From: Eoghan Ó C. <eog...@gm...> - 2012-11-06 14:22:14
|
Hi, I think you should avoid leaving it disabled. We have Vufind running on RHEL6 with SELinux enabled. I'm far from an SELinux expert but we've used that audit2allow tool [1] in the past to find policy denials. The "audit2allow -w -a" command prints out details on denials & suggests how to resolve them. Sometimes it is just a case of enabling/disabling a paricular policy boolean, e.g. setsebool -P [pollicy]1. If it isn't that straight-forward, I think you can build custom policy exceptions. If audit2allow isn't installed you can get it by installing policycoreutils-python using yum. Maybe best to refer this back to your sysadmin though? BTW, to re-enable SELinux for testing, it's: echo 1 > /selinux/enforce Eoghan [1] https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Fixing_Problems-Allowing_Access_audit2allow.html On 6 November 2012 14:06, Ranju Upadhyay <Ran...@nu...> wrote: > Hi all, > > I just applied Eoghan's suggestion and yes I can access it now.But is it > safe to disable selinux? > > > Thanks > Ranju. > > ----- Original Message ----- > From: Eoghan Ó Carragáin <eog...@gm...> > Date: Tuesday, November 6, 2012 1:34 pm > Subject: Re: [VuFind-General] unable to access vufind on RHEL > To: "Mosior, Benjamin" <BEM...@sh...> > Cc: Ranju Upadhyay <Ran...@nu...>, " > vuf...@li..." < > vuf...@li...> > > > Hi, > > As a sanity check, maybe try temporarily disabling SELinux: > > > echo 0 > /selinux/enforce > > This isn't a permanent solution, but if this fixes things it'll give you > something to go on. > > > > In my RHEL 6 setup /interface/compile and /interface/cache are owned by > a local vufind user, while all sub-folders and files are apache:apache. > > > > Eoghan > > > > > > On 6 November 2012 13:26, Mosior, Benjamin <BEM...@sh...> wrote: > >> > Ranju,**** >> >> **> ** >> >> > Could you send us the output of: ls –al >> /usr/local/vufind/vufind-1.3/web/interface **** >> >> **> ** >> >> > Benjamin Mosior**** >> >> **> ** >> >> *> From:* Ranju Upadhyay [mailto:Ran...@nu...] >> *> Sent:* Tuesday, November 06, 2012 8:06 AM >> *> To:* Demian Katz >> *> Cc:* Tod Olson; Mosior, Benjamin; vuf...@li... >> >> *> Subject:* Re: [VuFind-General] unable to access vufind on RHEL**** >> >> **> ** >> >> > Hi all, >> > >> > yes the Cache setting does not exist in 1.3 but I tried setting the >> ownership to apache (even made the group writable on compile and cache >> directories but I still get these errors : >> > >> > [Tue Nov 06 12:57:12 2012] [error] [client 149.157.2.121] PHP >> Warning: mkdir(): Permission denied in >> /usr/local/vufind/vufind-1.3/web/sys/Interface.php on line 100 >> > [Tue Nov 06 12:57:12 2012] [error] [client 149.157.2.121] PHP >> Warning: mkdir(): Permission denied in >> /usr/local/vufind/vufind-1.3/web/sys/Interface.php on line 100 >> > [Tue Nov 06 12:57:12 2012] [error] [client 149.157.2.121] PHP Fatal >> error: Smarty error: unable to write to $compile_dir >> '/usr/local/vufind/vufind-1.3/web/interface/compile/9cd5945eb796ea57d5e34b1da9fd4c8f'. >> Be sure $compile_dir is writable by the web server user. in >> /usr/share/pear/Smarty/Smarty.class.php on line 1093 >> > >> > Something I noticed is that the directory >> 9cd5945eb796ea57d5e34b1da9fd4c8f actually was not present under compile dir >> but I created it and set the owner and group to apache:apache.And there is >> no such directory under cache either. >> > >> > Any more thoughts? >> > >> > Thanks >> > Ranju. >> > >> > ----- Original Message ----- >> > From: Demian Katz <dem...@vi...> >> > Date: Monday, November 5, 2012 6:19 pm >> > Subject: Re: [VuFind-General] unable to access vufind on RHEL >> > To: Tod Olson <to...@uc...>, "Mosior, Benjamin" <BEM...@sh... >> > >> > Cc: "vuf...@li..." < >> vuf...@li...>**** >> >> > > …though in Ranju’s case, he is using VuFind 1.3, so the [Cache] >> settings don’t exist yet (they’re introduced in 2.0beta). But I think >> fixing the file ownership should take care of the problem.