Re: [owncloud-user] Can't write into config directory! ownCloud 7 CentOS 7
On Friday, August 29, 2014 10:11:37 PM Tornóci László wrote: Yes, in Fedora, RHEL, CentOS etc SELinux is in enforcing mode by default. You can switch it into permissive mode by typing as root: setenforce 0 In this mode, the errors still show up in /var/log/audit/audit.log, but SELinux will not prevent the operation. By default anything under /var/www gets a SELinux label that allows the apache process to read the files (of course traditional ownership, permission restrictions still apply) but the apache process cannot write anything there. You need to change the SELinux labels of the directory and files you want to be written by apache. (To see the labels use ls -Z) Once there are no more errors in the audit.log, you should switch back to enforcing mode (setenforce 1). I think to allow httpd to write a subdir you need to do this as root: semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/subdir(/.*)?' restorecon -R -v /var/www/subdir but I don't really know SELinux well enough, so no guarantees. But SELinux is good for you, so don't just switch it off! Yours: Laszlo Thank for the info. I have set setenforce to 0 and it is working. I am trying the setup in a VM so SELinux is not a priority but I should look into it when I move into production. I have more questions. 1. Will the OBS repo install the packages but not set the correct permissions? 2. Are these permissions correct and secure? chown -R apache:apache /var/www/html/owncloud/ chmod 777 /var/www/html/owncloud/config/ chmod 750 /var/www/html/owncloud/data 3. I am probably responsible for making any changes to Apache config. Is that correct? -- Sudhir Khanger, http://sudhirkhanger.com http://github.com/donniezazen ___ User mailing list User@owncloud.org http://mailman.owncloud.org/mailman/listinfo/user
Re: [owncloud-user] Can't write into config directory! ownCloud 7 CentOS 7
Strange. If I remember well, last time I set up ownCloud 6 on CentOS 6.5 (a while ago) it did properly set the SELinux permissions. It could be a packaging issue with CentOS 7. On 08/30/2014 08:30 AM, Sudhir Khanger wrote: On Friday, August 29, 2014 10:11:37 PM Tornóci László wrote: Yes, in Fedora, RHEL, CentOS etc SELinux is in enforcing mode by default. You can switch it into permissive mode by typing as root: setenforce 0 In this mode, the errors still show up in /var/log/audit/audit.log, but SELinux will not prevent the operation. By default anything under /var/www gets a SELinux label that allows the apache process to read the files (of course traditional ownership, permission restrictions still apply) but the apache process cannot write anything there. You need to change the SELinux labels of the directory and files you want to be written by apache. (To see the labels use ls -Z) Once there are no more errors in the audit.log, you should switch back to enforcing mode (setenforce 1). I think to allow httpd to write a subdir you need to do this as root: semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/subdir(/.*)?' restorecon -R -v /var/www/subdir but I don't really know SELinux well enough, so no guarantees. But SELinux is good for you, so don't just switch it off! Yours: Laszlo Thank for the info. I have set setenforce to 0 and it is working. I am trying the setup in a VM so SELinux is not a priority but I should look into it when I move into production. I have more questions. 1. Will the OBS repo install the packages but not set the correct permissions? 2. Are these permissions correct and secure? chown -R apache:apache /var/www/html/owncloud/ chmod 777 /var/www/html/owncloud/config/ chmod 750 /var/www/html/owncloud/data 3. I am probably responsible for making any changes to Apache config. Is that correct? ___ User mailing list User@owncloud.org http://mailman.owncloud.org/mailman/listinfo/user
Re: [owncloud-user] Can't write into config directory! ownCloud 7 CentOS 7
On Saturday, August 30, 2014 04:04:31 PM Vincent Petry wrote: Strange. If I remember well, last time I set up ownCloud 6 on CentOS 6.5 (a while ago) it did properly set the SELinux permissions. It could be a packaging issue with CentOS 7. I have let the packager know about it in previous thread. -- Sudhir Khanger, http://sudhirkhanger.com http://github.com/donniezazen ___ User mailing list User@owncloud.org http://mailman.owncloud.org/mailman/listinfo/user
Re: [owncloud-user] Can't write into config directory! ownCloud 7 CentOS 7
