http://www.perlmonks.org?node_id=1140367

Crackers2 has asked for the wisdom of the Perl Monks concerning the following question:

I'm running on SLES12, with apache 2.4.10 and mod_perl 2.0.8

In a vhost config file, I have a "PerlFixupHandler MyHandler" directive. Myhandler.pm is in /etc/apache2/script

If I do a perl -e'use MyHandler' from the commandline, everything works fine. But when it gets used from the server, it fails and is logging this in the error_log:

[Fri Aug 28 18:15:43.053198 2015] [perl:error] [pid 22133] [client x.x +.x.x:x] failed to resolve handler `MyHandler': Can't locate Digest/SH +A.pm: Permission denied at /etc/apache2/script/MyHandler.pm line 7. +\nBEGIN failed--compilation aborted at /etc/apache2/script/MyHandler. +pm line 7.\nCompilation failed in require at (eval 5) line 2.\n, refe +rer: https://x.x.x.x/

If I comment out the reference to Digest::SHA, it just fails on the next module.

For debugging, I added a BEGIN block to dump INC and to try and read the SHA.pm file, and that does not appear to cause any errors.

This configuration used to work fine on apache 2.2 ; I did some minimal updates to the configuration files for the new authentication stuff in 2.4, but nothing related to perl.

Any idea on what's wrong and how to fix it?

Edit: Here's the start of the .pm in question:

package MyHandler; use strict; use warnings; use Apache2::Const qw(:common); use Digest::SHA qw(sha256_hex sha1_hex); use OtherModule; use Apache2::RequestRec; use Apache2::RequestIO; use Apache2::Const; use Apache2::Log; use APR::Table; use CGI::Cookie; use Apache2::URI (); use APR::URI; use APR::Pool ();

Replies are listed 'Best First'.
Re: apache 2.4 mod_perl permission denied on standard modules
by 1nickt (Canon) on Aug 28, 2015 at 19:29 UTC

    Can't locate Digest/SHA.pm: Permission denied
    I would look at what user Apache is running as, and what the file permissions are on your Perl library directories.

    The way forward always starts with a minimal test.

      Runs under a dedicated user; if I su to that user I can read the modules in question without issue, and a perl -e'use MyHandler' as that user works fine as well.

      If I add a block like this:

      use warnings; BEGIN { open my $fh, ">>", "/tmp/x"; print $fh "@INC\n"; open my $in, "<", "/usr/lib/perl5/5.18.2/x86_64-linux-thread-multi/D +igest/SHA.pm"; while (<$in>) { print $fh $_; } close $in; close $fh; } use Apache2::Const qw(:common); use Digest::SHA qw(sha256_hex sha1_hex);

      then /tmp/x ends up with:

      /etc/apache2/script /srv/www/perl-lib /usr/lib/perl5/site_perl/5.18.2/ +x86_64-linux-thread-multi /usr/lib/perl5/site_perl/5.18.2 /usr/lib/pe +rl5/vendor_perl/5.18.2/x86_64-linux-thread-multi /usr/lib/perl5/vendo +r_perl/5.18.2 /usr/lib/perl5/5.18.2/x86_64-linux-thread-multi /usr/li +b/perl5/5.18.2 /usr/lib/perl5/site_perl . /srv/www package Digest::SHA; require 5.003000; use strict; use vars qw($VERSION @ISA @EXPORT @EXPORT_OK); use Fcntl; use integer; $VERSION = '5.84_01'; require Exporter; require DynaLoader; @ISA = qw(Exporter DynaLoader); @EXPORT_OK = qw( hmac_sha1 hmac_sha1_base64 hmac_sha1_hex ...

      So the script can definitely read the file.

        Is there another copy of the module in a directory (with different file permissions) that is earlier in @INC than the one you read in your test script?

        The way forward always starts with a minimal test.