From: Greg Ercolano <erco@(email surpressed)> Subject: SELinux + www-rush: solving 'rush: Permission denied' errors Date: Fri, 21 Nov 2014 16:45:21 -0500 |
Msg# 2384 View Complete Thread (1 article) | All Threads Last Next |
Most recent linux distros come pre-configured with SELinux enabled. Many seasoned admins configure internal linux machines (e.g. render nodes) with SELinux disabled, as typically they don't need or want the NSA level enhanced security that it provides; unix permissions are usually sufficient. Rush should operate just fine with SELinux enabled. However, www-rush (the cgi-bin script) needs some extra config if you want Apache to run with SElinux enabled. Otherwise, all the www-rush report buttons ("All Jobs", "Hosts", etc) give a "Permission denied" error inside the www-rush interface. To use www-rush with SELinux enabled, just run this command (as root) to prevent the "Permission denied" errors: chcon -t httpd_sys_script_exec_t /usr/local/rush/bin/rush This allows the 'rush' executable to be run as a cgi-bin script without tripping up on SELinux security. 'chcon' can be described as the SELinux equivalent of the 'chmod' or 'chown' commands; it changes the SELinux security attributes of a file, in this case the 'rush' executable. Questions/comments welcome. |