Server :: Permissions With Pam_mkhomedir.so When SELinux Set To Enforce

Mar 14, 2011

I've got a red hat box joined to a win 2k3 domain and I'm using pam_mkhomedir.so to create user's home directories on first login to the box. extract from /etc/pam.d/sshd Code: session required pam_mkhomedir.so skel=/etc/skel umask=0022 The problem I have is that this only works if I switch SELINUX off (i.e. set enforcing to disabled ). Unfortunately, the error messages are not very helpful. Extract from /var/log/secure below:

[Code]...

View 4 Replies


ADVERTISEMENT

Server :: Enforce Write Permissions On Filesystem

Nov 22, 2010

we have a data transfer network drive, shared via nfs and samba.But now I got the special demand to make any of the files read and wirteable, regardsless of the permissions they had before.With acl I get the right permissions (via default values) but the standard unix permissions overwrite this. e.g. when I have 644, it does not care that the group has write permissions)Does someone have an idea (except chmod via cronjob )

View 1 Replies View Related

Server :: SELinux Permissions \ Getting The Error Described In This Bug?

May 20, 2011

I'm getting the error described in this bug. The fix is described in the bug:Code:The following additional SELinux permissions were found to resolve the situation:

samba_domtrans_winbind_helper(httpd_t)
allow httpd_t winbind_helper_t:process signal;
apache_append_log(winbind_helper_t)

[code].....

View 2 Replies View Related

General :: Accidently Reset SELINUX Context For /var Folder Permissions?

Jan 30, 2011

I accidently reset the SELINUX context on the /var folder from "var_t" to user data. Now I cant go back and set it to "var_t" and i cant access my website anymore

View 3 Replies View Related

Fedora Servers :: SELinux - Find A List Of All The Booleans For SELinux (10) Using Getsebool -a

Feb 23, 2009

You can find a list of all the booleans for SELinux (Fedora 10) using getsebool -a My question is, is there a reference online that describes each one. Most of obvious but it's one of those "I have to know because it's there situation).

View 5 Replies View Related

Server :: Allow Samba Server From Selinux Firewall In CentOS?

Jun 8, 2009

I'm using CentOS 5.3, and I want to allow my samba server from selinux. I disabled my selinux and it works fine, but I want to keep my seline firewall on and want to allow other workstation to access my samba server.

View 8 Replies View Related

Ubuntu Networking :: Enforce Mobile Broadband Via Bluetooth?

May 13, 2010

I have Ubuntu gnome 10.04 'lucid' and I can connect with Mobile Broadband internet by using my Nokia 5800 as an USB dongle by just setting the right "Mobile Broadband" settings parameters. It connects flawlessly.

Then I set the /etc/rfcomm0 file with the proper parameters with the Bluetooth MAC address and the proper channel and paired the phone with my PC of course.

But how can I enforce the network manager that it selects Bluetooth instead of USB ?

View 3 Replies View Related

Ubuntu Security :: AppArmor Enforce Program Without Logging?

Apr 19, 2011

I have a program that generates large amounts of apparmor log messages. I'm happy to enforce restrictions on the program but I really don't want it to fill my log with messages every time it attempts to read a file.

Is there a way to let it enforce restrictions but not log denials?

View 9 Replies View Related

Ubuntu Security :: Cannot Enforce Firefox 4.0 Apparmor Profile

Apr 29, 2011

Since Ubuntu 9.10 I used:

"sudo apt-get install apparmor-profiles

sudo enforce firefox"

However in Lubuntu 11.04 the "sudo enforce firefox" command does no longer work. It looks like the enforce command is no longer recognised.

View 6 Replies View Related

Server :: Ubuntu SELinux Is Disabled?

Nov 18, 2010

am trying to Selinux in enforcing mode, but its giving below error.I have Ubuntu server 10.10root@ubuntu:/common# setenforce 1setenforce: SELinux is disabled

View 1 Replies View Related

Server :: Where Are The Booleans For SELinux Stored

Sep 23, 2010

I always thought that whenever /usr/sbin/setsebool was used, it would write either a "0" or a "1" into the corresponding boolean file. All SELinux boolean files are in /selinux/booleans but If I check, for example, this boolean ...

[Code]....

View 2 Replies View Related

Server :: Benefit Of S-permissions And T-permissions?

Nov 9, 2010

i want to know what is use or benefit of using s and t permission?i have used them but could not understand its uses.please explain me with suitable example.Also tell me about umask command to flag on s and t.

View 1 Replies View Related

CentOS 5 Server :: Where Are The Booleans For SELinux Stored

Sep 24, 2010

I always thought that whenever /usr/sbin/setsebool was used, it would write either a "0" or a "1" into the corresponding boolean file. All SELinux boolean files are in /selinux/booleans but If I check, for example, this boolean ...

$ sudo /usr/sbin/getsebool ftp_home_dir
ftp_home_dir --> on

It returns a positive, but if I do

$ sudo less /selinux/booleans/ftp_home_dir

I get ... read error (Press Return)

Furthermore, if I list the boolean file itself, it shows it to be empty

$ sudo ls -l /selinux/booleans/ftp_home_dir
-rw-r--r-- 1 root root 0 Aug 9 11:09 /selinux/booleans/ftp_home_dir

Where is SELinux storing the booleans then?

