I always thought that whenever /usr/sbin/setsebool was used, it would write either a "0" or a "1" into the corresponding boolean file. All SELinux boolean files are in /selinux/booleans but If I check, for example, this boolean ...
[Code]....
I always thought that whenever /usr/sbin/setsebool was used, it would write either a "0" or a "1" into the corresponding boolean file. All SELinux boolean files are in /selinux/booleans but If I check, for example, this boolean ...
$ sudo /usr/sbin/getsebool ftp_home_dir
ftp_home_dir --> on
It returns a positive, but if I do
$ sudo less /selinux/booleans/ftp_home_dir
I get ... read error (Press Return)
Furthermore, if I list the boolean file itself, it shows it to be empty
$ sudo ls -l /selinux/booleans/ftp_home_dir
-rw-r--r-- 1 root root 0 Aug 9 11:09 /selinux/booleans/ftp_home_dir
Where is SELinux storing the booleans then?
This is on CentOS 5.4
You can find a list of all the booleans for SELinux (Fedora 10) using getsebool -a My question is, is there a reference online that describes each one. Most of obvious but it's one of those "I have to know because it's there situation).
View 5 Replies View RelatedWhat are the SElinux security context type & booleans in FTP/vsftpd
View 3 Replies View RelatedI have machine that I used to VNC to on my network with Remote Desktop Viewer from my Fedora 12. When I first connected I checked the checkbox that I wanted to store the pw. Now the pw on the other machine has changed but Remote Desktop Viewer does not ask for a new password, it just gives me a black screen, like I am connected but I can't see anything. I'd like to know if anyone knows where this pw data is stored on the system so I can start fresh. I already tried uninstalling Remote Desktop Viewer and installing it again.
View 1 Replies View RelatedI'm using CentOS 5.3, and I want to allow my samba server from selinux. I disabled my selinux and it works fine, but I want to keep my seline firewall on and want to allow other workstation to access my samba server.
View 8 Replies View RelatedI have some trouble when I build a DNS server. I need use mysql stored procedure work with the bind dlz mysql driver, but failed.
dlz "Mysql zone" {
database "mysql
{host=127.0.0.1 dbname=dnsdata ssl=false}
{select domain from domains where domain='$zone$' LIMIT 1}
[code]....
I have this function that is supposed to print draw the first image from a function then hide the rest of the images using 'display: none' however for some reason the boolean test does not seem to work on one of my servers however it works on another, is there some php.ini setting I am missing or can you see any issues with the following code:
[Code]....
I'm getting the error described in this bug. The fix is described in the bug:Code:The following additional SELinux permissions were found to resolve the situation:
samba_domtrans_winbind_helper(httpd_t)
allow httpd_t winbind_helper_t:process signal;
apache_append_log(winbind_helper_t)
[code].....
am trying to Selinux in enforcing mode, but its giving below error.I have Ubuntu server 10.10root@ubuntu:/common# setenforce 1setenforce: SELinux is disabled
View 1 Replies View RelatedI just finished setting up Evolution Mail. All my e-mails have been downloaded and it's working good.But then I logged in at mail.live.com and I all my mails were gone!I don't want my mails to store in my PC, no one knows when my hard drive will die or when will I do something stupid that leads to the complete anihilation of all my e-mails. I want them back to Windows Live's mail server.
View 2 Replies View RelatedI have an ubuntu (8.04.3) server where I use bacula to make backups of the files stored on the server. Ive been trying to find a solution (with no luck) trying to succesfully implement the following:-
A Backup tape for each day of the week besides Thurs which is resused on a weekly basis. For the thursday tapes we have a backup tape corresponding to the week number that the thursday falls so for the first thursday of the month it would be ThursOne For example. These tapes are resued on a monthly basis. We then have a monthly tape that is used on the last thursday of the month. These tapes will be resused on a yearly basis.
Another requirement is just in case a tape is accidently not changed a backup should still occur regardless of what tape is in the drive (so if its tuesday and mondays tape is still in the tape drive it should rewrite that tape).
