On Thu, Feb 21, 2019 at 11:16 PM Hubert SCHMITT <sch...@gmail.com> wrote:
>
>>
>>
>> Le ven. 22 févr. 2019 à 01:12, Ray Frush <fr...@rams.colostate.edu> a
>> écrit :
>>
>>> All-
>>>
>>> I had to write the following SELinux type enforcement policy file
>>> ‘backuppc.te’ to allow the httpd daemon access to access the required files
>>> under /etc/BackupPC even after getting httpd setup to run as the ‘backuppc’
>>> user. The alternative is to set SELinux to permissive, which is not
>>> really allowed in our environment.
>>>
>>>
>>> module backuppc 1.0;
>>>
>>> require {
>>> type etc_t;
>>> type var_log_t;
>>> type net_conf_t;
>>> type user_tmp_t;
>>> type httpd_sys_script_t;
>>> class file { write rename read create unlink open };
>>> class dir { search read write getattr remove_name open add_name };
>>> }
>>>
>>> #============= httpd_sys_script_t ==============
>>> allow httpd_sys_script_t etc_t:dir { write search read open getattr
>>> add_name remove_name };
>>> allow httpd_sys_script_t etc_t:file { write rename create unlink };
>>> allow httpd_sys_script_t var_log_t:dir read;
>>> allow httpd_sys_script_t var_log_t:file { read open };
>>> allow httpd_sys_script_t net_conf_t:file { read write open rename create
>>> unlink };
>>> allow httpd_sys_script_t user_tmp_t:dir { write search read open getattr
>>> add_name remove_name };
>>> allow httpd_sys_script_t user_tmp_t:file { write rename create unlink };
>>>
>>>
>>>
>>> I top post on purpose.
>>>
>>> --
>>> Ray Frush "Either you are part of the solution
>>> T:970.491.5527 or part of the precipitate."
>>> -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-
>>> Colorado State University | IS | System Administrator
>>>
>>> On Feb 21, 2019, at 15:40, Adam Goryachev <
>>> mailingli...@websitemanagers.com.au> wrote:
>>>
>>> On 22/2/19 8:36 am, Hubert SCHMITT wrote:
>>>
>>> Thanks for your answer Jean Yves,
>>>
>>> But i really don't understand what's wrong.
>>>
>>> The rights are the same on my side :
>>> -rw-r----- 1 backuppc apache 85K 21 févr. 20:31 config.pl
>>> -rw-r----- 1 backuppc apache 82K 27 déc. 2014 config.pl_20141227_OK
>>> -rw-r----- 1 backuppc apache 82K 17 avril 2016 config.pl.old
>>> -rw-r----- 1 backuppc apache 86K 19 févr. 14:16 config.pl.pre-4.3.0
>>>
>>> Apache is running with : User backuppc and Group apache in httpd.conf
>>>
>>> I think you will need to confirm your apache settings, because if the
>>> user is backuppc and group apache, you should have write access to the
>>> above file.
>>>
>>> One other thing to confirm is the permissions of the directory, and also
>>> whether the web interface is attempting to write to the same file you think
>>> it is. To check directory permissions:
>>>
>>> ls -ld /path/to/check
>>>
>>> Regards,
>>> Adam
>>>
>>>
>>> --
>>> Adam Goryachev Website Managers www.websitemanagers.com.au
>>>
>>> -- The information in this e-mail is confidential and may be legally
>>> privileged. It is intended solely for the addressee. Access to this e-mail
>>> by anyone else is unauthorised. If you are not the intended recipient, any
>>> disclosure, copying, distribution or any action taken or omitted to be
>>> taken in reliance on it, is prohibited and may be unlawful. If you have
>>> received this message in error, please notify us immediately. Please also
>>> destroy and delete the message from your computer. Viruses - Any
>>> loss/damage incurred by receiving this email is not the sender's
>>> responsibility.