**** >> >> > **** >> >> > - Demian**** >> >> > **** >> >> > > *From:* Tod Olson [mailto:to...@uc...] >> > > *Sent:* Monday, November 05, 2012 1:15 PM >> > > *To:* Mosior, Benjamin >> > > *Cc:* vuf...@li... >> > > *Subject:* Re: [VuFind-General] unable to access vufind on RHEL**** >> >> > > **** >> >> > > What we settled on locally is to have the cache directories: **** >> >> > > **** >> >> > > - owned by the web server**** >> >> > > - group owned by some group the developers are all in**** >> >> > > - and tweak the [Cache] settings in config.ini so the the caches are >> group-writable**** >> >> > > **** >> >> > > This means the web server can write the cache files but those of us >> working on it can blow away the caches when we need to, without bothering >> the sysadmin. (not an issue if you have root access to your box.)**** >> >> > > **** >> >> > > -Tod**** >> >> > > **** >> >> > > On Nov 5, 2012, at 10:57 AM, "Mosior, Benjamin" <BEM...@sh...>** >> ** >> >> > > wrote:**** >> >> > > >> > > **** >> >> > > Ranju,**** >> >> > > **** >> >> > > According to the documentation ( >> http://vufind.org/wiki/vufind_on_linux), “The >> vufind/web/interface/cache, vufind/web/interface/compile and >> vufind/web/images/covers directories and subdirectories will also need to >> be owned by the web server user.”**** >> >> > > **** >> >> > > Running “chown -R apache >> /usr/local/vufind/vufind-1.3/web/interface/cache >> /usr/local/vufind/vufind-1.3/web/interface/compile >> /usr/local/vufind/vufind-1.3/web/images/covers” to change the ownership to >> “apache” should do the trick.**** >> >> > > **** >> >> > > Be sure to read through the documentation in the link above, as that >> will help guide you as you make progress.**** >> >> > > **** >> >> > > Hope that helps,**** >> >> > > Benjamin Mosior**** >> >> > > Keystone Library Network**** >> >> > > **** >> >> > > *From:* Ranju Upadhyay [mailto:Ran...@nu...] >> > > *Sent:* Monday, November 05, 2012 11:42 AM >> > > *To:* Mosior, Benjamin >> > > *Cc:* vuf...@li... >> > > *Subject:* Re: RE: [VuFind-General] unable to access vufind on RHEL** >> ** >> >> > > **** >> >> > > Hi all, >> > > >> > > quite possibly the issue is to do with permission. >> > > >> > > In my httpd.conf I have httpd run by user and group apache (RHEL >> including apache,php,java was installed by our CS and I installed vufind as >> root) . >> > > >> > > when I look at the apache error log I see >> > > >> > > [Mon Nov 05 15:37:11 2012] [error] [client 149.157.61.84] Directory >> index forbidden by Options directive: /var/www/html/ >> > > [Mon Nov 05 16:21:27 2012] [error] [client ::1] PHP Warning: >> mkdir(): Permission denied in >> /usr/local/vufind/vufind-1.3/web/sys/Interface.php on line 100 >> > > [Mon Nov 05 16:21:27 2012] [error] [client ::1] PHP Warning: >> mkdir(): Permission denied in >> /usr/local/vufind/vufind-1.3/web/sys/Interface.php on line 100 >> > > [Mon Nov 05 16:21:27 2012] [error] [client ::1] PHP Fatal error: >> Smarty error: unable to write to $compile_dir >> '/usr/local/vufind/vufind-1.3/web/interface/compile/9cd5945eb796ea57d5e34b1da9fd4c8f'. >> Be sure $compile_dir is writable by the web server user. in >> /usr/share/pear/Smarty/Smarty.class.php on line 1093 >> > > [Mon Nov 05 16:21:59 2012] [error] [client 149.157.61.84] PHP >> Warning: mkdir(): Permission denied in >> /usr/local/vufind/vufind-1.3/web/sys/Interface.php on line 100 >> > > [Mon Nov 05 16:21:59 2012] [error] [client 149.157.61.84] PHP >> Warning: mkdir(): Permission denied in >> /usr/local/vufind/vufind-1.3/web/sys/Interface.php on line 100 >> > > [Mon Nov 05 16:22:00 2012] [error] [client 149.157.61.84] PHP Fatal >> error: Smarty error: unable to write to $compile_dir >> '/usr/local/vufind/vufind-1.3/web/interface/compile/9cd5945eb796ea57d5e34b1da9fd4c8f'. >> Be sure $compile_dir is writable by the web server user. in >> /usr/share/pear/Smarty/Smarty.class.php on line 1093 >> > > [Mon Nov 05 16:23:16 2012] [error] [client 