I accidently reset the SELINUX context on the /var folder from "var_t" to user data. Now I cant go back and set it to "var_t" and i cant access my website anymore
View 3 RepliesWhat are the SElinux security context type & booleans in FTP/vsftpd
View 3 Replies View RelatedI try to install IPsec-Tools on Slackware 13, but I get an configure error: configure: error: Security Context requested, bu no selinux support! Aborting. I'm linux newbie and I'm following a slackware-basics tutorial, I did as in the tutorial, but the configure stops and aborts:
Code:
# CFLAGS="-O2 -march=i486 -mcpu=i686"
./configure --prefix=/usr
--sysconfdir=/etc
--localstatedir=/var
[Code]...
What can I do? How can I enable/install selinux support? I guess it's related with AH and ESP protocols, which in my kernel are defined as modules (m). If so, how can I enable them?
How do I change folder permissions without changing the permissions of the files within the folder?
View 6 Replies View RelatedI'm attempting to get MapServer running on my Fedora 13 computer. I was able to install with the package manager, and the executable (mapserv) was originally placed in /usr/sbin. But I need it in /var/www/cgi-bin to work on the webserver. So I copied the file to the right location. Unfortunately, it doesn't have the correct SELinux context. Here's the message from the troubleshooter:
SELinux denied access requested by /var/www/cgi-bin/mapserv. /var/www/cgi-bin/mapserv is mislabeled. /var/www/cgi-bin/mapserv default type is httpd_sys_script_exec_t, but its current type is httpd_sys_script_exec_t. Changing this file back to the default type, may fix your problem.
How's that for circular logic? Does anyone have an idea what the correct SELinux context for a cgi-bin executable might be?
I'm suspicious that the context of /etc/sudoers is wrong. During the last upgrade to Fedora 14, RPM dropped /etc/sudoers.rpmnew, which had a different context than the real sudoers file. But, when I try to get SELinux to relabel the file (using restorecon or fixfiles), it refuses to make a change.
> ls -lZ /etc/sudoers
-r--r-----. root root unconfined_u:object_r:etc_t:s0 /etc/sudoers
> matchpathcon /etc/sudoers
[code]....
I'm working with Fedora and SELinux and am having a problem. I need to allow apache's http daemon to use arp (for getting some mac addresses). I have changed the type of the arp executable to httpd_sys_context_t but am still having an issue. Here is the messages log: Detailed Description:
[Code]...
I receive messages such as the below:
SELinux is preventing /usr/sbin/httpd from using potentially mislabeled filesjk-runtime-status. SELinux has denied the httpd access to potentially mislabeled filesjk-runtime-status. This means that SELinux will not allow httpd to use these files. If httpd should be allowed this access to these files you should change the file context to one of the following types, httpd_tmp_t,
I know how to change the owner of a file and the permissions but what does it mean to change the file context?
I was setting up a Samba server and I ran into some problems with SELinux related to the context of the home directories. I made a user account, say "UserAccount", with a default home directory "home/UserAccount". Afterwards I realized that I needed to move the home directory of this particular user to another location, say "/home2/UserAccount". So I created the new directory, changed the permissions, and used Gnome's system-config-user to change the user's home directory.
I then set-up the Samba server, activated samba_run_unconfined and samba_enable_home_dirs in SELinux, and made an account for UserAccount. When testing the Samba account for UserAccount SELinux denied read access. I checked the context and the new home directory did not appeared to have been updated. I had to manually run:
restorecon -R -v /home2/UserAccount
to set the context on the new home directory. I'm not very familiar with SELinux, so my question is this: is this normal security policy or is a bug in the system-config-user tool? If it's normal policy can someone explain why? I'm always ready to learn Distro: Fedora 12 (kernel: 2.6.31.5-127.fc12.i686) System: Dual Intel Xeon @ 3.2 GHz, 1 GB RAM
I reset the security context for my cgi-bin to httpd_sys_content_t.How do I set it back to the proper context?
