Le ven. 22 févr. 2019 à 01:12, Ray Frush <fr...@rams.colostate.edu> a
écrit :
> All-
>
> I had to write the following SELinux type enforcement policy file
> ‘backuppc.te’ to allow the httpd daemon access to access the required files
> under /etc/BackupPC even after getting httpd setup to run as the ‘backuppc’
> user. The alternative is to set SELinux to permissive, which is not
> really allowed in our environment.
>
>
> module backuppc 1.0;
>
> require {
> type etc_t;
> type var_log_t;
> type net_conf_t;
> type user_tmp_t;
> type httpd_sys_script_t;
> class file { write rename read create unlink open };
> class dir { search read write getattr remove_name open add_name };
> }
>
> #============= httpd_sys_script_t ==============
> allow httpd_sys_script_t etc_t:dir { write search read open getattr
> add_name remove_name };
> allow httpd_sys_script_t etc_t:file { write rename create unlink };
> allow httpd_sys_script_t var_log_t:dir read;
> allow httpd_sys_script_t var_log_t:file { read open };
> allow httpd_sys_script_t net_conf_t:file { read write open rename create
> unlink };
> allow httpd_sys_script_t user_tmp_t:dir { write search read open getattr
> add_name remove_name };
> allow httpd_sys_script_t user_tmp_t:file { write rename create unlink };
>
>
>
> I top post on purpose.
>
> --
> Ray Frush "Either you are part of the solution
> T:970.491.5527 or part of the precipitate."
> -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-
> Colorado State University | IS | System Administrator
>
> On Feb 21, 2019, at 15:40, Adam Goryachev <
> mailingli...@websitemanagers.com.au> wrote:
>
> On 22/2/19 8:36 am, Hubert SCHMITT wrote:
>
> Thanks for your answer Jean Yves,
>
> But i really don't understand what's wrong.
>
> The rights are the same on my side :
> -rw-r----- 1 backuppc apache 85K 21 févr. 20:31 config.pl
> -rw-r----- 1 backuppc apache 82K 27 déc. 2014 config.pl_20141227_OK
> -rw-r----- 1 backuppc apache 82K 17 avril 2016 config.pl.old
> -rw-r----- 1 backuppc apache 86K 19 févr. 14:16 config.pl.pre-4.3.0
>
> Apache is running with : User backuppc and Group apache in httpd.conf
>
> I think you will need to confirm your apache settings, because if the user
> is backuppc and group apache, you should have write access to the above
> file.
>
> One other thing to confirm is the permissions of the directory, and also
> whether the web interface is attempting to write to the same file you think
> it is. To check directory permissions:
>
> ls -ld /path/to/check
>
> Regards,
> Adam
>
>
> --
> Adam Goryachev Website Managers www.websitemanagers.com.au
>
> -- The information in this e-mail is confidential and may be legally
> privileged. It is intended solely for the addressee. Access to this e-mail
> by anyone else is unauthorised. If you are not the intended recipient, any
> disclosure, copying, distribution or any action taken or omitted to be
> taken in reliance on it, is prohibited and may be unlawful. If you have
> received this message in error, please notify us immediately. Please also
> destroy and delete the message from your computer. Viruses - Any
> loss/damage incurred by receiving this email is not the sender's
> responsibility.
> _______________________________________________
> BackupPC-users mailing list
> BackupPC-users@lists.sourceforge.net
> List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
> Wiki: http://backuppc.wiki.sourceforge.net
> Project: http://backuppc.sourceforge.net/
>
>
> _______________________________________________
> BackupPC-users mailing list
> BackupPC-users@lists.sourceforge.net
> List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
> Wiki: http://backuppc.wiki.sourceforge.net
> Project: http://backuppc.sourceforge.net/
Hi all,
@Adam :
i done the ls -ld on /etc/BackupPC and on /etc/BackupPC/pc :
*drwxr-xr-x 3 backuppc apache 4096 21 févr. 22:29 /etc/BackupPC*
*drwxr-xr-x 2 backuppc apache 4096 21 févr. 14:15 /etc/BackupPC/pc*
The weird thing is it can't write to a "new" file (myhost.pl.new) so maybe
nothing to do with rights on existing myhost.pl file.
@Jean Yves
i changed the files's rights to 660 in the two mentionned directories.
I let you know the result this evening as i'm at work for the moment and
haven't access to my backup server.
Hubert.
_______________________________________________
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