I did have this successfully set up where the tape was appended after each use rather than being recycled after the nightly backup. But then after a few weeks I would have to manually purge tapes when they became full (which isnt ideal - as Im not always in the office so in my absence it may be that a backup may not take place), so have been playing around and have now got the tapes to be marked as used after a max of 2 jobs (so the backup of the files and the catalog of the night). I also added this line 'Recycle Current Volume = yes' so that it would hopefully recycle the volume in the drive.
However what I am finding is that the tape that should be recycled is not, but in yesterday case the Mondays tape was recycled rather than the Tuesday although Mondays was the last written so Im not even sure why it choose to recycle this tape.
I've got a red hat box joined to a win 2k3 domain and I'm using pam_mkhomedir.so to create user's home directories on first login to the box. extract from /etc/pam.d/sshd Code: session required pam_mkhomedir.so skel=/etc/skel umask=0022 The problem I have is that this only works if I switch SELINUX off (i.e. set enforcing to disabled ). Unfortunately, the error messages are not very helpful. Extract from /var/log/secure below:
[Code]...
I'm trying to share a file via Samba on a Ubuntu server that is actually stored on a FreeNAS box. The FreeNAS drives are mounted via NFS and the Samba share contains a symlink to file on the FreeNAS drive.Browsing the Samba share I can see the file and size, but any attempt to read the file fails. It complains about authentication but all credentials across all machines are the same.So, is it possible to share a file this way or is there another way to do this?I know I could create all the profiles on the FreeNAS box but for convenience and ease of maintenance I was hoping to do this via the Ubuntu server
View 1 Replies View RelatedI'm able to connect to ftp as a virtual user. It was also difficult as nowhere mentioned, that it should be done with SSL. Anyway I found the answer and got connection. But now I can't connect to ftp server as system user. It gives me "530 Permission denied", or if I delete the user from the file denied_users, - "530 Login incorrect".
1. Still I can't understand, how I can log in to FTP server with a system user.Also some other questions regarding this matter:
2. My httpd server Apache has a virtual hosts located in "/home" directory.The scripts create users in "/var/ftp virtual_users". Will it cause any problem if I will change them to "/home"? All I need to do with this is ability to have several virtual hosts in one server with separate access to each of them via FTP. And 1 account with access to all files in "/home".
3. In my ftp client I can see the owner of virtual host "ftp" instead of username.
Whenever i restart postgres in my server, Selinux is not letting it log anything. In /var/log/messages, it says.
Quote: Jan 28 14:15:43 dataserver kernel: audit(1264709743.263:38): avc: denied { append } for pid=5986 comm="postmaster" name="pgsql.log" dev=sda8 ino=3932166 scontext=root:system_r: postgresql_t tcontext=root: object_r:var_log_t tclass=file
Jan 28 14:15:43 dataserver kernel: audit(1264709743.263:39): avc: denied { append } for pid=5986 comm="postmaster" name="pgsql.log" dev=sda8 ino=3932166 scontext=root:system_r: postgresql_t tcontext=root: object_r:var_log_t tclass=file
I cannot disable SeLinux in this server.
It seem that I can set selinux to permissive but when i reboot it turns back on? Can I unistall it? I am running RED HAY 5 and Centos 4
View 2 Replies View RelatedI don't think it has anything to do with the config file.More to do with SElinux. I need to know how to configure SElinux so I can see my samba share when SELinuxis on. When I setenforce 0 I can seen all the files and folders set it to setenforce 1 cannot see anything.Here is the output when I ran [root@fileserver /]# getsebool -a | grep smballow_smbd_anon_write --> onsmbd_disable_trans --> onThese two options were off I tried turning them on.This is another one of the commands I tried running. I did change a few options but I am not sure which I do need to change. I am running a stand alone server so I don't need the DC option.
[root@fileserver /]# getsebool -a | grep samba
samba_domain_controller --> off
samba_enable_home_dirs --> off
[code]....