View 1 Replies View RelatedIs it possible to reset apache 2 permissions to default permissions I'm using Ubuntu 9.10 command line server, would webmin give me this access ?
View 1 Replies View RelatedDid a basic mistake . Dnt know how to recover .In root user i gave a commandmv / /home/username/except the home directory all the other folders that is /sbin /lib /optetc was moved to /home/username.Now i am unable to execute any command.I also tried to set the PATH and LD_LIBRARY_PATH to the newly copied localtion but none of the command works. Since "mv" command also not working i am unable to change the location.
View 13 Replies View Relatedi accidently hit this command inside my /var/www folder. im screwed big time.I need to recover my files back. is there any chance ?
View 1 Replies View RelatedThere's any way to add the "Extract to <folder>" to context menu in Nautilus and/or Gnome Commander where <folder> is de name of the archive that I want to extract?Other question: how can I associate .001 extensions to Peazip with the same "Extract to <folder>" right-clicking menu?
View 3 Replies View RelatedI'm getting the error described in this bug. The fix is described in the bug:Code:The following additional SELinux permissions were found to resolve the situation:
samba_domtrans_winbind_helper(httpd_t)
allow httpd_t winbind_helper_t:process signal;
apache_append_log(winbind_helper_t)
[code].....
I have a partition that I mount as /data on all of my distros of my multi-boot machine. I am having a bear of a time figuring the right way to address permissions/groups so that any distro can use it (or any removable drive).I tried (in linuxmint) making a group '/data' and assigning the users on my machine to that group, then changing the permissions/groups of the files and folders in that mount as belonging to the /data group, then booted to fedora 15, made the /data group, added the users to that group, I'm not sure that this way will work (it doesn't seem to) or if it's the best way to proceed. some of the things I don't get are:what is the '1000' user and group?is the user/group info on (in or somehow attached) the mount itself?does this seem like a good way to do this?is there on way to 'apply permissions to enclosed files' recursively through the nautilus context menu?
View 3 Replies View RelatedI've got a red hat box joined to a win 2k3 domain and I'm using pam_mkhomedir.so to create user's home directories on first login to the box. extract from /etc/pam.d/sshd Code: session required pam_mkhomedir.so skel=/etc/skel umask=0022 The problem I have is that this only works if I switch SELINUX off (i.e. set enforcing to disabled ). Unfortunately, the error messages are not very helpful. Extract from /var/log/secure below:
[Code]...
I changed my permissions in my .ssh folder and now when I use a piece of software that uses my private key, I have to type my password each time. What should my permissions be on my id_rsa file to not have to type a password each time I use an app that uses it?
Currently my permissions are set to:
-rw-------@ 1 Jody staff 114 Nov 4 23:29 config
-rw------- 1 Jody staff 1743 Oct 21 2009 id_rsa
-rw-------@ 1 Jody staff 397 Oct 21 2009 id_rsa.pub
-rw-------@ 1 Jody staff 3855 Sep 13 22:35 known_hosts
I am having a USB disk.I want to change the permissions of folder on it from 700 to 755 (and all subdirectories in it)ls -l showstotal 26Quote:
drwxrwxrwx 2 tkmsr tkmsr 2048 2010-02-12 04:12 HPLAUNCHER
drwx------ 7 tkmsr tkmsr 4096 1970-01-01 05:30 vol1
drwx------ 1 tkmsr tkmsr 20480 2011-01-03 17:43 vol2
[code]...
After a regrettable typo, I reset all the permissions in my filesystem. What is the easiest way to restore my permissions to how they were? Is there a list where i can find the recommended permission settings for each directory?
View 7 Replies View RelatedRecently updated the kernel in Ubuntu 9.10 and for some reason now, a folder which was not read-only now is. I can't delete anything from it. Have tried using the GUI for changing permissions, however, it has a mind of it's own and won't unlock the folder.
Anyone had this happen where a folder locked when you didn't want it to be?
i have 5 groups, i want to set 3 of them to have full permissions to a folder and set 2 others with read only to same folder, please help me to solve this problem. in other words i want to set this 5 groups diffrent permissions to a folder.
View 14 Replies View RelatedI was curious if anyone has addressed this issue before. I have set the permissions to /var/log/Xorg.0.log as follows:
Code:
-rw-r----- 1 root root 00000 Jan 00 00:00 /var/log/Xorg.0.log
I have done a lsof and the file is being opened by root. I have set Roots umask to 0077, yet after a reboot
[code]....
I have a Centos 5.3 desktop that I have a development board connected via a serial connection to. The permissions on /dev/ttyS0 are currently set
crw--w---- 1 root root 4, 64 Nov 4 13:56 ttyS0
I have changed them so that they read
crw-rw---- 1 root uucp 4, 64 Nov 4 13:56 ttyS0
But every time I initialize the dev board the permissions switch back to the original state. I have found lots about preventing the permissions switching back upon reboot but that doesn't appear to be the problem.
i just installed RHEL 5, when iam trying to create a directory or file it is not creating ...
View 7 Replies View RelatedI'm trying to learn about permissions on linux webserver with apache.Some clues to the system: The server I have to play around with is Fedora based. Apache runs as apache:apache. To allow for e.g. php to write to a file the file needs to be chmod 777. 755 is not sufficiant.What I'm wondering is basically how set up permissions like they should be on e.g. a "shared web host".My main problem is that if I set a permission so that one user cannot access anothers home folder, then apache can't read from the public_html folder either.
To keep the users out I need to set chmod 700. But to let apache to read I need to have at least execute on world,so a 701 basically works, but won't let some users in.So I'm really stuck on what to do. Have been concidering adding the apache user to the frous grours
below to avoid having to add the world execute flag, but is that a bad thing? Should it be the other way around, the users in the groups below should also be in the apache group?I was aiming at having 4 groups:
1. webapp: same as dev_int, but is the only one that can go inside the webapp/live folder to e.g. do an update from the repo.
2. dev_int: can read,write and execute everything in the "web root", including the two below, but nothing outside of the web root
3. dev_ext: can read write and execute in all client folders, but cannot access anything outside of the webapp root
4. clientsBasic ftp accounts. Has a home folder with a public_html, but cannot access any other home folders
I typed in a XTerm in IceWM(knowing I don't have permissions):
[code]...
I can't access that folder with these permissions. Why would it place it in such a folder?! What is in this file? What part of the system is responsible for this/ where do I turn this off?
I own an Acer Aspire One which has Linpus Lite installed. Last night I attempted to delete a couple of files only to find they are read only and that I cannot change the permissions by right clicking and changing the drop down menu from read only.
These aren't protected files or anything, they are files I've downloaded or created myself (one using the onboard web cam to test it).
I attempted to play with Terminal for a bit but as a newbie I got easily lost, not like I can fall back on command prompt knowledge from Windows!
I think it's somehow connected with the user which accesses these docs or tries to change the permissions. I also tried with an su- which meant I was using Terminal as root, however, I wasn't sure how I could then set the permissions for a particular file/folder within the file system.
i have 3 shares on my samba. i have users - user, manager and boss projects is RW to everyone reference is R to everyone RW to manager and boss Proposals is RW only to boss, no access to others However when boss logs in and creates a directory in projects share, the directory can only be renamed bu users and manager, and directory contents are read only for users and managers, even deletion / rename is denied. How can i make sure that when ever boss creates a directory in projects, it retains base folder permissions and is writable to user this is my samba file... i am using red hat 6.1 with samba 3.5.6 (i think)
[Code]....
I am trying to rescue some files on a Dell Laptop running XP that is in a BSOD state. I can boot up Knoppix just fine but all the files are read only but get the error: The remount command failed. Maybe there is another process accessing the filesystem currently.Also when I look at the files and folders on the Knoppix CD they look really odd. See attachment
View 3 Replies View Related