Permission problems when accessing SysConfig
hi list,
Permission problem on a RedHat Enterprise release 4 box,
When I installed otrs I had permission problems with the installer.pl
but did that manually according to the manual.
I installed the release from rpm package.
Now I'm not able to access the SysConfig from the Admin interface,
It gives me this error message.
--
ERROR: OTRS-CGI-10 Perl: 5.8.5 OS: linux Time: Wed Jun 7 13:32:33 2006
Message: Can't write /opt/otrs/Kernel/Config/Files/ZZZAAuto.pm: Permission
denied!
Traceback (16177):
Module: Kernel::System::Config::WriteDefault (v1.45) Line: 183
Module: Kernel::Modules::AdminSysConfig::Run (v1.38) Line: 54
Module: Kernel::System::Web::InterfaceAgent::Run (v1.8) Line: 651
Module: /opt/otrs/bin/cgi-bin/index.pl (v1.80) Line: 47
--
I've run SetPermissions.sh like this:
[root@xxx bin]# ./SetPermissions.sh /opt/otrs otrs apache apache apache
SetPermissions.sh <$Revision: 1.27 $> - set OTRS file permissions
Copyright (c) 2001-2004 Martin Edenhofer
Robertino Hermansson wrote:
I've run SetPermissions.sh like this:
[root@xxx bin]# ./SetPermissions.sh /opt/otrs otrs apache apache apache
I'd try running './SetPermissions.sh otrs apache' and omit the last two optional arguments. Why do you even use apache for the OTRS_GROUP? Nils Breunese.
I've tried doing that, resulting in this output:
[root@xxx bin]# ./SetPermissions.sh /opt/otrs otrs apache
SetPermissions.sh <$Revision: 1.27 $> - set OTRS file permissions
Copyright (c) 2001-2004 Martin Edenhofer
Robertino Hermansson wrote:
I've run SetPermissions.sh like this:
[root@xxx bin]# ./SetPermissions.sh /opt/otrs otrs apache apache apache
I'd try running './SetPermissions.sh otrs apache' and omit the last two optional arguments. Why do you even use apache for the OTRS_GROUP?
Nils Breunese. _______________________________________________ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support orr consulting for your OTRS system? => http://www.otrs.com/
Robertino Hermansson wrote:
I have a different OTRS installation on another machine (Fedora Core 3) where httpd runs as the otrs group/user and that is working fine. But that's just a test installation in lab environment.
More idéas?
I installed OTRS on CentOS 4 using the RedHat RPM and that worked without having to run SetPermissions.sh. What do your webserver logs say? Nils Breunese.
Not much, here's the output from the latest entries regarding otrs.
Pretty much the same errors reported on the webpage.
Maybe I should try to get the webserver running as otrs/otrs and see if that
helps, don't know
if it is possible though.
[error_log]
[Wed Jun 07 16:35:01 2006] [error] [client <hostname>] ERROR: OTRS-CGI-10
Perl: 5.8.5 OS: linux Time: Wed Jun 7 16:35:01 2006, referer:
http://<hostname>/index.pl?Action=Admin
[Wed Jun 07 16:35:01 2006] [error] [client <hostname>] , referer:
http://<hostname>/index.pl?Action=Admin
[Wed Jun 07 16:35:01 2006] [error] [client <hostname>] Message: Can't write
/opt/otrs/Kernel/Config/Files/ZZZAAuto.pm: Permission denied!, referer:
http://<hostname>/index.pl?Action=Admin
[Wed Jun 07 16:35:01 2006] [error] [client <hostname>] , referer:
http://<hostname>/index.pl?Action=Admin
[Wed Jun 07 16:35:01 2006] [error] [client <hostname>] Traceback (23777): ,
referer: http://<hostname>/index.pl?Action=Admin
[Wed Jun 07 16:35:01 2006] [error] [client <hostname>] Module:
Kernel::System::Config::WriteDefault (v1.45) Line: 183, referer:
http://<hostname>/index.pl?Action=Admin
[Wed Jun 07 16:35:01 2006] [error] [client <hostname>] Module:
Kernel::Modules::AdminSysConfig::Run (v1.38) Line: 54, referer:
http://<hostname>/index.pl?Action=Admin
[Wed Jun 07 16:35:01 2006] [error] [client <hostname>] Module:
Kernel::System::Web::InterfaceAgent::Run (v1.8) Line: 651, referer:
http://<hostname>/index.pl?Action=Admin
[Wed Jun 07 16:35:01 2006] [error] [client <hostname>] Module:
/opt/otrs/bin/cgi-bin/index.pl (v1.80) Line: 47, referer:
http://<hostname>/index.pl?Action=Admin
[Wed Jun 07 16:35:01 2006] [error] [client <hostname>] , referer:
http://<hostname>/index.pl?Action=Admin
[access_log]
<hostname> - - [07/Jun/2006:16:36:17 +0300] "GET
/index.pl?Action=AdminSysConfig HTTP/1.1" 200 10203
"http://<hostname>/index.pl?Action=Admin" "Mozilla/5.0 (Windows; U; Windows
NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
<hostname> - - [07/Jun/2006:16:36:21 +0300] "GET
/otrs-web/images/Standard/up.png HTTP/1.1" 304 -
"http://<hostname>/index.pl?Action=AdminSysConfig" "Mozilla/5.0 (Windows; U;
Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
--Robertino
On 6/7/06, Nils Breunese (Lemonbit Internet)
Robertino Hermansson wrote:
I have a different OTRS installation on another machine (Fedora Core 3) where httpd runs as the otrs group/user and that is working fine. But that's just a test installation in lab environment.
