All-
I had to write the following SELinux type enforcement policy file ‘backuppc.te’
to allow the httpd daemon access to access the required files under
/etc/BackupPC even after getting httpd setup to run as the ‘backuppc’ user.
The alternative is to set SELinux to permissive, which is not really allowed in
our environment.
module backuppc 1.0;
require {
type etc_t;
type var_log_t;
type net_conf_t;
type user_tmp_t;
type httpd_sys_script_t;
class file { write rename read create unlink open };
class dir { search read write getattr remove_name open add_name };
}
#============= httpd_sys_script_t ==============
allow httpd_sys_script_t etc_t:dir { write search read open getattr add_name
remove_name };
allow httpd_sys_script_t etc_t:file { write rename create unlink };
allow httpd_sys_script_t var_log_t:dir read;
allow httpd_sys_script_t var_log_t:file { read open };
allow httpd_sys_script_t net_conf_t:file { read write open rename create unlink
};
allow httpd_sys_script_t user_tmp_t:dir { write search read open getattr
add_name remove_name };
allow httpd_sys_script_t user_tmp_t:file { write rename create unlink };
I top post on purpose.
--
Ray Frush "Either you are part of the solution
T:970.491.5527 or part of the precipitate."
-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-
Colorado State University | IS | System Administrator
> On Feb 21, 2019, at 15:40, Adam Goryachev
> <mailingli...@websitemanagers.com.au> wrote:
>
> On 22/2/19 8:36 am, Hubert SCHMITT wrote:
>> Thanks for your answer Jean Yves,
>>
>> But i really don't understand what's wrong.
>>
>> The rights are the same on my side :
>> -rw-r----- 1 backuppc apache 85K 21 févr. 20:31 config.pl
>> <http://config.pl/>
>> -rw-r----- 1 backuppc apache 82K 27 déc. 2014 config.pl_20141227_OK
>> -rw-r----- 1 backuppc apache 82K 17 avril 2016 config.pl.old
>> -rw-r----- 1 backuppc apache 86K 19 févr. 14:16 config.pl.pre-4.3.0
>>
>> Apache is running with : User backuppc and Group apache in httpd.conf
>>
> I think you will need to confirm your apache settings, because if the user is
> backuppc and group apache, you should have write access to the above file.
>
> One other thing to confirm is the permissions of the directory, and also
> whether the web interface is attempting to write to the same file you think
> it is. To check directory permissions:
>
> ls -ld /path/to/check
>
> Regards,
> Adam
>
>
>
> --
> Adam Goryachev Website Managers www.websitemanagers.com.au
> <http://www.websitemanagers.com.au/>
>
> -- The information in this e-mail is confidential and may be legally
> privileged. It is intended solely for the addressee. Access to this e-mail by
> anyone else is unauthorised. If you are not the intended recipient, any
> disclosure, copying, distribution or any action taken or omitted to be taken
> in reliance on it, is prohibited and may be unlawful. If you have received
> this message in error, please notify us immediately. Please also destroy and
> delete the message from your computer. Viruses - Any loss/damage incurred by
> receiving this email is not the sender's responsibility.
> _______________________________________________
> BackupPC-users mailing list
> BackupPC-users@lists.sourceforge.net
> List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
> Wiki: http://backuppc.wiki.sourceforge.net
> Project: http://backuppc.sourceforge.net/
_______________________________________________
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