149.157.2.121] PHP >> Warning: mkdir(): Permission denied in >> /usr/local/vufind/vufind-1.3/web/sys/Interface.php on line 100 >> > > [Mon Nov 05 16:23:16 2012] [error] [client 149.157.2.121] PHP >> Warning: mkdir(): Permission denied in >> /usr/local/vufind/vufind-1.3/web/sys/Interface.php on line 100 >> > > [Mon Nov 05 16:23:16 2012] [error] [client 149.157.2.121] PHP Fatal >> error: Smarty error: unable to write to $compile_dir >> '/usr/local/vufind/vufind-1.3/web/interface/compile/9cd5945eb796ea57d5e34b1da9fd4c8f'. >> Be sure $compile_dir is writable by the web server user. in >> /usr/share/pear/Smarty/Smarty.class.php on line 1093 >> > > [Mon Nov 05 16:26:20 2012] [error] [client 149.157.2.121] PHP >> Warning: mkdir(): Permission denied in >> /usr/local/vufind/vufind-1.3/web/sys/Interface.php on line 100 >> > > [Mon Nov 05 16:26:20 2012] [error] [client 149.157.2.121] PHP >> Warning: mkdir(): Permission denied in >> /usr/local/vufind/vufind-1.3/web/sys/Interface.php on line 100 >> > > [Mon Nov 05 16:26:20 2012] [error] [client 149.157.2.121] PHP Fatal >> error: Smarty error: unable to write to $compile_dir >> '/usr/local/vufind/vufind-1.3/web/interface/compile/9cd5945eb796ea57d5e34b1da9fd4c8f'. >> Be sure $compile_dir is writable by the web server user. in >> /usr/share/pear/Smarty/Smarty.class.php on line 1093 >> > > [Mon Nov 05 16:28:03 2012] [error] [client ::1] Directory index >> forbidden by Options directive: /var/www/html/ >> > > [Mon Nov 05 16:28:07 2012] [error] [client ::1] PHP Warning: >> mkdir(): Permission denied in >> /usr/local/vufind/vufind-1.3/web/sys/Interface.php on line 100 >> > > [Mon Nov 05 16:28:07 2012] [error] [client ::1] PHP Warning: >> mkdir(): Permission denied in >> /usr/local/vufind/vufind-1.3/web/sys/Interface.php on line 100 >> > > [Mon Nov 05 16:28:07 2012] [error] [client ::1] PHP Fatal error: >> Smarty error: unable to write to $compile_dir >> '/usr/local/vufind/vufind-1.3/web/interface/compile/9cd5945eb796ea57d5e34b1da9fd4c8f'. >> Be sure $compile_dir is writable by the web server user. in >> /usr/share/pear/Smarty/Smarty.class.php on line 1093 >> > > [Mon Nov 05 16:28:18 2012] [error] [client 149.157.2.121] PHP >> Warning: mkdir(): Permission denied in >> /usr/local/vufind/vufind-1.3/web/sys/Interface.php on line 100 >> > > [Mon Nov 05 16:28:18 2012] [error] [client 149.157.2.121] PHP >> Warning: mkdir(): Permission denied in >> /usr/local/vufind/vufind-1.3/web/sys/Interface.php on line 100 >> > > [Mon Nov 05 16:28:18 2012] [error] [client 149.157.2.121] PHP Fatal >> error: Smarty error: unable to write to $compile_dir >> '/usr/local/vufind/vufind-1.3/web/interface/compile/9cd5945eb796ea57d5e34b1da9fd4c8f'. >> Be sure $compile_dir is writable by the web server user. in >> /usr/share/pear/Smarty/Smarty.class.php on line 1093 >> > > >> > > now I am wondering what would be the right course for me to do! >> Should I modify the user and group to root in the httpd.conf file as >> everything else is owned and run by root or should I simply try changing >> the ownership of compile directory and the directory underneath it to >> apache:apache ? >> > > >> > > Thanks >> > > Ranju. >> > > >> > > >> > > >> > > >> > > >> > > ----- Original Message ----- >> > > From: "Mosior, Benjamin" <BEM...@sh...> >> > > Date: Monday, November 5, 2012 4:11 pm >> > > Subject: RE: [VuFind-General] unable to access vufind on RHEL >> > > To: Ranju Upadhyay <Ran...@nu...>, " >> vuf...@li..." < >> vuf...@li...>**** >> >> > > > Ranju,**** >> >> > > > **** >> >> > > > A few quick things to check:**** >> >> > > 1. Is Apache running? (run: service httpd status)**** >> >> > > 2. Is anything useful showing up in the Apache error logs? >> (usually: /var/log/httpd/error_log)**** >> >> > > > **** >> >> > > > Let us know what you find.**** >> >> > > > **** >> >> > > > Benjamin Mosior**** >> >> > > > Keystone Library Network**** >> >> > > > **** >> >> > > > *From:* Ranju Upadhyay [mailto:Ran...