Had a little problem recently with Apache.

I wanted to set up a local LAMP development for a project I was working on, so I set up an Apache VHost on a testing directory to serve files out of it. Having done this quite a number of times before, I assumed this to be a routine set up and went through the motions accordingly.

Listen directive? Check. <Directory> directive? Check. Allow, deny? Check. File system permissions? 755, check.

Looking good, I browsed my local URL.

And got greeted with a 403 (Forbidden) error.

Ok, so maybe I missed something out. But no.. all permissions seemed to be in order. I made the test directory’s group same as the apache user. No cigar. Gave the group elevated privileges. Nope. In desperation I have the entire test directory tree 777 permissions. And still got the 403 error.

Diving in to the logs, I was greeted with the following message:

(13)Permission denied: file permissions deny server access: /home/ruiwen/Project/tests/test.html

File permissions deny access? Surely not? They were open to the world!

Next, I figured that the errors might have been caused by Leopard’s new ACLs, since the directory where the files were hosted were on a HFS+ drive. Apparently Leopard sets ACLs on a few select directories to prevent them from being (accidentally?) deleted (eg. Pictures, Documents, Applications and similarly ‘important’ directories). Up to this point, I’d been developing in my newly installed Fedora 10 (dual-booted, and sharing a home partition with Leopard Mac OS X). So I rebooted into Leopard to attempt to discover where the fault lay.

The only problem was that the project directory simply had no ACLs nor extended attributes set on it.

File serving using the Apache within Leopard worked fine though, using the user-specific directory, ~/Sites.

Frustrated, I went back to Fedora to try again. In a stroke of inspiration, I checked out the SELinux settings.

And BINGO!

SELinux -- Allow http to read user home directories

SELinux -- Allow http to read user home directories

It was SELinux that was restricting Apache’s access to the file all along!

In my previous installations of Fedora, I’d always deactivated SELinux to prevent it from tripping me up. But with this installation of Fedora 10, I’d installed from the Live CD, and I don’t remember that ever giving me a dialogue to do that. Besides, once the system was running, I didn’t seem to run into any problems (until now), with SELinux, so I left it on. Well, guess I know better.. SELinux’s still on though, but at least now I know where I’ll look first in the future.

Well.. it took me 2 days of Googling without useful results. Hopefully this will cut somebody else’s search time short.


Ran across this nasty problem today.

I recently set up a LAMP environment on my laptop, intending to do local development for one of our sites.

I did the usual setup of Apache VHosts and all.. only to find that the site had decided to stopped working. This was pretty strange since I’d just checked out a fresh copy from SVN, and the working copy on the dev server was.. well.. working.

Delving through the logs, I saw Apache trying to do something seemingly strange. It was trying to access files as if they were directories, looking into each of them for .htaccess files.

Like this:

[Sat Jun 28 17:14:36 2008] [crit] [client 127.0.0.1] (13)Permission denied: /home/ruiwen/Projects/app/webroot/favicon.ico/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable

Last I checked, favicon.ico wasn’t a directory.

Some Googling turned up this page, which hinted that this behaviour stemmed from the fact the HFS+ might have been presenting the files as directories.

In some cases, this error can also be caused by special file-systems that return unexpected errors on attempted directory access. For example, some file-systems allow files to be treated as directories in certain cases. If httpd believes that a file is actually a directory, it will try to look inside for an .htaccess file. If it gets a permission denied error in return, it will deny access. This type of situation is usually a faulty file-system behavior and cannot be fixed within Apache. In this case your only choice is to turn off .htaccess processing as in the first solution above.

Turning off .htaccess processing wasn’t exactly ideal since the site needed the functionality.

However, setting more relaxed permissions on the site directory as recommended in the second solution on the page seemed to work.

Currently my permissions for the files are

-rwxrwxr-x 1 ruiwen www-data 3322 2008-06-28 16:39 index.php

This seems to work fine for now. Not sure why the relaxed permissions helped the problem though, and will be glad for any insight into this.


After puzzling for quite a while on how to get the Fn keys working on a Macbook Pro (4,1) in Linux (they work fine in Mac OS X, of course), I came across a forum thread today that presented a very promising solution.

Traditionally, the problem with the Fn-keys of the Feb ’08 edition of the MBPs was that they simply didn’t work. Not even with pommed.