This is on CentOS 5.4

View 3 Replies View Related

CentOS 5 Server :: Can't Set Vsftpd With SElinux Properly / Sort It?

Apr 8, 2010

I'm able to connect to ftp as a virtual user. It was also difficult as nowhere mentioned, that it should be done with SSL. Anyway I found the answer and got connection. But now I can't connect to ftp server as system user. It gives me "530 Permission denied", or if I delete the user from the file denied_users, - "530 Login incorrect".

1. Still I can't understand, how I can log in to FTP server with a system user.Also some other questions regarding this matter:

2. My httpd server Apache has a virtual hosts located in "/home" directory.The scripts create users in "/var/ftp virtual_users". Will it cause any problem if I will change them to "/home"? All I need to do with this is ability to have several virtual hosts in one server with separate access to each of them via FTP. And 1 account with access to all files in "/home".

3. In my ftp client I can see the owner of virtual host "ftp" instead of username.

View 7 Replies View Related

Security :: Restart Postgres In Server - Selinux Is Not Letting It Log Anything

Jan 28, 2010

Whenever i restart postgres in my server, Selinux is not letting it log anything. In /var/log/messages, it says.

Quote: Jan 28 14:15:43 dataserver kernel: audit(1264709743.263:38): avc: denied { append } for pid=5986 comm="postmaster" name="pgsql.log" dev=sda8 ino=3932166 scontext=root:system_r: postgresql_t tcontext=root: object_r:var_log_t tclass=file

Jan 28 14:15:43 dataserver kernel: audit(1264709743.263:39): avc: denied { append } for pid=5986 comm="postmaster" name="pgsql.log" dev=sda8 ino=3932166 scontext=root:system_r: postgresql_t tcontext=root: object_r:var_log_t tclass=file

I cannot disable SeLinux in this server.

View 1 Replies View Related

Server :: Can Set Selinux To Permissive / When Reboot It Turns Back On?

Jul 19, 2010

It seem that I can set selinux to permissive but when i reboot it turns back on? Can I unistall it? I am running RED HAY 5 and Centos 4

View 2 Replies View Related

CentOS 5 Server :: Cannot Acess Samba Share Unless SElinux Is Off?

May 8, 2009

I don't think it has anything to do with the config file.More to do with SElinux. I need to know how to configure SElinux so I can see my samba share when SELinuxis on. When I setenforce 0 I can seen all the files and folders set it to setenforce 1 cannot see anything.Here is the output when I ran [root@fileserver /]# getsebool -a | grep smballow_smbd_anon_write --> onsmbd_disable_trans --> onThese two options were off I tried turning them on.This is another one of the commands I tried running. I did change a few options but I am not sure which I do need to change. I am running a stand alone server so I don't need the DC option.

[root@fileserver /]# getsebool -a | grep samba
samba_domain_controller --> off
samba_enable_home_dirs --> off

[code]....

View 2 Replies View Related

Fedora Security :: Get A Server Up And Running With SELinux Fully Enabled?

Mar 19, 2009

I decided that I'd torture myself and try to get a server up and running with SELinux fully enabled. I so far have figured out virtual hosting, vsftpd, and SSH to work with it nicely, but I can't figure out what to do to get AWstats to be viewable through a browser with SELinux enabled. This is what I get from /var/log/messages:

Code:
Mar 19 15:09:34 localhost kernel: type=1400 audit(1237496974.987:69): avc: denied { getattr } for pid=4769 comm="httpd" path="/usr/share/awstats/wwwroot/cgi-bin/awstats.pl" dev=sda1 ino=1267968 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:httpd_awstats_script_exec_t:s0 tclass=file
Mar 19 15:09:34 localhost kernel: type=1400 audit(1237496974.987:70): avc: denied { getattr } for pid=4769 comm="httpd" path="/usr/share/awstats/wwwroot/cgi-bin/awstats.pl" dev=sda1 ino=1267968 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:httpd_awstats_script_exec_t:s0 tclass=file

Could someone explain to me what I should be looking for in these messages? Or what I would need to do to fix it?

View 2 Replies View Related

Server :: Samba And SELinux - Share The User Home Directories?

Oct 6, 2010

I'm running a Samba server (3.5.2-60.fc13) on Fedora 13 (64 bit). I want to share the user home directories and want to allow following of symlinks out of the share tree. So in smb.conf I used

unix extensions = no
wide links = yes

For SELinux I did:

setsebool -P samba_enable_home_dirs=1
getsebool -a | grep samba
samba_create_home_dirs --> off
samba_domain_controller --> off

[code]....

However I can't follow the symlinks when mounting my home directory on a Windows machine, unless I disable SeLinux.

View 5 Replies View Related

Server :: Connecting To Sshd On Ubuntu 9.10. Logs Point To SELinux ?

