Failed to access DBM file Permission denied

jeffschips

Well-Known Member
Jun 5, 2016
264
36
78
new york
cPanel Access Level
Root Administrator
Hello @jeffschips

This is an incompatibility issue with ruid2 and secdatadir collections or customizations to the mod_sec implementation. Ultimately if you're using ruid2 and can't switch away from it I would suggest disabling the mod_sec customizations or secdatadir collections
Thank you for that. Can you advise me what are the steps for disabling mod_sec customizations or secdatadir collections? Those options - or features - are not readily apparent when in the cpanel mod_sec interface.
 

cPanelLauren

Product Owner II
Staff member
Nov 14, 2017
13,274
1,295
313
Houston
Hi @jeffschips


These posts may be helpful for secdatadir collections:
Mod_Security DBM Question in 2018
ModSecurity - SecDataDir

As far as customizations those wouldn't be configurable through the UI in any form, the best advice I am able to provide for customized implementations would be to remove them if you continue to experience an issue.
 

jeffschips

Well-Known Member
Jun 5, 2016
264
36
78
new york
cPanel Access Level
Root Administrator
Hi @jeffschips


These posts may be helpful for secdatadir collections:
Mod_Security DBM Question in 2018
ModSecurity - SecDataDir

As far as customizations those wouldn't be configurable through the UI in any form, the best advice I am able to provide for customized implementations would be to remove them if you continue to experience an issue.
Got it. But if I don't know exactly what "customization" means, I can't remove something that I don't know what it actually is.

Are your suggestions to ". . . disabling the mod_sec customizations or secdatadir collections. . . " theoretical without and actual method to implement this solution?

I don't remember activating anything that would resemble these things, although, without knowing exactly what those words mean I can't tell. In which case it is unlikely that I have turned on customizations or secdatadir collections so then the suggestion to disable something that is not on as a solution wouldn't work, correct?

Can you tell me what exactly those features are "customizations" and "secdata collections" or are?
 

cPanelLauren

Product Owner II
Staff member
Nov 14, 2017
13,274
1,295
313
Houston
Got it. But if I don't know exactly what "customization" means, I can't remove something that I don't know what it actually is.
I can't tell you exactly what customizations you have installed, my assumption would be that you would know what customizations you'd have installed in the event you installed them as it would have had to be done manually.


for secdatadir collection information, I provided you links to threads where others have had the same issue were you able to read those? If you're having difficulty or feel uncomfortable making the changes to modsecurity please feel free to open a ticket using the link in my signature.


Thanks!
 

jeffschips

Well-Known Member
Jun 5, 2016
264
36
78
new york
cPanel Access Level
Root Administrator
We seem to be going in circles: I simply want to know what the messages mean. Before taking corrective action and fiddling with files and changing permissions as per the helpful suggestion you provided (many thanks), or opening a ticket to solve this, I'm still trying to ascertain the purpose of the messages. Here is one of thousands filling up my logs:

[[email protected] apache2]# tail -f error_log | grep default_SESSION
[Fri Dec 28 11:34:17.702032 2018] [:error] [pid 13639] [client x.x.x.x:40598] [client x.x.x.x] ModSecurity: collection_store: Failed to access DBM file "/var/cpanel/secdatadir/default_SESSION": Permission denied [hostname "blablabla.com"] [uri "/images/sxxxx.jpeg"] [unique_id "XCZQiQO1Vdbgdan3pzANbAAAAAo"], referer: http://www.blablabla.org/

I get it, something, mod_sec is trying to access a directory and it does not have permission to do so. Okay. That's not rocket science, but what I've been trying to elicit from this forum is what is the purpose of this activity? What does it mean? What is happening under the hood to even trigger this error other than the aforementioned bad blood?

In other words: Why is mod_sec even trying o access that directory and if it could and there wasn't this bad blood between mod_rui and cpanel, etc., what would be achieved if it could access that directory?

A surgeon doens't open up a body to perform surgery without first knowing what they are looking for. I'm simply trying to understand the reasons and purpose behind this activity?