The issue seemed to be an erroneous hardware ID listing in hid-quirks.c, under drivers/hid/usbhid/, where the Device ID for the keyboard was listed as 0x021b instead of the proper 0x0230, as shown when doing an lsusb. (More details in this bug report.)

The fix in the forum post describes how to dynamically load the usbhid module, with the proper Device ID passed to it as a parameter.

Thanks loads to _alex_ and his wonderfully elegant solution, described below:

The fix described is for an Ubuntu system, but there’s no reason why the concept wouldn’t work on any other distro.

  1. Edit /etc/modprobe.d/options
  2. Add the line below at the end of the file:
  3. options usbhid quirks=0x05ac:0x0230:0x00000800,0x05ac:0x0231:0x00004800,0x05ac:0x0232:0x00000800

  4. For Macbook Air users, _alex_ recommends this line:
  5. options usbhid quirks=0x05ac:0x0223:0x00000800,0x05ac:0x0224:0x00004800,0x05ac:0x0225:0x00000800

Following the changes, you should be able to restart your machine and have your Fn-keys working, no additional configuration required. On Ubuntu, the screen brightness keys (F1 and F2) and the volume keys (F10, F11 and F12) and the Eject key (beside F12) work fine.


Hands up those of you who have Mac-using friends who rave about wonder-boy code editor TextMate.

Ever wondered what the type was about? Yeah? So did I.

Anyways, had the luck of chancing upon a few blogs that, with a few tweaks, allows you to jostle gEdit into behaving somewhat like TextMate (especially in the context of Ruby on Rails). Not all the features though, but close enough.

Check out

And other useful links

The 3 files above allowed me to get up and running with RHTML syntax highlighting and snippets


PH(im)P my Zone

31Jan08

Righto, more from the wonderful world of Solaris Zones.

So there I am, attempting to compile enough packages for my development Zone to be called decent.. package after package of wget‘ing, ./configure‘ing, make and make install‘ing.. mainly because I want a custom compile of PHP with a little more features than what we were provided with.

Some tips I’ve learnt from today:

  • The FreeType package really, really wants to be compiled with GNU make.
    • This had me puzzled for quite a while, giving me error messages like that below:
    • ruiwen@zonebox:/usr/local/src/freetype-2.3.5$ ./configure
      GNU make (>= 3.79.1) or makepp (>= 1.19) is required to build FreeType2.
      Please try
      `GNUMAKE= ./configure'.
      or >&2
      `GNUMAKE="makepp --norc-substitution" ./configure'.
    • Until I discovered that GNU make could sometimes be installed on Solaris systems as gmake
    • Running $ GNUMAKE=gmake ./configure worked
  • –with-readline is a very important option to include in your ./configure string if you don’t want to end up tearing your hair out trying to debug your PHP code later on. CLI FTW!
  • –with-readline also seemingly got rid of the error message below:
    • Undefined first referenced
      symbol in file
      mysql_set_character_set ext/mysql/php_mysql.o
      ld: fatal: Symbol referencing errors. No output written to sapi/cli/php
      collect2: ld returned 1 exit status
      gmake: *** [sapi/cli/php] Error 1
    • Thanks to this link
  • A compile of PHP takes quite a long time, so I’ve learnt to keep my coffee handy.

And now, the puzzler of the day.

So. I’ve built up my killer ./configure string, make sure all the libraries were right.. hit Enter.. and…

...
blah blah blah
...
Configuring extensions
checking whether to enable LIBXML support... yes
checking libxml2 install dir... /opt/libxml2
checking for xml2-config path... /opt/libxml2/bin/xml2-config
checking whether libxml build works... yes
checking for OpenSSL support... yes
checking for Kerberos support... no
checking for DSA_get_default_method in -lssl... no
checking for pkg-config... /usr/bin/pkg-config
configure: error: Cannot find OpenSSL's <evp.h>

Hm. Ok. Missing file eh?

Ooh.. but what’s this here?

ruiwen@zonebox:~$ ls -l /usr/sfw/include/openssl/evp.h
-rw-r--r-- 1 root bin 31450 Jan 22 2005 /usr/sfw/include/openssl/evp.h
ruiwen@zonebox:~$

The file’s there, but it’s like it’s invisible or something. (No period in front of the filename though. And no funky permissions either.) So why is my compile failing at this step?

