Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Failed to access DBM file Permission denied

Discussion in 'Security' started by Benjamin D., Jul 28, 2018.

  1. Benjamin D.

    Benjamin D. Well-Known Member

    Joined:
    Jan 28, 2016
    Messages:
    116
    Likes Received:
    13
    Trophy Points:
    18
    Location:
    Canada
    cPanel Access Level:
    Root Administrator
    CentOS 7.5 WHM 72.0 Apache 2.4 suphp (7.1)

    Logs are filling with this, following a server migration. Logs never showed that on the older server, same configuration (at least what I think it is, but obviously SOMETHING is different now) :

    ModSecurity: collections_remove_stale: Failed to access DBM file "/var/cpanel/secdatadir/global": Permission denied

    No, I do not use mod_ruid2
     
    #1 Benjamin D., Jul 28, 2018
    Last edited: Jul 28, 2018
  2. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,880
    Likes Received:
    89
    Trophy Points:
    78
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Hi,

    Can you share with the output of the below command:
    # ls -ld /var/cpanel/secdatadir/global
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Benjamin D.

    Benjamin D. Well-Known Member

    Joined:
    Jan 28, 2016
    Messages:
    116
    Likes Received:
    13
    Trophy Points:
    18
    Location:
    Canada
    cPanel Access Level:
    Root Administrator
    No, because: ls: cannot access /var/cpanel/secdatadir/global: No such file or directory
     
  4. cPanelLauren

    cPanelLauren Forums Analyst II
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    3,137
    Likes Received:
    222
    Trophy Points:
    173
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @Benjamin D.

    Does /var/cpanel/secdatadir/ exist? If so can you give me the output of the following:

    Code:
    ls -lah /var/cpanel/secdatadir/
    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. Benjamin D.

    Benjamin D. Well-Known Member

    Joined:
    Jan 28, 2016
    Messages:
    116
    Likes Received:
    13
    Trophy Points:
    18
    Location:
    Canada
    cPanel Access Level:
    Root Administrator
    [root@secure ~]# ls -lah /var/cpanel/secdatadir/
    total 16K
    drwxrwx--T 2 root nobody 4.0K Jul 30 12:00 .
    drwx--x--x 106 root root 12K Jul 30 12:42 ..
    -rw-r----- 1 root root 0 Jul 23 21:34 global.dir
    -rw-r----- 1 root root 0 Jul 23 21:34 global.pag
    -rwxr-xr-x 1 nobody nobody 0 Jul 30 12:00 ip.dir
    -rwxr-xr-x 1 nobody nobody 0 Jul 30 12:00 ip.pag
     
  6. cPanelLauren

    cPanelLauren Forums Analyst II
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    3,137
    Likes Received:
    222
    Trophy Points:
    173
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @Benjamin D.

    Can you please change the ownership of the global.dir and the global.pag files to nobody UID/GID:


    Code:
    chown nobody:nobody global.pag
    chown nobody:nobody global.dir
    and let me know if that resolves the issue.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #6 cPanelLauren, Jul 30, 2018
    Last edited: Jul 30, 2018
    Kent Brockman likes this.
  7. Benjamin D.

    Benjamin D. Well-Known Member

    Joined:
    Jan 28, 2016
    Messages:
    116
    Likes Received:
    13
    Trophy Points:
    18
    Location:
    Canada
    cPanel Access Level:
    Root Administrator
    FINALLY. Thank god, this will give a break to the hard drives... now please cPanel, can anybody add these 2 aforementioned commands to the WHM installation process?

    THANK GOD (and/or @cPanelLauren !) this is resolved ;-)

    Please mark as resolved. Why so fast? Because the second I chown'ed the previously mentioned files, hundreds of these lines a second stopped filling up the log :P
     

    Attached Files:

    cPanelLauren likes this.
  8. cPanelLauren

    cPanelLauren Forums Analyst II
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    3,137
    Likes Received:
    222
    Trophy Points:
    173
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @Benjamin D.

    I'm pretty sure I haven't laughed that hard in a while, I'm glad that resolved the issue. I need to do some more testing but I found a ticket internally where this occurred as well. That shouldn't be happening. For my information can you tell me the MPM you're using, how long ago this server was provisioned as well (i know it's the new server but was it live before you migrated your sites to it?), can you also tell me what version of the OWASP ruleset you're using, as well as any alternates/custom rulesets that may be provisioned?

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. Benjamin D.

    Benjamin D. Well-Known Member

    Joined:
    Jan 28, 2016
    Messages:
    116
    Likes Received:
    13
    Trophy Points:
    18
    Location:
    Canada
    cPanel Access Level:
    Root Administrator
    The server's hard drives were partitioned, formated and its OS (CentOS 7.5) was installed on wednesday the 25th (5 days ago). No sites were running on this server before cPanel was installed. Sites were running on the older server for years. Installing cPanel was the very first thing I did immediately after booting successfully in CentOS 7.5 for the first time following the hard drive partitionning and OS installation. Sites were all transferred using the "Transfer Tool" from server-A to server-B both on WHM 72.0 and this transfer process generated a bunch of issues that I still get to slowly fix, many of these were reported as forum posts on here by me over the last 5 days. Some still unresolved SO FEEL FREE TO CHECK THEM OUT! ;-) ;-)

    MPM = Apache 2.4 is that what you wanted? Please explain further if this is not what you're after.

