Le ven. 22 févr. 2019 à 01:12, Ray Frush <fr...@rams.colostate.edu> a écrit :
> All- > > I had to write the following SELinux type enforcement policy file > ‘backuppc.te’ to allow the httpd daemon access to access the required files > under /etc/BackupPC even after getting httpd setup to run as the ‘backuppc’ > user. The alternative is to set SELinux to permissive, which is not > really allowed in our environment. > > > module backuppc 1.0; > > require { > type etc_t; > type var_log_t; > type net_conf_t; > type user_tmp_t; > type httpd_sys_script_t; > class file { write rename read create unlink open }; > class dir { search read write getattr remove_name open add_name }; > } > > #============= httpd_sys_script_t ============== > allow httpd_sys_script_t etc_t:dir { write search read open getattr > add_name remove_name }; > allow httpd_sys_script_t etc_t:file { write rename create unlink }; > allow httpd_sys_script_t var_log_t:dir read; > allow httpd_sys_script_t var_log_t:file { read open }; > allow httpd_sys_script_t net_conf_t:file { read write open rename create > unlink }; > allow httpd_sys_script_t user_tmp_t:dir { write search read open getattr > add_name remove_name }; > allow httpd_sys_script_t user_tmp_t:file { write rename create unlink }; > > > > I top post on purpose. > > -- > Ray Frush "Either you are part of the solution > T:970.491.5527 or part of the precipitate." > -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*- > Colorado State University | IS | System Administrator > > On Feb 21, 2019, at 15:40, Adam Goryachev < > mailingli...@websitemanagers.com.au> wrote: > > On 22/2/19 8:36 am, Hubert SCHMITT wrote: > > Thanks for your answer Jean Yves, > > But i really don't understand what's wrong. > > The rights are the same on my side : > -rw-r----- 1 backuppc apache 85K 21 févr. 20:31 config.pl > -rw-r----- 1 backuppc apache 82K 27 déc. 2014 config.pl_20141227_OK > -rw-r----- 1 backuppc apache 82K 17 avril 2016 config.pl.old > -rw-r----- 1 backuppc apache 86K 19 févr. 14:16 config.pl.pre-4.3.0 > > Apache is running with : User backuppc and Group apache in httpd.conf > > I think you will need to confirm your apache settings, because if the user > is backuppc and group apache, you should have write access to the above > file. > > One other thing to confirm is the permissions of the directory, and also > whether the web interface is attempting to write to the same file you think > it is. To check directory permissions: > > ls -ld /path/to/check > > Regards, > Adam > > > -- > Adam Goryachev Website Managers www.websitemanagers.com.au > > -- The information in this e-mail is confidential and may be legally > privileged. It is intended solely for the addressee. Access to this e-mail > by anyone else is unauthorised. If you are not the intended recipient, any > disclosure, copying, distribution or any action taken or omitted to be > taken in reliance on it, is prohibited and may be unlawful. If you have > received this message in error, please notify us immediately. Please also > destroy and delete the message from your computer. Viruses - Any > loss/damage incurred by receiving this email is not the sender's > responsibility. > _______________________________________________ > BackupPC-users mailing list > BackupPC-users@lists.sourceforge.net > List: https://lists.sourceforge.net/lists/listinfo/backuppc-users > Wiki: http://backuppc.wiki.sourceforge.net > Project: http://backuppc.sourceforge.net/ > > > _______________________________________________ > BackupPC-users mailing list > BackupPC-users@lists.sourceforge.net > List: https://lists.sourceforge.net/lists/listinfo/backuppc-users > Wiki: http://backuppc.wiki.sourceforge.net > Project: http://backuppc.sourceforge.net/ Hi all, @Adam : i done the ls -ld on /etc/BackupPC and on /etc/BackupPC/pc : *drwxr-xr-x 3 backuppc apache 4096 21 févr. 22:29 /etc/BackupPC* *drwxr-xr-x 2 backuppc apache 4096 21 févr. 14:15 /etc/BackupPC/pc* The weird thing is it can't write to a "new" file (myhost.pl.new) so maybe nothing to do with rights on existing myhost.pl file. @Jean Yves i changed the files's rights to 660 in the two mentionned directories. I let you know the result this evening as i'm at work for the moment and haven't access to my backup server. Hubert.
_______________________________________________ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List: https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki: http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/