permissions:

# pwd
<drupal_root>

NOTE:  In the above example <drupal_root> is the top of your Drupal installation

 # find . -name "locale.inc"

./includes/locale.inc
# cd includes
[root@vm includes]# ls -lZ locale.inc

-rw-r--r--. holisticpethelp.com holisticpethelp.com unconfined_u:object_r:httpd_sys_content_t:s0 locale.inc

OK, 

1)  The ownership is correct (holisticpethelp.com)
2)  The file permissions appear to be correct (-rw-r--r--.) 
3)  The SELINUX security context seems correct (unconfined_u:object_r:httpd_sys_content_t:s0)

So where could the problem be?

 Well, maybe we need to move up a layer of complexity, from investigating the SELINUX permissions on to investigating individual SELINUX settings.

 My thanks to Vladimir Danoski for an excellent article on how to solve this problem.

 Based on what I learned from Vladimir, I checked the SELINUX status:

 # sestatus -b | grep httpd_can_network_connect
httpd_can_network_connect                   off
httpd_can_network_connect_cobbler           off

httpd_can_network_connect_db                off

 # sestatus -b | grep httpd_unified

httpd_unified                               off

Obviously, things won't work right if those two SELINUX settings are set to off.

We need to turn them to on:

First, I adjusted the permission for httpd_can_network_connect:

# setsebool -P httpd_can_network_connect 1

Then I checked the SELINUX status for that variable:

# sestatus -b | grep httpd_can_network_connect
httpd_can_network_connect                   on
httpd_can_network_connect_cobbler           off
httpd_can_network_connect_db                off


Next, I adjusted the permission for httpd_unified:

# setsebool -P httpd_unified 1

Then I checked the SELINUX status for that variable:

# sestatus -b | grep httpd_unified
httpd_unified                               on


Then I restarted my apache server to get SELINUX to reset its security context:

# service httpd restart
Redirecting to /bin/systemctl restart httpd.service

Then I checked the status of my apache server:

# service httpd status
Redirecting to /bin/systemctl status httpd.service
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2019-11-25 09:17:15 HKT; 8s ago
     Docs: man:httpd(8)
           man:apachectl(8)
  Process: 29512 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS)
  Process: 23307 ExecReload=/usr/sbin/httpd $OPTIONS -k graceful (code=exited, status=0/SUCCESS)
 Main PID: 29521 (httpd)
   Status: "Processing requests..."
   CGroup: /system.slice/httpd.service
           ├─29521 /usr/sbin/httpd -DFOREGROUND
           ├─29523 /usr/sbin/httpd -DFOREGROUND
           ├─29524 /usr/sbin/httpd -DFOREGROUND
           ├─29525 /usr/sbin/httpd -DFOREGROUND
           ├─29526 /usr/sbin/httpd -DFOREGROUND
           └─29527 /usr/sbin/httpd -DFOREGROUND

Nov 25 09:17:15 : Starting The Apache HTTP Server...
Nov 25 09:17:15 : Started The Apache HTTP Server.


OK, everything looks normal.  Let's clear cache and see what we get...


...and click on the logo to reaload the home page...


OK, the apache server is now able to initiate a HTTP request, but the EasyRec server is (apparently) not responding.  We still have problems, but now the problem has morphed from an issue on my server to an issue (maybe) on the EasyRec server.

Please read How To Resolve An EasyRec HTTPD Connection Error to find out how I solved that one...

REFERENCES:


 https://stackoverflow.com/questions/48845039/fixing-error-with-file-get-contents-permission-denied

at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)