Is selinux enabled? That can enforce all sorts of limitations on what
services can do.
Craig
On Thu, Feb 21, 2019 at 11:16 PM Hubert SCHMITT <sch...@gmail.com> wrote:
>
>
> Le ven. 22 févr. 2019 à 01:12, Ray Frush <fr...@rams.colostate.edu> a
> écrit :
>
>> All-
>>
>> I had to write the following SELinux type enforcement policy file
>> ‘backuppc.te’ to allow the httpd daemon access to access the required files
>> under /etc/BackupPC even after getting httpd setup to run as the ‘backuppc’
>> user. The alternative is to set SELinux to permissive, which is not
>> really allowed in our environment.
>>
>>
>> module backuppc 1.0;
>>
>> require {
>> type etc_t;
>> type var_log_t;
>> type net_conf_t;
>> type user_tmp_t;
>> type httpd_sys_script_t;
>> class file { write rename read create unlink open };
>> class dir { search read write getattr remove_name open add_name };
>> }
>>
>> #============= httpd_sys_script_t ==============
>> allow httpd_sys_script_t etc_t:dir { write search read open getattr
>> add_name remove_name };
>> allow httpd_sys_script_t etc_t:file { write rename create unlink };
>> allow httpd_sys_script_t var_log_t:dir read;
>> allow httpd_sys_script_t var_log_t:file { read open };
>> allow httpd_sys_script_t net_conf_t:file { read write open rename create
>> unlink };
>> allow httpd_sys_script_t user_tmp_t:dir { write search read open getattr
>> add_name remove_name };
>> allow httpd_sys_script_t user_tmp_t:file { write rename create unlink };
>>
>>
>>
>> I top post on purpose.
>>
>> --
>> Ray Frush "Either you are part of the solution
>> T:970.491.5527 or part of the precipitate."
>> -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-
>> Colorado State University | IS | System Administrator
>>
>> On Feb 21, 2019, at 15:40, Adam Goryachev <
>> mailingli...@websitemanagers.com.au> wrote:
>>
>> On 22/2/19 8:36 am, Hubert SCHMITT wrote:
>>
>> Thanks for your answer Jean Yves,
>>
>> But i really don't understand what's wrong.
>>
>> The rights are the same on my side :
>> -rw-r----- 1 backuppc apache 85K 21 févr. 20:31 config.pl
>> -rw-r----- 1 backuppc apache 82K 27 déc. 2014 config.pl_20141227_OK
>> -rw-r----- 1 backuppc apache 82K 17 avril 2016 config.pl.old
>> -rw-r----- 1 backuppc apache 86K 19 févr. 14:16 config.pl.pre-4.3.0
>>
>> Apache is running with : User backuppc and Group apache in httpd.conf
>>
>> I think you will need to confirm your apache settings, because if the
>> user is backuppc and group apache, you should have write access to the
>> above file.
>>
>> One other thing to confirm is the permissions of the directory, and also
>> whether the web interface is attempting to write to the same file you think
>> it is. To check directory permissions:
>>
>> ls -ld /path/to/check
>>
>> Regards,
>> Adam
>>
>>
>> --
>> Adam Goryachev Website Managers www.websitemanagers.com.au
>>
>> -- The information in this e-mail is confidential and may be legally
>> privileged. It is intended solely for the addressee. Access to this e-mail
>> by anyone else is unauthorised. If you are not the intended recipient, any
>> disclosure, copying, distribution or any action taken or omitted to be
>> taken in reliance on it, is prohibited and may be unlawful. If you have
>> received this message in error, please notify us immediately. Please also
>> destroy and delete the message from your computer. Viruses - Any
>> loss/damage incurred by receiving this email is not the sender's
>> responsibility.
>> _______________________________________________
>> BackupPC-users mailing list
>> BackupPC-users@lists.sourceforge.net
>> List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
>> Wiki: http://backuppc.wiki.sourceforge.net
>> Project: http://backuppc.sourceforge.net/
>>
>>
>> _______________________________________________
>> BackupPC-users mailing list
>> BackupPC-users@lists.sourceforge.net
>> List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
>> Wiki: http://backuppc.wiki.sourceforge.net
>> Project: http://backuppc.sourceforge.net/
>
>
>
>
> Hi all,
>
> @Adam :
>
> i done the ls -ld on /etc/BackupPC and on /etc/BackupPC/pc :
>
> *drwxr-xr-x 3 backuppc apache 4096 21 févr. 22:29 /etc/BackupPC*
>
> *drwxr-xr-x 2 backuppc apache 4096 21 févr. 14:15 /etc/BackupPC/pc*
>
> The weird thing is it can't write to a "new" file (myhost.pl.new) so maybe
> nothing to do with rights on existing myhost.pl file.
>
> @Jean Yves
> i changed the files's rights to 660 in the two mentionned directories.
>
> I let you know the result this evening as i'm at work for the moment and
> haven't access to my backup server.
>
> Hubert.
>
>
>
>
>
> _______________________________________________
> BackupPC-users mailing list
> BackupPC-users@lists.sourceforge.net
> List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
> Wiki: http://backuppc.wiki.sourceforge.net
> Project: http://backuppc.sourceforge.net/
>
_______________________________________________
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