I decided that I'd torture myself and try to get a server up and running with SELinux fully enabled. I so far have figured out virtual hosting, vsftpd, and SSH to work with it nicely, but I can't figure out what to do to get AWstats to be viewable through a browser with SELinux enabled. This is what I get from /var/log/messages:
Code:
Mar 19 15:09:34 localhost kernel: type=1400 audit(1237496974.987:69): avc: denied { getattr } for pid=4769 comm="httpd" path="/usr/share/awstats/wwwroot/cgi-bin/awstats.pl" dev=sda1 ino=1267968 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:httpd_awstats_script_exec_t:s0 tclass=file
Mar 19 15:09:34 localhost kernel: type=1400 audit(1237496974.987:70): avc: denied { getattr } for pid=4769 comm="httpd" path="/usr/share/awstats/wwwroot/cgi-bin/awstats.pl" dev=sda1 ino=1267968 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:httpd_awstats_script_exec_t:s0 tclass=file
Could someone explain to me what I should be looking for in these messages? Or what I would need to do to fix it?
I'm running a Samba server (3.5.2-60.fc13) on Fedora 13 (64 bit). I want to share the user home directories and want to allow following of symlinks out of the share tree. So in smb.conf I used
unix extensions = no
wide links = yes
For SELinux I did:
setsebool -P samba_enable_home_dirs=1
getsebool -a | grep samba
samba_create_home_dirs --> off
samba_domain_controller --> off
[code]....
However I can't follow the symlinks when mounting my home directory on a Windows machine, unless I disable SeLinux.
I'm trying to ssh into my Ubuntu box, but the connection is getting denied.
When I look at /var/log/auth.log, I see the following:
Code:
I googled for this, and ran across the following: [url]
Here's the part that I think relates to the problem that I'm having:
Quote:
It's not clear from context which configuration file needs to be edited, and I'm not at all familiar with SELinux configuration.
Since upgrading to Lucid, I am getting the following dialog warning on login: 'Could not apply the stored configuration for monitors X Server does not support size requested' Im using the current proprietary NVIDIA graphics driver with dual heads. My display is fine, but the warning every time I login is annoying. After googling around I found this thread: [URL]. I tried going to Monitor Preferences as suggested. My resolution as displayed in the default tool is set to 3840 x 1200, which I suspect is the issue forcing the dialog, but I cant change the resolution, refresh rate or rotation from the Monitor Preference dialog box. dino99's response (in the referenced post) about xorg.conf not being needed anymore seems relevant. How can I resolve this issue and get rid of this annoying warning? Is there a configuration that I can update with a supported resolution to placate lucid?
View 9 Replies View RelatedI'm trying to setup a print server in Fedora 13. I've made it using CUPS and when I send something to print from a Windows PC it goes ok. My main concern is to know where is the spool file stored when a file is sent to print. I've seen in many forums that it is stored in /var/spools/cups. What I only see here is a file name c000XXX with some information about the printing job. I'm using hold print for this printer and before printing out anything I can't find the spool. I've tried cups-pdf and it stores a pdf file in a route but this is not enough for me. I need to know where the spool data is stored in order to know from who is the job being send.
View 1 Replies View RelatedI configure named and stumble upon the following problem: named is serious about user rights, every config file named uses should be named:named. I set rights to named:named as follows, but they get changed to root:named when I restart named as root. The same thing happens with SELinux context. This results in access denied type errors.
View 1 Replies View RelatedWhere is a typical Linux program installed Where does a program install on linux?
In Windows it's clear - Program files - all programs are there. But where are programs in linux stored?
GWhere does Ubuntu store installed programs?I need to go into a program and add a .dll.
View 7 Replies View RelatedI'm using the default email that comes with Ubuntu.What I had:
- 10.10 installed onto a terabyte hard drive with email organized into individual folders under the main folder
What I did:
- bought a new terabyte hard drive and installed 11.04 on it
- set up old terabyte drive as backup drive but kept everything on it
So how do I dig into the old drive to get the email off of it and into my 11.04 install? I didn't overwrite any files, I need to get the mail off before I can do that.
I have a SLES-10-SP2 installation with both a /boot and / directories. Is the MBR stored in the /boot or /.
View 3 Replies View RelatedI run debian squeeze. I use apt-get install openjdk-6-jdk. But I do not understand how I can figure out where the files are stored?
View 1 Replies View RelatedWhere are temp files stored in SuSE 11.0? I am trying to find all of those videos and .jpgs and other miscellaneous files I've downloaded in the past, and which are now only taking up space on my hard drive. I'd like to clean out all of that. I have looked in both /tmp and in /.kde but don't see what I'm looking for.
View 9 Replies View Related
