What if two programs say ftpd and httpd need to acces the same directory? Any way to set context type of that directory to httpd_t and ftpd_t? What do you do in a case like this?
View 2 RepliesCan anyone tell me what command can be used so that the Linux Centos Server starts mysqld, httpd and ftpd services at boot time automatically?
View 2 Replies View Relatedall of the website content will be on a separate partition called "/websites". I've got SELinux enabled, and set the context on /websites and subdirectories to "public_content_t", so that httpd (Apache) can access this partition. This works. However we also have mysql databases stored on this partition as well, and we are getting errors like this in /var/log/auditd/audit.log: type=AVC msg=audit(1286249333.390:326): avc: denied { search } for pid=6167 comm="mysqld" name="/" dev=sda3 ino=2 scontext=system_u:system_r:mysqld_t:s0 tcontext=system_u:object_rublic_content_t:s0 tclass=dir
I've tried setting the context to "mysqld_db_t" on the MySQL database folders, but it appears that it cannot get to the partition at all, or anything outside of /var/lib/mysql/. How can we get mysqld to access databases on this partition? Right now there are symlinks from folders in /var/lib/mysql/ that go to each database on /websites partition. Setting SELinux to Permissive mode gets everything to work fine. Basically with SELinux in Enforcing mode, we're getting errors in the PHP applications that httpd can't connect to the databases.
the following security alert made me checking my httpd.conf:
Code:
Summary:
SELinux is preventing the http daemon from reading users' home directories. Detailed Description: SELinux has denied the http daemon access to users' home directories. Someone is attempting to access your home directories via your http daemon. If you have not setup httpd to share home directories, this probably signals an intrusion attempt. Even though in httpd.conf there is a line that reads
Code:
LoadModule userdir_module modules/mod_userdir.so
in the same conf-file the access to home-dirs is disabled:
Code:
<IfModule mod_userdir.c>
[Code]....
I am setting up a web server and SElinux keeps stopping httpd/appache and making it fail. Everything works fine when SElinux is set to permisive, so I know it is SElinux causing the problem. I have all the apache/httpd items allowed in the SElinux bool and even added the line the troubleshooter told me to add but the problem still persists. Here is what SElinux puts out:
[Code].....
several times and it does nothing. I have all the permissions set to Apache as owner and group and allow execution on all the files.
I am having difficulties with Pure-FTPD. I had it working at one time. I recently had to reinstall Ubuntu 10.10 because pure-ftpd stopped working for some reason and now I have a fresh install but pure-ftpd still does not work. This is what I did to install it.
Sudo apt-get install pure-ftpd
Using the Ubuntu Spftware Center I installed PureAdmin. I then create a virtual user. Then in the terminal entered the following:
[code]...
I read somewhere that this could be a filezilla issue and to fix it I need to use active mode and use the filezilla external address [URL]... Of course I did this and the filezilla solution did not work this time. I am fairly sure it is a server issue this time.
I configure named and stumble upon the following problem: named is serious about user rights, every config file named uses should be named:named. I set rights to named:named as follows, but they get changed to root:named when I restart named as root. The same thing happens with SELinux context. This results in access denied type errors.
View 1 Replies View RelatedI am learning SELinux from LinuxCBT and I'm stuck at one place. Now video is on RHEL 4 (so tell me if things has changed since, cause I can't find anything related) shows how to disable SELinux security on httpd.first I don't know diff between initrc_t and uncofined_t; and second I don't know if something is wrong is everything is all right.
View 1 Replies View RelatedI'm using Mac OS X's Terminal.app shell to compile and run Fortran programs. One such program resides outside of my home directory (it is in the Applications folder, which resides on my hard drive but seems to be outside of my home folder). How can I navigate into this directory using Terminal.app to run the programs that reside there?
View 7 Replies View RelatedI have downloaded apache(file name: httpd-2.2.17.tar.gz.bz2) throughw wget at /usr/local/src now i m not able to do next step with gzip command I am using following command and getting error
]# gzip -d httpd-2.2.17.tar.gz.bz2
gzip: httpd-2.2.17.tar.gz.bz2.gz: No such file or directory
For the first time in installed and configured centos-ds from this HowTos and from the manuals.It is running nicely but disabled my httpd.Is it not possible to run directory service and httpd in the same machine
View 3 Replies View RelatedI'd like to grant /usr/sbin/sendmail.sendmail "connectto" access to the unix_stream_socket /var/lib/imap/socket/lmtp.How do I do that?I want to eliminate error messages that keep appearing in my message log:
/var/log/messages:Jan 13 11:45:29 e setroubleshoot: SELinux is preventing /usr/sbin/sendmail.sendmail from connectto access on the unix_stream_socket /var/lib/imap/socket/lmtp. For complete SELinux messages. run sealert -l 05df828f-4402-
[code]....
One of our web servers has logged many of the same "setroubleshoot: SELinux is preventing the httpd from using potentially mislabeled files /boot (boot_t). For complete SELinux messages. run sealert -l e143c369-a72d-453e-84fe-6b62b7f05c5f" recently. This looks suspicious. We'd like to map these sealert to the httpd access log to see if there's any malicious activity. We added a '%P' option to the Apache combined logformat, so the httpd process id could be logged too. Then we grep'ed all the Apache access logs using the pid from the above sealert -l command. There are not many of them, so we can test them one by one.
Shockingly, none of the access served by the specified pid can repeat the same sealert.
The server was installed a Centos 5 (x86_64) and upgraded to the 5.3 version two days ago. The main components are as following:
Is there any other way we can try to find out the real access which triggered these alerts? The sealert -l output is attached.
I was setting up a Samba server and I ran into some problems with SELinux related to the context of the home directories. I made a user account, say "UserAccount", with a default home directory "home/UserAccount". Afterwards I realized that I needed to move the home directory of this particular user to another location, say "/home2/UserAccount". So I created the new directory, changed the permissions, and used Gnome's system-config-user to change the user's home directory.
I then set-up the Samba server, activated samba_run_unconfined and samba_enable_home_dirs in SELinux, and made an account for UserAccount. When testing the Samba account for UserAccount SELinux denied read access. I checked the context and the new home directory did not appeared to have been updated. I had to manually run:
restorecon -R -v /home2/UserAccount
to set the context on the new home directory. I'm not very familiar with SELinux, so my question is this: is this normal security policy or is a bug in the system-config-user tool? If it's normal policy can someone explain why? I'm always ready to learn Distro: Fedora 12 (kernel: 2.6.31.5-127.fc12.i686) System: Dual Intel Xeon @ 3.2 GHz, 1 GB RAM
when I try to connect to internet SELinux give my a preventing NetworkManager here is what its say:
Code:
Summary:
SELinux is preventing NetworkManager (NetworkManager_t) "getattr" to /dev/ppp
(ppp_device_t).
[Code]....
I'm trying to setup ssh access on my Fedora 12 laptop. I get the following error message in /var/log/secure when I try to login from another machine using ssh and the login is denied:
Code:
sshd[3025]: error: Could not get shadow information for <user>
sshd[3025]: Failed password for <user> from <ip> port <port> ssh2
If I do a 'setenforce 0' I can login and no error is logged.
i have problem with samba share everytime when i want to browse shared folders on fedora machine from windows i always get this msg (SELinux is preventing samba (smbd) "getattr" to /proc/fs/nfsd (nfsd_fs_t).)here is my selinuxlog
Summary:
SELinux is preventing samba (smbd) "getattr" to /proc/fs/nfsd (nfsd_fs_t).
%
You can find a list of all the booleans for SELinux (Fedora 10) using getsebool -a My question is, is there a reference online that describes each one. Most of obvious but it's one of those "I have to know because it's there situation).
View 5 Replies View RelatedI went to print something and I get this message: Summary: SELinux is preventing access to files with the default label, default_t.
Detailed Description: SELinux permission checks on files labeled default_t are being denied. These files/directories have the default label on them. This can indicate a labeling problem, especially if the files being referred to are not top level directories. Any files/directories under standard system directories, /usr, /var. /dev, /tmp, ..., should not be labeled with the default label. The default label is for files/directories which do not have a label on a parent directory. So if you create a new directory in / you might legitimately get this label.