Here’s my ./configure string for those who want a look-see

root@zonebox:/usr/local/src/php-5.2.5# ./configure --prefix=/usr/local/ --with-config-file-path=/usr/local/apache/conf/ --with-apxs2=/opt/apache/bin/apxs --with-libxml-dir=/opt/libxml2 --with-mysql=/opt/mysql --with-gd --enable-gd-native-ttf --with-pear --enable-soap --enable-mbstring --with-mcrypt --with-png-dir=/usr/include/png --enable-exif --enable-calendar --enable-bcmath --with-freetype-dir=/usr/local/ --with-curl=/usr/local/ --with-curlwrappers --with-mysqli --enable-embedded-mysqli; gmake

Any thoughts anyone?

[Updates]

Further along, I got the error below. Something about a MySQL library version not being right.

...
checking for MySQL support... yes
checking for specified location of the MySQL UNIX socket... no
checking for MySQL UNIX socket location... no
checking for mysql_close in -lmysqlclient... yes
checking for MySQLi support... yes
checking whether to enable embedded MySQLi support... no
checking for mysql_set_server_option in -lmysqlclient... no
configure: error: wrong mysql library version or lib not found. Check config.log for more information.
gmake: *** No targets specified and no makefile found. Stop.

Turns out it was my fault for not reading the –help section of ./configure properly. There it clearly states

--with-mysqli[=FILE] Include MySQLi support. FILE is the optional pathname
to mysql_config [mysql_config]

And since the MySQL libraries on the Zone were located at /opt/mysql instead of the usual /usr or /usr/local, all I needed to do was to specify the location of mysql_config, like so:

… –with-mysqli=/opt/mysql/bin/mysql_config

.. and it’s building happily now.

[Update 2]

.. aaannndd…. it failed. Like the village idiot at college it failed.

So what should I do? I know. It’s failing at MySQL right? Maybe the administrators gave me a bum install.

I’ll compile my own!

One more cha-cha with the wget, gunzip, tar -xvf trio, and I was set to go. Cue ./configure!

And get hit with this:

cannot compute sizeof (char), 77

Solving this took me about 2 days.. until I found this forum thread. And the reply gave me the clue I needed to carry on.

So, I’m guessing that it can
find the lbi to link, but not to run. (run path problem). As a note:

-W1,-rpath=/usr/local/lib

Should likely be:

-Wl,-rpath=/usr/local/lib

Turns out, ./configure was looking for it’s dependent files in the wrong place. Adding the LDFLAG options below in front of the ./configure string helped it find the header files it needed.

LDFLAGS="-L/usr/lib -I/usr/include"

So that worked. I managed to successfully build and install MySQL (5.0.41).

However, pointing PHP to that installation instead of /opt/mysql, results in this error near the end of the build