>>> _______________________________________________
>>> BackupPC-users mailing list
>>> BackupPC-users@lists.sourceforge.net
>>> List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
>>> Wiki: http://backuppc.wiki.sourceforge.net
>>> Project: http://backuppc.sourceforge.net/
>>>
>>>
>>> _______________________________________________
>>> BackupPC-users mailing list
>>> BackupPC-users@lists.sourceforge.net
>>> List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
>>> Wiki: http://backuppc.wiki.sourceforge.net
>>> Project: http://backuppc.sourceforge.net/
>>
>>
>>
>>
>> Hi all,
>>
>> @Adam :
>>
>> i done the ls -ld on /etc/BackupPC and on /etc/BackupPC/pc :
>>
>> *drwxr-xr-x 3 backuppc apache 4096 21 févr. 22:29 /etc/BackupPC*
>>
>> *drwxr-xr-x 2 backuppc apache 4096 21 févr. 14:15 /etc/BackupPC/pc*
>>
>> The weird thing is it can't write to a "new" file (myhost.pl.new) so
>> maybe nothing to do with rights on existing myhost.pl file.
>>
>> @Jean Yves
>> i changed the files's rights to 660 in the two mentionned directories.
>>
>> I let you know the result this evening as i'm at work for the moment and
>> haven't access to my backup server.
>>
>> Hubert.
>>
>> Le ven. 22 févr. 2019 à 21:49, Craig Barratt via BackupPC-users <
>> backuppc-users@lists.sourceforge.net> a écrit :
>>
>>> Is selinux enabled? That can enforce all sorts of limitations on what
>>> services can do.
>>>
>>> Craig
>>>
>>
>>
>>
>> Hi Craig,
>>
>> Selinux i s not enabled.
>>
>> i think i "damaged" a part of my Gentoo on update.
>>
>
I installed the new backuppc over the old one directly installing
from downloaded tar.gz file running configure.pl. On the "old" backuppc i
had no problem updating conf files through CGI.
> Now it says always errno=Read only file system, i don't understand why
>> even when setting /etc/BackupPC and all files and directories inside it
>> to 777 i still can't write.
>>
>
I've set the rights back to their "default" as you can see below.
There are no mounts with "ro" and also space left on the filesystem :
>>
>> Mount :
>> proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
>> sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
>> devtmpfs on /dev type devtmpfs
>> (rw,nosuid,noexec,size=1030664k,nr_inodes=218387,mode=755)
>> devpts on /dev/pts type devpts
>> (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
>> tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev,noexec)
>> tmpfs on /run type tmpfs (rw,nosuid,nodev,noexec,mode=755)
>> /dev/mapper/vgA--4800-root on / type ext4
>> (rw,noatime,errors=remount-ro,data=ordered)
>> /dev/mapper/vgA--4800-usr on /usr type ext4
>> (rw,noatime,errors=remount-ro,data=ordered)
>> *tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,mode=755)*
>> cgroup2 on /sys/fs/cgroup/unified type cgroup2
>> (rw,nosuid,nodev,noexec,relatime)
>> cgroup on /sys/fs/cgroup/systemd type cgroup
>> (rw,nosuid,nodev,noexec,relatime,xattr,name=systemd)
>> cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup
>> (rw,nosuid,nodev,noexec,relatime,cpu,cpuacct)
>> cgroup on /sys/fs/cgroup/freezer type cgroup
>> (rw,nosuid,nodev,noexec,relatime,freezer)
>> systemd-1 on /proc/sys/fs/binfmt_misc type autofs
>> (rw,relatime,fd=38,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=3154)
>> mqueue on /dev/mqueue type mqueue (rw,relatime)
>> fusectl on /sys/fs/fuse/connections type fusectl (rw,relatime)
>> /dev/mapper/vgB--4800-backups on /backups type ext4
>> (rw,noatime,errors=remount-ro,data=ordered)
>> /dev/mapper/vgA--4800-home on /home type ext4
>> (rw,noatime,errors=remount-ro,data=ordered)
>> /dev/mapper/vgA--4800-home on /root type ext4
>> (rw,noatime,errors=remount-ro,data=ordered)
>> /dev/mapper/vgA--4800-var on /var type ext4
>> (rw,noatime,errors=remount-ro,data=ordered)
>> /dev/mapper/vgA--4800-var_tmp on /var/tmp type ext4
>> (rw,noatime,errors=remount-ro,data=ordered)
>> /dev/mapper/vgA--4800-tmp on /tmp type ext4
>> (rw,noatime,errors=remount-ro,data=ordered)
>> /dev/mapper/vgA--4800-opt on /opt type ext4
>> (rw,noatime,errors=remount-ro,data=ordered)
>> /dev/mapper/vgA--4800-iso on /iso type ext4
>> (rw,noatime,errors=remount-ro,data=ordered)
>> tmpfs on /run/user/103 type tmpfs
>> (rw,nosuid,nodev,relatime,size=207136k,mode=700,uid=103,gid=105)
>> tmpfs on /run/user/1000 type tmpfs
>> (rw,nosuid,nodev,relatime,size=207136k,mode=700,uid=1000,gid=100)
>> tmpfs on /run/user/0 type tmpfs
>> (rw,nosuid,nodev,relatime,size=207136k,mode=700)
>>
>>
>> df -h :
>> Sys. de fichiers Taille Utilisé Dispo Uti% Monté sur
>> devtmpfs 1007M 0 1007M 0% /dev
>> tmpfs 1012M 79M 933M 8% /dev/shm
>> tmpfs 1012M 1,9M 1010M 1% /run
>> */dev/mapper/vgA--4800-root 4,9G 110M 4,6G 3% /*
>> /dev/mapper/vgA--4800-usr 80G 37G 40G 48% /usr
>> tmpfs 1012M 0 1012M 0% /sys/fs/cgroup
>> /dev/mapper/vgB--4800-backups 2,2T 969G 1,2T 46% /backups
>> /dev/mapper/vgA--4800-home 50G 23G 25G 49% /home
>> /dev/mapper/vgA--4800-var 15G 4,1G 9,8G 30% /var
>> /dev/mapper/vgA--4800-var_tmp 22G 3,4G 18G 17% /var/tmp
>> /dev/mapper/vgA--4800-tmp 15G 38M 14G 1% /tmp
>> /dev/mapper/vgA--4800-opt 9,8G 307M 9,0G 4% /opt
>> /dev/mapper/vgA--4800-iso 2,0G 1,4G 459M 75% /iso
>> tmpfs 203M 20K 203M 1% /run/user/103
>> tmpfs 203M 32K 203M 1% /run/user/1000
>> tmpfs 203M 8,0K 203M 1% /run/user/0
>>
>> df -i :
>> Sys. de fichiers Inœuds IUtil. ILibre IUti% Monté sur
>> devtmpfs 218387 550 217837 1% /dev
>> tmpfs 220894 79 220815 1% /dev/shm
>> tmpfs 220894 1084 219810 1% /run
>> */dev/mapper/vgA--4800-root 327680 5711 321969 2% /*
>> /dev/mapper/vgA--4800-usr 5308416 512934 4795482 10% /usr
>> tmpfs 220894 7 220887 1%
>> /sys/fs/cgroup
>> /dev/mapper/vgB--4800-backups 149979136 882365 149096771 1% /backups
>> /dev/mapper/vgA--4800-home 3276800 864309 2412491 27% /home
>> /dev/mapper/vgA--4800-var 983040 78332 904708 8% /var
>> /dev/mapper/vgA--4800-var_tmp 1441792 219112 1222680 16% /var/tmp
>> /dev/mapper/vgA--4800-tmp 983040 65 982975 1% /tmp
>> /dev/mapper/vgA--4800-opt 655360 928 654432 1% /opt
>> /dev/mapper/vgA--4800-iso 131072 16 131056 1% /iso
>> tmpfs 220894 15 220879 1%
>> /run/user/103
>> tmpfs 220894 23 220871 1%
>> /run/user/1000
>> tmpfs 220894 9 220885 1% /run/user/0
>>
>> ls -lah /etc/BackupPC :
>> total 116K
>> drwxr-xr-x+ 3 backuppc apache 4,0K 23 févr. 13:46 .
>> drwxr-xr-x 140 root root 12K 23 févr. 12:58 ..
>> -rw-rw----+ 1 backuppc apache 85K 22 févr. 21:26 config.pl
>> -rw-rw---- 1 backuppc apache 2,4K 21 févr. 14:12 hosts
>> -rw-rw---- 1 backuppc apache 0 18 févr. 18:46
>> .keep_app-backup_backuppc-0
>> -rw-r----- 1 backuppc backuppc 0 23 févr. 13:55 LOCK
>> drwxr-xr-x+ 2 backuppc apache 4,0K 23 févr. 12:35 pc
>> -rw-r----- 1 backuppc apache 68 19 févr. 07:49 users.htpasswd
>>
>>
>> Thanks for your help and advice.
>>
>
_______________________________________________
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