Feb 14, 2011

I'm trying to ssh into my Ubuntu box, but the connection is getting denied.

When I look at /var/log/auth.log, I see the following:

Code:

I googled for this, and ran across the following: [url]

Here's the part that I think relates to the problem that I'm having:

Quote:

It's not clear from context which configuration file needs to be edited, and I'm not at all familiar with SELinux configuration.

View 3 Replies View Related

General :: Possible To Enforce A Certain Exit Code When Using "kill" To Stop A Process?

Feb 9, 2011

Is it possible to enforce a certain exit code when using "kill" to stop a process?

View 2 Replies View Related

CentOS 5 Server :: Named And Access Rights / SELinux - Access Denied

Aug 24, 2010

I configure named and stumble upon the following problem: named is serious about user rights, every config file named uses should be named:named. I set rights to named:named as follows, but they get changed to root:named when I restart named as root. The same thing happens with SELinux context. This results in access denied type errors.

View 1 Replies View Related

Server :: FTP Permissions For Several Groups?

Aug 1, 2010

I have a FTP server (vsftpd), and would like to setup different file permissions for different groups:

-"ftpusers" group should only be able to browse and download.

-"ftpadmins" group should be able to browse, download, AND WRITE (RNFR, RNTO, MKDIR....).

Let's say my main directory is /var/ftp/docs/. It should be accessible by "ftpusers" group, but only writeable by "ftpadmins" group. Other groups or users may not access it. Which permissions and ownership should I give? My problem is that the dir can't be owned by two groups...

View 2 Replies View Related

Server :: NFS Permissions Changed?

Apr 8, 2010

I have an NFS server on Windose Server 2003. I use it to back my Linux/Solaris databases up to. I mounted the NFS share on the Linux box. I was testing the permissions to it, and accidentally did a chown sybase:sybase /OLBackupOLBackup is the root directory of the NFS share. When I did the chown command, it changed the permissions on the share. Now it seems that linux is controlling the permissions. In windose I cant add users/groups. How can I remove Linux from owning the permissions. Im not sure if this is a windose issue or a linux issue, but figured I would start asking here first.

View 1 Replies View Related

Server :: NFS With Directories Permissions?

Oct 4, 2010

I'm planning a NFS share for a small enterprise (25 NFS clients). I need to create a directory structure but I'll need to set up differents permissions (rw/ro) to some directories of the tree. I wonder if it's possible to grant access using groups IDs, so that would be ideal for this application. Is it possible? I was thinking that I would kneed some kind of centralized user info, such as NIS or LDAP. Is that necessary?

View 4 Replies View Related

Server :: Permissions Error With NFS ?

Jan 2, 2010

I am having a bit of an issue with a NFS configuration. Initially I had no issues when both the server and client were both running Ubuntu Karmic. The client is now running Fedora Core 12 and when I mount the share I get "You do not have the permissions necessary to view the contents of Mnt". I came across this troubleshooting guide and it suggests that the issue may be the UIDs are not in sync on the server and client. If this is the issue, which usernames do I need to sync and how would I do that?

View 2 Replies View Related

Server :: Permissions For CGI Scripts?

Jun 20, 2011

I'm setting up some CGI scripts to be executed by Apache. What I find disturbing is the fact that since the owner of the CGI script is the Apache user, it is not possible for me working under my user to edit the script unless I either edit it with sudo or chmod it to 777, which I believe is not advisable.

View 3 Replies View Related

Server :: What Are The Results Of 664 Permissions

Apr 8, 2010

i am trying to set permissions on my wordpress install such that the wordpress admin can write to the files and directories in the wordpress tree. otherwise i have to do all the things wordpress does automatically by hand with vi.of course i would like to have permissions set as precisely as possible for security.at present the files are set to 644 (-rw-r--r--). my plan is to change permissions to 664 (-rw-rw-r--) using chmod. ie "chmod -r 664 ./wordpress".

View 4 Replies View Related

General :: Set Wordpress Permissions On Server

Mar 9, 2011

I have question regarding setting permissions on wp-content/uploads... in wordpres. I read a tutorial where they want you to set permissions: chown -R julie.julie uploads/ chmod -R 777 uploads/ 777 makes it rwx for others as well. It's not secure! It works but is temporary fix. How I can make sure that the user julie (wordpress) will be able to write to it but anybody else wont.

View 3 Replies View Related

Server :: File Permissions After FTP Upload?

Jun 9, 2009

I have just started using linux. I have setup an ubuntu apache2 server. It has been running brilliantly and I am highly impressed with the Linux system. My box is an HTTP server and I am hosting a website on it. I have VSFTPD installed and functioning as my FTP software. It has worked fine so far but I have been a bit annoyed that I have had to set permissions for each file I have put on there.

Now I have run into a serious issue with the permissions being set to 600 and I really need them to 755 because I am running an automatic upload for a webcam and the Image can't be accessed due to the automatic permissions of 600 being set to the image. My extensive windows background tells me that I need to apply the correct permissions to the WWW folder and get the files to inherit these permissions automatically.

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved