Евгений Жиряков via FreeIPA-users wrote: > Is it matter that the SELinux is disabled? > > # sestatus > SELinux status: disabled > > Permissions I changed before. > I changed the group to ipaapi without luck. > > # ls -la /var/lib/ipa > total 20 > drw-r--r--. 11 root root 202 Oct 20 19:15 . > drwxr-xr-x. 51 root root 4096 Oct 15 14:02 .. > drwxr-xr-x 2 root root 31 Oct 20 11:11 auth_backup > drwx------. 5 root root 114 Oct 20 11:12 backup > -rw-------. 1 root root 1545 Oct 20 17:27 ca.csr > drwxr-xr-x. 2 root root 47 Oct 15 15:03 certs > drwx------. 2 root root 25 Jun 29 17:47 gssproxy > drwx------. 2 root root 41 Jun 29 17:47 passwds > drwxr-xr-x. 3 root root 21 Jun 29 17:47 pki-ca > drwx------. 2 root root 47 Oct 15 15:02 private > -r--r-----. 1 root ipaapi 1708 Oct 21 2020 ra-agent.key > -r--r-----. 1 root ipaapi 1419 Oct 21 2020 ra-agent.pem > drwx--x--x. 2 root root 4096 Jun 29 17:47 sysrestore > drwx------. 2 root root 30 Jun 29 17:47 sysupgrade
I'd check the permissions on /var and /lib too. You're seeing an EACCES error which is basic permissions. Apache can't read the certificate because the OS won't let it. It's fine, though not recommended, if you have SELinux disabled. rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