Basicly just installed a fresh version of Cent OS 5.4 with apache httpd installed automaticly during the installation. The http daemon is running and when navigating to localhost i get the welcome cent os apache page thingy. The problem is when i put an index.html file in /var/http/www then try and navigation to localhost I get a 403 forbidden error.
View 2 Replies View RelatedI grant read privilege to all the users to my .vimrc file . But my colleague still can't read my .vimrc file . I guess in addiction to give the read privilege to the .vimrc file, in some way I should give the person who want to read it the "access right" to my home directory first---which I don't know how to do it.
View 3 Replies View RelatedMy better half spilled some coffee on her 8month old macbook and it decided not to work anymore. Apple says it will cost around $800 or more to fix, we wont be paying that, Ill be finding a logic board or service somewhere online now that our warranty is shot and going that route.But before I send the macbook off anywhere I need to pull some data off the HDD. I was able to plug the HDD into my Linux box(internally, I dont have an external enclosure). I was able to mount the drive and copy the directories I wanted to the HDD on my linuxbox.
But Im unable to to access the directory from the terminal or from the file browser, I get an access denied message. Because I know the username and password for the macbook is there a way I can use that to gain access to the directories?Google got me this far, but when I googled "access locked directory ubuntu" or any variation of that with the terms linux and osx thrown in there for good measure.
I am in need of a rather complicated permissions scheme for particular directory. I have a directory /data I want the group developers to have read and execute access to this directory. Then, I want the group research to have read, execute, and WRITE permission for this directory. Now, I have a second directory /code which developers and research have full access to. And I have a third group, operations I want operations to be able to read /data but not be able to read /code Is this permissions scheme possible in linux?
View 1 Replies View RelatedCode:
count=`ls *.php -l | wc -l`
if [ "$count" -ne "0" ]; then
mv *.php ~/Desktop/PHP
[code]....
With this code I am attempting to ensure a php file exists, then attempting to move it to another folder. My script has 40 or so extensions, this is one of many. My problem is this: if the current folder contains no php files i receive an error.
ls: cannot access *.php: No such file or directory
Typically I would use 2> /dev/null to handle output suppression but in this case it prevents the variable assignments.
I have installed fedora 13 in my system. httpd server is also installed. when I tried to start the service of httpd, following error message displayed: Starting httpd: (98)Address already in use: make_sock: could not bind to address [::]:80
View 1 Replies View RelatedI have a server running Ubuntu server edition with SMB server all set up and running. I've set up the main root of the drive to be shared and I've set up a user in /etc/samba/smbusers to say root = "joeflood" so I can sign in as root using the username "joeflood". This works and I have read/write access to the filesystem (yay!). However, if I browse to /home/javawag (my main user home directory), I no longer have write permissions! I can see all the files in there and read them no problem, but writing is a no-go. I'm logged in as root though?! Btw, I can login via SSH and create folders/etc as root in the /home/javawag folder, and they showed up in the SMB mount on my mac too.
View 1 Replies View RelatedI have a Virtual Private Server which I can connect to using SSH with my root account, being able to execute any linux command and access all the disk area, obviously.
I would like to create another user account, which would be able to access this server using SSH too, but only to a certain directory, for example /var/www/example.com/
For example, imagine this user has a HUGE error.log file (500 MB) located in /var/www/example.com/logs/error.log
When accessing this file using FTP, this user needs to download 500 MB to view the last lines of the log, but I'd like him to be able to execute something like this:
Therefore I need him to be able to access the server using SSH, but I don't want to grant him access to all server areas.
Code:
# Create a directory, and user, assign ownership of dir to that user and usergroup.
sudo mkdir /mysecureddir
sudo useradd mysecureduser
sudo chown mysecureduser:mysecureduser /mysecureddir
[code].....
I've read some similar issues dealing with apache, but its still not clicking for me. Group has rwx access to directory and everything in it. I'm in the group.
I have been following the steps mentioned at [URL] Now I want to add authentication through .htaccess.
View 1 Replies View RelatedI am not able to access the directory /usr/local. But when I do ls I am able to see it.
Code:
[root@indra ~]# ls -ld /usr/local
drwxr-xr-x 2 root root 0 Feb 9 12:11 /usr/local
[root@indra ~]# cd /usr/local
-bash: cd: /usr/local: No such file or directory
[root@indra ~]#