More idéas?
I installed OTRS on CentOS 4 using the RedHat RPM and that worked without having to run SetPermissions.sh. What do your webserver logs say?
Nils Breunese._______________________________________________ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support orr consulting for your OTRS system?
Robertino Hermansson wrote:
Maybe I should try to get the webserver running as otrs/otrs and see if that helps, don't know if it is possible though.
It may be possible, but I have it all working with apache just running as apache. What are the permissions and owners of /opt/otrs/ Kernel/Config/Files/ZZZAAutio.pm on your machine? Mine has: drwxr-xr-x root root (for /opt) drwxrwxr-x otrs apache (for /opt/otrs) drwxrwxr-x apache apache (for /opt/otrs/Kernel) drwxrwxr-x apache apache (for /opt/otrs/Kernel/Config) drwxrwxr-x apache apache (for /opt/otrs/Kernel/Config/Files) -rw-r--r-- apache apache (for /opt/otrs/Kernel/Config/Files/ ZZZAAuto.pm) So yeah, apache should be able to write this file. However, on your system that seems to be a problem:
Message: Can't write /opt/otrs/Kernel/Config/Files/ZZZAAuto.pm: Permission denied!, referer: http://<hostname>/index.pl?Action=Admin
Nils Breunese.
Problem solved!
Got it working now, the problem was with SELinux and policies.
This discussion solved it:
http://lists.otrs.org/pipermail/dev/2005-September/001117.html
First installed the package:
selinux-policy-targeted-sources-1.17.30-2.126.noarch.rpm
And added the following lines to
/etc/selinux/targeted/src/policy/domains/program/apache.te
allow httpd_t policy_src_t:dir search;
allow httpd_t usr_t:dir write;
allow httpd_t usr_t:dir add_name;
allow httpd_t usr_t:file create;
allow httpd_t usr_t:file write;
allow httpd_t usr_t:file append;
the 2 last lines where not mentioned in the previous post
but where added also and then it seems to work.
then restarted httpd.
thanks for your help Nils.
--Robertino
On 6/7/06, Nils Breunese (Lemonbit Internet)
Robertino Hermansson wrote:
Maybe I should try to get the webserver running as otrs/otrs and see if that helps, don't know if it is possible though.
It may be possible, but I have it all working with apache just running as apache. What are the permissions and owners of /opt/otrs/ Kernel/Config/Files/ZZZAAutio.pm on your machine? Mine has:
drwxr-xr-x root root (for /opt) drwxrwxr-x otrs apache (for /opt/otrs) drwxrwxr-x apache apache (for /opt/otrs/Kernel) drwxrwxr-x apache apache (for /opt/otrs/Kernel/Config) drwxrwxr-x apache apache (for /opt/otrs/Kernel/Config/Files) -rw-r--r-- apache apache (for /opt/otrs/Kernel/Config/Files/ ZZZAAuto.pm)
So yeah, apache should be able to write this file. However, on your system that seems to be a problem:
Message: Can't write /opt/otrs/Kernel/Config/Files/ZZZAAuto.pm: Permission denied!, referer: http://<hostname>/index.pl?Action=Admin
Nils Breunese. _______________________________________________ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support orr consulting for your OTRS system? => http://www.otrs.com/
participants (2)
-
Nils Breunese (Lemonbit Internet) -
Robertino Hermansson