ModSecurity: collection_store: Failed to access DBM file /var/cpanel/secdatadir/ip: Permission denied

Server Maintenance | Updated 2026

The error collection_store: Failed to access DBM file /var/cpanel/secdatadir/ip: Permission denied appears in Apache error logs when ModSecurity cannot write to its persistent data store. This causes ModSecurity rules that track IP-based counters (rate limiting, brute force detection) to fail silently.

In This Guide
  1. Root Cause
  2. Fix: Reset Permissions
  3. Verify the Fix
  4. Preventing Recurrence
Quick Fix 
chown -R nobody:nobody /var/cpanel/secdatadir/
chmod 700 /var/cpanel/secdatadir/
rm -f /var/cpanel/secdatadir/ip.*
systemctl restart httpd

01. Root Cause

ModSecurity stores persistent collections (IP tracking, session data, rate limiting counters) in DBM files under /var/cpanel/secdatadir/. Apache runs as the nobody user and needs write access to this directory.

The permissions get corrupted when:

  • A server migration or restore changes ownership to root
  • A cPanel update resets permissions
  • An admin manually changes ownership while troubleshooting
  • The DBM files become corrupted after an unclean shutdown

02. Fix: Reset Permissions

  1. Fix ownership - Apache (nobody) must own the directory and files: 
    chown -R nobody:nobody /var/cpanel/secdatadir/
  2. Fix directory permissions: 
    chmod 700 /var/cpanel/secdatadir/
  3. Remove corrupted DBM files - they will be recreated automatically: 
    rm -f /var/cpanel/secdatadir/ip.*
rm -f /var/cpanel/secdatadir/global.*
  4. Restart Apache: 
    systemctl restart httpd
Do Not Delete the Directory

Only remove the .dir and .pag files inside the directory. Do not delete /var/cpanel/secdatadir/ itself. ModSecurity will not recreate the directory automatically - only the files within it.

03. Verify the Fix

# Check for new errors
tail -f /usr/local/apache/logs/error_log | grep collection_store

# Verify permissions
ls -la /var/cpanel/secdatadir/
# Should show: drwx------ nobody nobody

# Check DBM files are being created
ls -la /var/cpanel/secdatadir/ip.*
# Should show new files owned by nobody

04. Preventing Recurrence

  • After server migrations, check that /var/cpanel/secdatadir/ is owned by nobody
  • If using OWASP CRS, verify SecDataDir in your modsec config points to the correct path
  • Monitor error logs - add this to your log monitoring: 
    grep "collection_store" /usr/local/apache/logs/error_log
ModSecurity Data Directory Location

The default path on cPanel servers is /var/cpanel/secdatadir/. This is set by the SecDataDir directive, typically in /etc/apache2/conf.d/modsec/modsec2.cpanel.conf. If your server uses a custom path, substitute accordingly.

Need Help With ModSecurity?

If ModSecurity errors persist or you need help configuring rules, contact our team.

Open a Support Ticket

Quick Recap

  1. chown /var/cpanel/secdatadir/ to nobody:nobody
  2. chmod 700 on the directory
  3. Remove corrupted ip.* and global.* DBM files
  4. Restart Apache
  5. Verify no new errors in error_log

20,888 users found this article useful · Last updated March 2026 · Browse all Server Maintenance articles

  • 145 Users Found This Useful

Was this answer helpful?

Related Articles

Recursive chmod / Permission Change Across Directories for a File Type

Server Maintenance | Updated 2026 This guide provides the commands for recursively changing...

Manually Clear from Console / Command Line cPanel Exim Mail Queue

Server Maintenance | Updated 2026 If the Exim mail queue on a cPanel server is backed up with...

VPS Time Not Correct with Time Server

Server Maintenance | Updated March 2026 When a VPS or dedicated server's system clock drifts...

Remount /tmp with exec permission

Server Maintenance | Updated 2026 Some software installations and compilation tasks require...

Killing cPanel Backups via Command Line / Shell

Server Maintenance | Updated 2026 When a cPanel backup process hangs or runs too long, it can...



Save 30% on web hosting - Use coupon code Hosting30