Undefined first referenced
symbol in file
mysql_stmt_param_count ext/mysqli/.libs/mysqli_api.o
mysql_set_character_set ext/mysql/.libs/php_mysql.o
mysql_stmt_send_long_data ext/mysqli/.libs/mysqli_api.o
mysql_stmt_data_seek ext/mysqli/.libs/mysqli_api.o
mysql_stmt_insert_id ext/mysqli/.libs/mysqli_api.o
mysql_stmt_store_result ext/mysqli/.libs/mysqli_api.o
mysql_stmt_reset ext/mysqli/.libs/mysqli_api.o
mysql_stmt_close ext/mysqli/.libs/mysqli.o
mysql_stmt_fetch ext/mysqli/.libs/mysqli_api.o
mysql_stmt_error ext/mysqli/.libs/mysqli_api.o
mysql_stmt_errno ext/mysqli/.libs/mysqli_api.o
mysql_commit ext/mysqli/.libs/mysqli_api.o
mysql_get_server_version ext/mysqli/.libs/mysqli_api.o
mysql_stmt_attr_set ext/mysqli/.libs/mysqli_api.o
mysql_stmt_attr_get ext/mysqli/.libs/mysqli_api.o
mysql_next_result ext/mysqli/.libs/mysqli_api.o
mysql_stmt_free_result ext/mysqli/.libs/mysqli_api.o
mysql_stmt_bind_result ext/mysqli/.libs/mysqli_api.o
mysql_stmt_num_rows ext/mysqli/.libs/mysqli_api.o
mysql_warning_count ext/mysqli/.libs/mysqli_api.o
mysql_stmt_prepare ext/mysqli/.libs/mysqli.o
mysql_rollback ext/mysqli/.libs/mysqli_api.o
mysql_stmt_bind_param ext/mysqli/.libs/mysqli_api.o
mysql_sqlstate ext/mysqli/.libs/mysqli_api.o
mysql_stmt_sqlstate ext/mysqli/.libs/mysqli_api.o
mysql_get_character_set_info ext/mysqli/.libs/mysqli_nonapi.o
mysql_more_results ext/mysqli/.libs/mysqli_api.o
mysql_stmt_field_count ext/mysqli/.libs/mysqli_api.o
mysql_stmt_execute ext/mysqli/.libs/mysqli_api.o
mysql_stmt_affected_rows ext/mysqli/.libs/mysqli_api.o
mysql_stmt_result_metadata ext/mysqli/.libs/mysqli_api.o
mysql_autocommit ext/mysqli/.libs/mysqli_api.o
mysql_stmt_init ext/mysqli/.libs/mysqli.o
mysql_set_local_infile_handler ext/mysqli/.libs/mysqli.o
mysql_set_server_option ext/mysqli/.libs/mysqli_api.o
ld: fatal: Symbol referencing errors. No output written to sapi/cli/php
collect2: ld returned 1 exit status
gmake: *** [sapi/cli/php] Error 1

Any clues? Nothing I’m trying seems to work.

[Update 3]

Good stuff. Looks like the build completed.

Apparently the issue was with using the MySQL libraries as shared (or something like that. I’m not exactly sure of the cause of this. But if you know please drop a comment!).

Checked out this bug report on PHP.

There were a few pointers that I took from this page.

The first was by a ‘rjanson’ who posted at 5 Oct 2004 11:33pm UTC

OK, finally an answer!

I checked Makefile and found the following line:

EXTRA_LIBS = -lcrypt -lcrypt -lmysqlclient -lpng -lz -lz -lresolv -lm
-ldl -lnsl -lxml2 –
lz -lm -lxml2 -lz -lm -lmysqlclient -lcrypt -lnsl -lm -lz -lnss_files
-lnss_dns -lresolv -lnss_files
-lnss_dns -lresolv -lxml2 -lz -lm -lcrypt -lxml2 -lz -lm -lcrypt

By removing one of the -lmysqlclient entries on this line I was able to
successfully make and make install with both mysql and mysqli. As
confirmed by phpInfo().

I’m not sure why the other libs have multiple entries and don’t cause
make to crash.

So I tried that. Didn’t work though.

Tearing my hair out again after another unsuccessful build (one build/fail cycle takes close to an hour, easy), I re-read the comments on the bug, to find this comment from francis, who posted on [2 Jun 2006 4:22pm UTC].

I had the same problem, but I solve it with this options:

./configure \
–with-mysql=shared,/path/to/mysql_config \
–with-mysqli=shared,/path/to/mysql_config

specifying “shared” tag, make and make install finish good. You must
take care, you get 2 modules mysql.so and mysqli.so that you must
include in your php.ini with extension=mysql.so and extension=mysqli.so

(Emphasis mine)

So I followed the tip and added the shared, option in front of the mysql paths.

And the build just completed.

Just a comment on the side though. From rjanson‘s to francis‘ post, there were a little less than 2 years in between. PHP devs! Hellloooooo… What’s happening there? 2 years and a bug is still in existence? If I hadn’t found that bug report I could still be spending my time in compile limbo! Please, please, please fix it?

[ Updates 4]

Oh and before I forget.. I followed another tip to get PHP to build too.

Look here.

Near the bottom of the “Configure and Compiling” section, there’s a bit that says

If you add in mysql, you may need to do

# (cd /opt/sfw/mysql/lib/mysql ; ln -s . .libs)

because libtool is a stupid broken linux-specific piece of $H!7.
Happily, if you have /opt/sfw/mysql/lib/mysql in LD_RUN_PATH, you can remove /opt/sfw/mysql/lib/mysql/.libs after the compile, and you’ll be just fine.

