Failed to access DBM file “/var/cpanel/secdatadir/ip”: Permission denied

If you have applied modsecurity rules either from OWASP or COMODO, you may see below error in /usr/local/apache/logs/error_log:

Failed to access DBM file “/var/cpanel/secdatadir/ip”: Permission denied

This is because you are using apache chroot jailed vhosts and mod_ruid2. To make it accessible you may have to change secdatadir to /var/log and give appropriate permission to your apache user.

I have searched and found many people suggest to remove rule ID, which I do not think is a good idea. So, to solve above error do as following:

$ sudo vi /etc/apache2/conf.d/modsec_rule_01.conf
paste following
SecDataDir "/var/log/secdatadir"

save and exit

$ sudo cp -R /var/cpanel/secdatadir /var/log/
$ sudo chmod 1733 /var/log/secdatadir
$ sudo chown -R nobody:nobody /var/log/secdatadir
$ sudo chmod ugo+rw /var/log/secdatadir/*

Check if everything is okay

$ httpd -t

Restart httpd

$ sudo /scripts/restartsrv_httpd

Leave a Reply

Your email address will not be published. Required fields are marked *