Errors with default native.logger configuration

Cantor, Scott cantor.2 at
Thu Nov 1 19:43:39 EDT 2012

On 11/1/12 7:18 PM, "Brian Mathis" <brian.mathis at> wrote:
>I'm in the process of installing a service provider using shibboleth
>version 2.5.0.  When using the default native.logger configuration, files
>are created in /var/log/httpd, but they contain the following errors
>repeated 8 times:
>      2012-11-01 23:04:48 CRIT XMLTooling.Logging : error in file
>permissions or logging configuration: exception creating appender: failed
>to open log file (/var/log/httpd/native.log)
>      2012-11-01 23:04:48 CRIT Shibboleth.Config : failed to load new
>logging configuration from (native.logger)

I've never seen it do that before. I thought I tested the new logging
sequence in prefork mode, but since I despise that mode passionately it's
possible I didn't. What happens in worker mode?

>I have tried opening up permissions completely on the files (mode 777),
>changed log file ownership to root, shibd, and apache, and also changed
>the path to /var/tmp, but the errors persist.

shibd has nothing to do with this. And the new version initializes the
logging as root in the usual Apache fashion, so it no longer needs special
access to /var/log/httpd. Unless the prefork thing is working differently

Note that if it were permissions, directory permission is just as critical
as file ownership.

Also, make sure you have no explicit logging config specified in
shibboleth2.xml, which should be true by default. That will subvert the
logging sequence in Apache and revert to the older, broken result where
permissions matter.

Anyway, there's not much doubt that if it can't create the file in a
directory known to be open to it, you have something else interfering.

>Anyone have a way to resolve this?

Not really. Is it working more or less otherwise? Logging not working has
never prevented it from functioning before.

-- Scott

More information about the users mailing list