I did that too, symlinking (on my system) /usr/local/mysql/lib/mysql to a hidden directory .libs within itself. Boy! Talk about jumping through hoops!

[Updates 5]

Never thought I’d need so many update sections.. but here goes anyway.

Now after getting PHP to build properly, you’ll need to install it.

The problem in this case was that to compile the PHP-Apache module, you need to call Apaches apxs to build it. apxs is a handy little utility that makes it easy to build Apache extension modules. There’s more on the apxs man page, but essentially apxs provides critical information about the current Apache installation that the extension modules are to be built for. Handy stuff, like the various installation directories. See where I’m headed?

In the usual case, using apxs (–with-apxs2=/path/to/apxs) to build the PHP-Apache module works fine, especially if you are root. In this case however, even through I was root within my own Zone, there was a larger root in the Global Zone. And this larger root happened to install apache under /opt, and mount it read-only. So now, building the PHP-Apache module with /opt/apache/bin/apxs, meant that the module would want to be installed with the rest of the apache installation at /opt/apache. And I couldn’t complete the install because I couldn’t write to anything under /opt.

After being warned not to meddle with apxs on #apache on irc.freenode.net (“hack the build file. remove the -i option from the apxs call. but don’t touch apxs”, the dude on the channel said), I went to do just that. I mean, seriously. Do you really want to trawl through an 11,000-line odd configure script to change every occurrence of apxs? If there was a chance of solving this problem at the cause I was willing to take my chances.

Anyways, looking through apxs, I noticed these lines:

my $installbuilddir = "/usr/local/apache/build";
get_config_vars("$installbuilddir/config_vars.mk",\%config_vars);

Great! apxs was actually getting its configuration information from config_vars.mk under /usr/local/apache/build! I could write to that.

Opening config_var.mk showed:

OS = unix
SHLIBPATH_VAR = LD_LIBRARY_PATH
AP_BUILD_SRCLIB_DIRS = apr apr-util pcre
AP_CLEAN_SRCLIB_DIRS = apr-util apr pcre
bindir = ${exec_prefix}/bin
sbindir = ${exec_prefix}/bin
cgidir = ${datadir}/cgi-bin
logfiledir = ${localstatedir}/logs
exec_prefix = /opt/apache
datadir = ${prefix}
localstatedir = ${prefix}
mandir = ${exec_prefix}/man
libdir = ${exec_prefix}/lib
libexecdir = /opt/apache/modules
htdocsdir = ${datadir}/htdocs
manualdir = ${exec_prefix}/manual
includedir = ${exec_prefix}/include
errordir = ${datadir}/error
iconsdir = ${datadir}/icons
sysconfdir = ${prefix}/conf
installbuilddir = ${datadir}/build

(Emphasis mine)

Remember I said apxs provided critical information about the apache build? Well here’s where it drew its information from.

Now that I knew where the information was stored, fixing it was simple. Simply editing the file to read

libexecdir = /usr/local/apache/modules

instead of

libexecdir = /opt/apache/modules

allowed PHP to install the newly built PHP-Apache module into the writable /usr/local/apache/modules instead of the read-only /opt/apache/modules.


Had the pleasure (??) of working with a Solaris Zone for two courses so far for school. Solaris Zones are great for a lot of things, and I kinda wish I had the resources to go play around with them for a bit too.

Having your own Zone to develop stuff in is great, but everything’s not just peachy keen either. Well, for one, a decent development environment (I think), is chock-full of libraries and add-ons for the developer to play with. I mean, what’s a workshop without tools, right?

Now, the problem arises when the Zone administrators configure your Zone with a very limited set of libraries and then your course instructors expect you to develop the next killer application on that very same (very crippled) Zone.

Yeah, sure, I know I have ‘root’ on the Zone, I can install my own packages and all. But look, I want to be a developer, not a system administrator. Don’t get me wrong, I’m not afraid of the ‘./configure;make;make install’ trinity of package management. Hell, I started with Slackware =P. But in this case, we have applications to code, and we have deadlines. If I’m gonna have to spend half of my time (like I am now) downloading, configuring and installing necessary libraries just to get basic functionality, boy am I sure going to rant about it.