On CentOS, a typical reason for such problems comes from SELinux. I don't use CentOS myself so I can't tell you how to configure it correctly but at the forums (forum.owncloud.org) you should find some threads on this. Hope this helps, and best regards, Randolph On 29. August 2014 18:58:13 MESZ, Sudhir Khanger sud...@sudhirkhanger.com wrote: On Friday, August 29, 2014 06:11:18 PM Vincent Petry wrote: Did you also make the config.php file accessible for the web server user ? I chown-ed the owncloud directory to the apache user as follows. Directory permissions chown -R apache:apache /var/www/html/owncloud/ chmod 777 /var/www/html/owncloud/config/ chmod 750 /var/www/html/owncloud/data That means every file in owncloud directory is now owned by apache user and I also change the permission of /var/www/html/owncloud/config/ to 777. There is a config.sample.php in /var/www/html/owncloud/config/ which I haven't touched as the manual installation page doesn't mention config.php at all. Is that what you are asking? -- Sudhir Khanger, http://sudhirkhanger.com http://github.com/donniezazen ___ User mailing list User@owncloud.org http://mailman.owncloud.org/mailman/listinfo/user ___ User mailing list User@owncloud.org http://mailman.owncloud.org/mailman/listinfo/user
Re: [owncloud-user] Can't write into config directory! ownCloud 7 CentOS 7
On 08/29/2014 09:13 PM, Randolph Carter wrote: On CentOS, a typical reason for such problems comes from SELinux. I don't use CentOS myself so I can't tell you how to configure it correctly but at the forums (forum.owncloud.org http://forum.owncloud.org) you should find some threads on this. Hope this helps, and best regards, Randolph Yes, in Fedora, RHEL, CentOS etc SELinux is in enforcing mode by default. You can switch it into permissive mode by typing as root: setenforce 0 In this mode, the errors still show up in /var/log/audit/audit.log, but SELinux will not prevent the operation. By default anything under /var/www gets a SELinux label that allows the apache process to read the files (of course traditional ownership, permission restrictions still apply) but the apache process cannot write anything there. You need to change the SELinux labels of the directory and files you want to be written by apache. (To see the labels use ls -Z) Once there are no more errors in the audit.log, you should switch back to enforcing mode (setenforce 1). I think to allow httpd to write a subdir you need to do this as root: semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/subdir(/.*)?' restorecon -R -v /var/www/subdir but I don't really know SELinux well enough, so no guarantees. But SELinux is good for you, so don't just switch it off! Yours: Laszlo On 29. August 2014 18:58:13 MESZ, Sudhir Khanger sud...@sudhirkhanger.com wrote: On Friday, August 29, 2014 06:11:18 PM Vincent Petry wrote: Did you also make the config.php file accessible for the web server user ? I chown-ed the owncloud directory to the apache user as follows. Directory permissions chown -R apache:apache /var/www/html/owncloud/ chmod 777 /var/www/html/owncloud/config/ chmod 750 /var/www/html/owncloud/data That means every file in owncloud directory is now owned by apache user and I also change the permission of /var/www/html/owncloud/config/ to 777. There is a config.sample.php in /var/www/html/owncloud/config/ which I haven't touched as the manual installation page doesn't mention config.php at all. Is that what you are asking? ___ User mailing list User@owncloud.org http://mailman.owncloud.org/mailman/listinfo/user ___ User mailing list User@owncloud.org http://mailman.owncloud.org/mailman/listinfo/user
Re: [owncloud-user] Can't write into config directory! ownCloud 7 CentOS 7
Yes, the way you set it up should work. Not sure why you're still getting the message. Just saw you're using CentOS, did you also make sure to chcon the owncloud folder to make it available ? (SELinux) Cheers, Vincent On 08/29/2014 06:58 PM, Sudhir Khanger wrote: On Friday, August 29, 2014 06:11:18 PM Vincent Petry wrote: Did you also make the config.php file accessible for the web server user ? I chown-ed the owncloud directory to the apache user as follows. Directory permissions chown -R apache:apache /var/www/html/owncloud/ chmod 777 /var/www/html/owncloud/config/ chmod 750 /var/www/html/owncloud/data That means every file in owncloud directory is now owned by apache user and I also change the permission of /var/www/html/owncloud/config/ to 777. There is a config.sample.php in /var/www/html/owncloud/config/ which I haven't touched as the manual installation page doesn't mention config.php at all. Is that what you are asking? ___ User mailing list User@owncloud.org http://mailman.owncloud.org/mailman/listinfo/user