@nu...] >> > > > *Sent:* Monday, November 05, 2012 10:36 AM >> > > > *To:* vuf...@li... >> > > > *Subject:* [VuFind-General] unable to access vufind on RHEL**** >> >> > > > **** >> >> > > > Hi all, >> > > > >> > > > Recently installed vufind1.3 on RHEL 6.3.Everything went fine >> during installation.I then made changes to config.ini etc . But now when I >> try to access vuifnd which should be at >> > > > >> > > > http://xvufind.nuim.ie/vufind/ <http://xvufind.nuim.ie/vufind/> , >> the page is blank! >> > > > >> > > > Insterestingly enough I can access solr at >> http://xvufind.nuim.ie:8080/solr/ >> > > > >> > > > when I do ./vufind.sh start I get something like: >> > > > >> > > > ./vufind.sh start >> > > > Found >> JAVA=/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/bin/java in >> JAVA_HOME=/ >> > > > Starting VuFind ... >> > > > /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/bin/java >> -server -Xms1024m -Xmx1024m -XX:+UseParallelGC -XX:NewRatio=5 >> -Dsolr.solr.home=/usr/local/vufind/vufind-1.3/solr >> -Djetty.logs=/usr/local/vufind/vufind-1.3/solr/jetty/logs >> -Djetty.home=/usr/local/vufind/vufind-1.3/solr/jetty -jar >> /usr/local/vufind/vufind-1.3/solr/jetty/start.jar >> /usr/local/vufind/vufind-1.3/solr/jetty/etc/jetty.xml >> > > > nohup: appending output to `nohup.out' >> > > > VuFind running pid=3495 >> > > > >> > > > everything was installed as root and hence I start vufind as root >> as well. >> > > > >> > > > I modified the .bash_profile at roots home dir i.e. /root as >> follows: >> > > > >> > > > VUFIND_HOME=/usr/local/vufind/vufind-1.3 >> > > > JAVA_HOME=/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre >> > > > PATH=$PATH:$HOME/bin:$VUFIND_HOME:$JAVA_HOME >> > > > >> > > > export PATH >> > > > >> > > > have even rebooted the server but no luck! >> > > > >> > > > Any suggestions? >> > > > >> > > > Thanks >> > > > Ranju Upadhyay >> > > > National Library of Ireland Maynooth.**** >> >> > > **** >> >> > > >> ------------------------------------------------------------------------------ >> > > LogMeIn Central: Instant, anywhere, Remote PC access and management. >> > > Stay in control, update software, and manage PCs from one command >> center >> > > Diagnose problems and improve visibility into emerging IT issues >> > > Automate, monitor and manage. Do more in less time with Central >> > > >> http://p.sf.net/sfu/logmein12331_d2d_______________________________________________<http://p.sf.net/sfu/logmein12331_d2d_______________________________________________> >> > > VuFind-General mailing list >> > > VuF...@li... >> > > https://lists.sourceforge.net/lists/listinfo/vufind-general**** >> >> > > **** >> >> > > ----------------------------------------------------------------- >> > > ------------- >> > > LogMeIn Central: Instant, anywhere, Remote PC access and management. >> > > Stay in control, update software, and manage PCs from one >> > > command center >> > > Diagnose problems and improve visibility into emerging IT issues >> > > Automate, monitor and manage. Do more in less time with Central >> > > http://p.sf.net/sfu/logmein12331_d2d> >> _______________________________________________ >> > > VuFind-General mailing list >> > > VuF...@li... >> > > https://lists.sourceforge.net/lists/listinfo/vufind-general **** >> > >> > >> ------------------------------------------------------------------------------ >> > LogMeIn Central: Instant, anywhere, Remote PC access and management. >> > Stay in control, update software, and manage PCs from one command >> center >> > Diagnose problems and improve visibility into emerging IT issues >> > Automate, monitor and manage. Do more in less time with Central >> > http://p.sf.net/sfu/logmein12331_d2d<http://p.sf.net/sfu/logmein12331_d2d> >> > _______________________________________________ >> > VuFind-General mailing list >> > VuF...@li... >> > https://lists.sourceforge.net/lists/listinfo/vufind-general<https://lists.sourceforge.net/lists/listinfo/vufind-general> >> > >> > > > |