Some background is due first I guess. We’re supposed to be developing Facebook applications. Yeah, the fancy, creative, viral, types. Now, with that requirement, you know, you’d at least expect decent graphics libraries – libpng, libjpeg and the like. What do we get? I can’t even find bloody libreadline.

So yes, instead of coding in PHP, churning out the Next Big Thing, I’m stuck typing bash commands and wasting time just trying to get the system up.

Here’s a comparison.

Here’s the default configuration string for the included PHP installation:

./configure' '--prefix=/opt/dist/php-5.2.0' '--with-config-file-path=/usr/local/apache/conf' '--with-apxs2=/opt/apache/bin/apxs' '--with-libxml-dir=/opt/libxml2' '--with-mysql=/opt/mysql' '--with-oci8=/opt/oracle/product/9.2.0' '--with-sqlanywhere=/opt/sybase'

And here’s what I have so far (I’m installing another library in the meantime):

./configure --prefix=/usr/local/ --with-config-file-path=/usr/local/apache/conf/ --with-apxs2=/opt/apache/bin/apxs --with-libxml-dir=/opt/libxml2 --with-mysql=/opt/mysql --with-gd --with-pear --enable-soap --with-ncurses --enable-mbstring --with-mcrypt --with-png-dir=/usr/include/png --enable-exif --enable-calendar --enable-bcmath --with-openssl=/usr/sfw/include/openssl/ --with-curl --with-curlwrappers

Now, before anyone says, “Hey, why are you including so many options for? You’re not going to use them all!”, here’s my response: Look above. I’m a developer now. I develop stuff. I’d like the flexibility of some tools at least to create something I’ll be proud of.

My app needs to deal with fonts too, so I’m installing the FreeType library.

But.. look what I found

root@zonebox:/usr/local/src/freetype-2.3.5# ./configure
GNU make (>= 3.79.1) or makepp (>= 1.19) is required to build FreeType2.
Please try
`GNUMAKE= ./configure'.
or >&2
`GNUMAKE="makepp --norc-substitution" ./configure'.
root@zonebox:/usr/local/src/freetype-2.3.5#

Hm. Oh well, let’s try a pre-built binary distribution of FreeType instead. Maybe that’ll work.

root@zonebox:~# pkgadd -d http://www.blastwave.org/pkg_get.pkg
## Downloading...
..............25%..............50%..............75%..............100%
## Download Complete
The following packages are available:
1 CSWpkgget pkg_get - CSW version of automated package download tool
(all) 3.8.4
Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]: 1
## Waiting for up to seconds for package administration commands to become available (another user is administering packages)
pkgadd: ERROR: Unable to acquire package administration lock for this system; try again later
pkgadd: ERROR: Unable to lock this zone for administration
1 package was not processed!

=(

I’m the only user on this system (well, this Zone anyway). I’m not familiar enough with Solaris and Zones to know if the pkgadd locks are enforced across the entire host system or just within the Zones themselves, but something tells me that if I’m not even able to decently install software within a Zone I supposedly have control over, something is seriously not right.

Sorry this has been quite a ranty post.

Anyone have any ideas?


Well, finally on Slackware 11.0 after such a long wait =)

Haven’t had much time for a full review, but can’t say it’s a groundbreaking set of changes. In a diplomatic way, Slackware still stands for stability and speed.. but there times when you just want some of that eye-candy-love oh-so-much =)

That said, ran into some problems with OpenOffice recently (a bad time since there are a lot of reports due soon). I found that I suddenly couldn’t start OO.o at all. Writer, Calc.. everything. Printer Admin was nice enough to start but still it was utterly pointless. I tried reinstalling quite a few times, downgrading to 2.0.3, but to no avail.

Running it from the menu simply resulted in a period of HDD activity, some CPU burst and then silence. Running it from the command line gave absolutely no errors messages at all, so troubleshooting was about impossible. It just jumped a little then died suddenly.

I could run it as $ sudo openoffice.org-2.0 , but running as root/sudo wasn’t really the point here. Running it from root’s desktop environment worked as well but just not from my normal user’s desktop.

Was about ready to tear my hair out when I stumbled across this thread on linuxquestions.org.
The solution thus:

Thanks to all for the replies. I removed “/tmp/OSL_PIPE_1000_SingleOfficeIPC_9dda32a3d73215f86e9477f2b93d23” and it worked again.

So that’s what I did. And it worked.