Is selinux enabled? That can enforce all sorts of limitations on what services can do.
Craig On Thu, Feb 21, 2019 at 11:16 PM Hubert SCHMITT <sch...@gmail.com> wrote: > > > Le ven. 22 févr. 2019 à 01:12, Ray Frush <fr...@rams.colostate.edu> a > écrit : > >> All- >> >> I had to write the following SELinux type enforcement policy file >> ‘backuppc.te’ to allow the httpd daemon access to access the required files >> under /etc/BackupPC even after getting httpd setup to run as the ‘backuppc’ >> user. The alternative is to set SELinux to permissive, which is not >> really allowed in our environment. >> >> >> module backuppc 1.0; >> >> require { >> type etc_t; >> type var_log_t; >> type net_conf_t; >> type user_tmp_t; >> type httpd_sys_script_t; >> class file { write rename read create unlink open }; >> class dir { search read write getattr remove_name open add_name }; >> } >> >> #============= httpd_sys_script_t ============== >> allow httpd_sys_script_t etc_t:dir { write search read open getattr >> add_name remove_name }; >> allow httpd_sys_script_t etc_t:file { write rename create unlink }; >> allow httpd_sys_script_t var_log_t:dir read; >> allow httpd_sys_script_t var_log_t:file { read open }; >> allow httpd_sys_script_t net_conf_t:file { read write open rename create >> unlink }; >> allow httpd_sys_script_t user_tmp_t:dir { write search read open getattr >> add_name remove_name }; >> allow httpd_sys_script_t user_tmp_t:file { write rename create unlink }; >> >> >> >> I top post on purpose. >> >> -- >> Ray Frush "Either you are part of the solution >> T:970.491.5527 or part of the precipitate." >> -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*- >> Colorado State University | IS | System Administrator >> >> On Feb 21, 2019, at 15:40, Adam Goryachev < >> mailingli...@websitemanagers.com.au> wrote: >> >> On 22/2/19 8:36 am, Hubert SCHMITT wrote: >> >> Thanks for your answer Jean Yves, >> >> But i really don't understand what's wrong. >> >> The rights are the same on my side : >> -rw-r----- 1 backuppc apache 85K 21 févr. 20:31 config.pl >> -rw-r----- 1 backuppc apache 82K 27 déc. 2014 config.pl_20141227_OK >> -rw-r----- 1 backuppc apache 82K 17 avril 2016 config.pl.old >> -rw-r----- 1 backuppc apache 86K 19 févr. 14:16 config.pl.pre-4.3.0 >> >> Apache is running with : User backuppc and Group apache in httpd.conf >> >> I think you will need to confirm your apache settings, because if the >> user is backuppc and group apache, you should have write access to the >> above file. >> >> One other thing to confirm is the permissions of the directory, and also >> whether the web interface is attempting to write to the same file you think >> it is. To check directory permissions: >> >> ls -ld /path/to/check >> >> Regards, >> Adam >> >> >> -- >> Adam Goryachev Website Managers www.websitemanagers.com.au >> >> -- The information in this e-mail is confidential and may be legally >> privileged. It is intended solely for the addressee. Access to this e-mail >> by anyone else is unauthorised. If you are not the intended recipient, any >> disclosure, copying, distribution or any action taken or omitted to be >> taken in reliance on it, is prohibited and may be unlawful. If you have >> received this message in error, please notify us immediately. Please also >> destroy and delete the message from your computer. Viruses - Any >> loss/damage incurred by receiving this email is not the sender's >> responsibility. >> _______________________________________________ >> BackupPC-users mailing list >> BackupPC-users@lists.sourceforge.net >> List: https://lists.sourceforge.net/lists/listinfo/backuppc-users >> Wiki: http://backuppc.wiki.sourceforge.net >> Project: http://backuppc.sourceforge.net/ >> >> >> _______________________________________________ >> BackupPC-users mailing list >> BackupPC-users@lists.sourceforge.net >> List: https://lists.sourceforge.net/lists/listinfo/backuppc-users >> Wiki: http://backuppc.wiki.sourceforge.net >> Project: http://backuppc.sourceforge.net/ > > > > > Hi all, > > @Adam : > > i done the ls -ld on /etc/BackupPC and on /etc/BackupPC/pc : > > *drwxr-xr-x 3 backuppc apache 4096 21 févr. 22:29 /etc/BackupPC* > > *drwxr-xr-x 2 backuppc apache 4096 21 févr. 14:15 /etc/BackupPC/pc* > > The weird thing is it can't write to a "new" file (myhost.pl.new) so maybe > nothing to do with rights on existing myhost.pl file. > > @Jean Yves > i changed the files's rights to 660 in the two mentionned directories. > > I let you know the result this evening as i'm at work for the moment and > haven't access to my backup server. > > Hubert. > > > > > > _______________________________________________ > BackupPC-users mailing list > BackupPC-users@lists.sourceforge.net > List: https://lists.sourceforge.net/lists/listinfo/backuppc-users > Wiki: http://backuppc.wiki.sourceforge.net > Project: http://backuppc.sourceforge.net/ >
_______________________________________________ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List: https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki: http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/