    OWASP = OWASP ModSecurity Core Rule Set V3.0 / 100% vanilla/default rules set (no additional rule, no custom rule) except that I had to disable 4 rules that are really annoying, almost totally useless and interfering A LOT with my sites, basically generating 100% false positives and blanking out multiple pages of my sites. Something as silly as a script containing $_GET['user']. Rules like these are way too vague/abstract. They restrict a lot and don't block many attacks. It's not like the browser tried to mess with a SESSION var or a COOKIE. It's just a GET parameter... and one that the PHP programmer legitimately wants to use. /end of ranting
     
  10. Kent Brockman

    Kent Brockman Well-Known Member

    Joined:
    Jan 20, 2008
    Messages:
    1,187
    Likes Received:
    8
    Trophy Points:
    168
    Location:
    Buenos Aires, Argentina
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hey there. Same problem here, and the same solution was applied and all is ok now.

    The server was installed past weekend and it started showing the same behaviour, so please accelerate the internal ticket so this issue can be addressed asap.

    - Apache MPM: worker
    - modsec rules: all the natively built-in rules activated

    Hope it helps. All the best
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. cPanelLauren

    cPanelLauren Forums Analyst II
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    3,137
    Likes Received:
    222
    Trophy Points:
    173
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @Kent Brockman


    Out of curiosity are you running mod_ruid2 on your server? ruid2 and secdatadir collections are incompatible and may explain why this is occurring in both instances noted here.


    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  12. Kent Brockman

    Kent Brockman Well-Known Member

    Joined:
    Jan 20, 2008
    Messages:
    1,187
    Likes Received:
    8
    Trophy Points:
    168
    Location:
    Buenos Aires, Argentina
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hi! Nope. I never use that. In case you want a sneak peek, these are the active modules in that EA4:

    Code:
    Apache 2.4
    
    config
    config-runtime
    mod_bwlimited
    mod_cgid
    mod_deflate
    mod_expires
    mod_headers
    mod_http2
    mod_mpm_worker
    mod_proxy
    mod_proxy_fcgi
    mod_proxy_http
    mod_proxy_wstunnel
    mod_security2
    mod_security2-mlogc
    mod_ssl
    mod_suexec
    mod_unique_id
    tools
    
    PHP 7.2
    
    libc-client
    pear
    php-bcmath
    php-bz2
    php-calendar
    php-cli
    php-common
    php-curl
    php-devel
    php-fileinfo
    php-fpm
    php-ftp
    php-gd
    php-gettext
    php-imap
    php-ldap
    php-litespeed
    php-mbstring
    php-mysqlnd
    php-opcache
    php-pdo
    php-posix
    php-soap
    php-sockets
    php-xml
    php-xmlrpc
    php-zip
    runtime
    
    Others
    
    apr
    apr-devel
    apr-util
    apr-util-devel
    brotli
    cpanel-tools
    documentroot
    libcurl
    libmcrypt
    libnghttp2
    libxml2
    modsec-sdbm-util
    nghttp2
    openssl
    php-cli
    php-cli-lsphp
    profiles-cpanel

    Let me know if you see something odd or possibly incompatible.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    cPanelLauren likes this.
  13. cPanelLauren

    cPanelLauren Forums Analyst II
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    3,137
    Likes Received:
    222
    Trophy Points:
    173
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @Kent Brockman

    Thanks for that, the only instances where I've seen this occur (and researching in tickets as well) is when a custom or 3rd party installation of mod_security is added and mod_ruid2 issues.

    In this case based on what you provided I believe the issue is related to an added module of mod_security:

    Code:
    mod_security2-mlogc
    
    This should be fine now though and no further cause for concern.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #13 cPanelLauren, Oct 17, 2018 at 8:59 AM
    Last edited: Oct 17, 2018 at 9:27 AM
  14. Kent Brockman

    Kent Brockman Well-Known Member

    Joined:
    Jan 20, 2008
    Messages:
    1,187
    Likes Received:
    8
    Trophy Points:
    168
    Location:
    Buenos Aires, Argentina
    cPanel Access Level:
    Root Administrator
    Twitter:
    So, it could be safe to uninstall mod_security2-mlogc? that could be recommended?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  15. cPanelLauren

    cPanelLauren Forums Analyst II
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    3,137
    Likes Received:
    222
    Trophy Points:
    173
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @Kent Brockman

    It's an addition and not something necessary - you can remove it - this specific item is an audit log collector.

    I don't believe removing it will resolve the issue you had initially though.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  16. Kent Brockman

    Kent Brockman Well-Known Member

    Joined:
    Jan 20, 2008
    Messages:
    1,187
    Likes Received:
    8
    Trophy Points:
    168
    Location:
    Buenos Aires, Argentina
    cPanel Access Level:
    Root Administrator
    Twitter:
    Ok, I'm uninstalling that component everywhere.

    And, as per the original issue, you said there is already an internal ticket to address it, right? Any idea of target release in which this could be solved? cPanel 76-78?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  17. cPanelLauren

    cPanelLauren Forums Analyst II
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    3,137
    Likes Received:
    222
    Trophy Points:
    173
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @Kent Brockman

    Because this is an issue with incompatibility with certain configurations there's no internal case to resolve it. I looked through our internal ticket system to find related issues. All of them had ruid2 or some other customization added.

    As I said before though, removing the module isn't going to fix the issue, the only fix for the issue is to correct the ownership. Once it's fixed it should not occur again.

    For others potentially in this situation: In the case of ruid2 being the issue secdatadir collections are not compatible with ruid2.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  18. Kent Brockman

    Kent Brockman Well-Known Member

    Joined:
    Jan 20, 2008
    Messages:
    1,187
    Likes Received:
    8
    Trophy Points:
    168
    Location:
    Buenos Aires, Argentina
    cPanel Access Level:
    Root Administrator
    Twitter:
    Ok. The only thing I need clarification for, is: if correcting the ownership of those files will fix the issue, why wouldn't such a correction be implemented as a fix in future releases.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice