We have an NFS mount as a destination for our log files. I have syslog-ng running as root out of simplicity.
I have the NFS share mounted, and can, by-hand, create files and directories. But syslog-ng is throwing an error saying that it cannot write to files in that NFS share.
But syslog-ng is running as root. So I as the root user can create these files by hand, but a process running as root cannot.
Anyone have any experience in this? Any clue?
So after digging, I found that this was an SELinux issue on the client side.
Apparently, as clients join an NFS server/mount, the local SELinux policy on the client can block the writing of syslog to the NFS mount because the NFS mount is sitting outside of /var/log.
Turning SELinux off on the client solved the problem. So an SELinux policy/context will have to be created around syslog/syslog-ng in order to turn SELinux back on.
Related
I am trying to do an NFS mount using CHEF. I have mounted it successfully. Please find the below code.
# Execute mount
node['chef_book']['mount_path'].each do |path_name|
mount "/#{path_name['local']}" do
device "10.34.56.1:/data"
fstype 'nfs'
options 'rw'
retries 3
retry_delay 30
action %i[mount enable]
end
end
i am able to successfully mount and make an entry in fstab file. But, after mounting the user:group for the mount linked is changing to root:root , which i was not expecting.
i want to use myuser:mygroup as owner:group. I tried changing the same using chown command but am getting permission denied issue
request some guidance
As mentioned in the comment, this is not something Chef controls per se. After the mount, the folder will be owned by whatever the NFS server says. You can try to chmod the folder after mounting but that's up to your NFS configuration and whatnot as to if it will be allowed.
Agenda: To have an common Project Folder between Linux and Windows
I have changed my document root from : /var/www/html to /media/mithun/Projects/test in my ubuntu machine 14.04
I get error as :
Forbidden
You don't have permission to access / on this server.
Apache/2.4.7 (Ubuntu) Server at localhost Port 80
So i added some scripts to : sudo gedit /etc/apache2/sites-available/000-default.conf
# DocumentRoot /var/www/html
DocumentRoot /media/mithun/Projects/test
But Document Root /var/www/test works but not with Windows NTFS Partition Drive.
Even after referring to :
Error message "Forbidden You don't have permission to access / on this server"
Issue with my Ubuntu Apache Conf file. (Forbidden You don't have permission to access / on this server.)
No success :( So kindly assist me with it...
Note: Projects is an New Volume (Internal Drive: In Windows its E:/ Drive)
#Lmwangi - Please check my updates for your reference below:
Output of : ls /etc/apparmor.d/
abstractions lightdm-guest-session usr.bin.evince usr.sbin.cupsd
cache local usr.bin.firefox usr.sbin.mysqld
disable sbin.dhclient usr.lib.telepathy usr.sbin.rsyslogd
force-complain tunables usr.sbin.cups-browsed usr.sbin.tcpdump
I tried killing apparmor:
sudo /etc/init.d/apparmor kill
I receive output as : Usage: /etc/init.d/apparmor
{start|stop|restart|reload|force-reload|status|recache}
After this, i was also able to restart apache successfully
maybe the problem is simple : is your new root directory accessible to the www-data user ?
Try :
$ chown -R www-data:www-data /media/mithun/Projects
As you have you have discovered by now, you cannot just manipulate permissions on an NTFS partition (using tools like chmod)
However, you can try forcing a given owner/permissions for the entire partition when you mount it.
Now the wayto do this, depends on the NTFS-utilities you are actually using (and which i don't know, so I'm assuming you are using ntfs-3g)
E.g. mount the partition with the following parameters (replace dev/sdX with your actual partition, and /path/to/wheredrive/is/mounted` with your target path):
mount -o gid=www-data /dev/sdX /path/where/the/drive/is/mounted
should make all the files on the partition belong to the www-data group.
If the filesystem sets the group ownership explicitely, this still might not work.
In this case, you might need to setup a usermap, that maps your windows users/groups (as found on the partition) to your linux users/groups.
The ntfs-3g.usermap utility will help you generate an initial usermap file, which you can then edit to your needs:
ntfs-3g.usermap /dev/sdX
Then pass the usermap to the mount options:
mount -o usermapping=/path/to/usermap.file /dev/sdX /path/where/the/drive/is/mounted
I suspect that you have apparmor enforcing rules that prevent Apache from reading non-whitelisted directory paths. I suggest that you
Edit the apparmor config for Apache to access your custom path. You'll need to hunt around /etc/apparmor.d/ . You may also find that using apparmor in non-enforcing mode helpful.
$ sudo aa-complain /etc/apparmor.d/*
Use mod_apparmor? See this
Or disable apparmor completely. See this
My order of preference would be 1,3,2. That should fix this for you :)
While using ubuntu with windows I faced same issue and it is resolved by remounting drive with read and write access. Below command will help you to do that:
sudo mount -o remount,rw /disk/location /disk/new_location
If it is still not working then in windows os, go to the power options and disable fast startup.
When you shut down a computer with Fast Startup enabled, Windows locks down the Windows hard disk. You won’t be able to access it from other operating systems if you have your computer configured to dual-boot. Even worse, if you boot into another OS and then access or change anything on the hard disk (or partition) that the hibernating Windows installation uses, it can cause corruption. If you’re dual booting, it’s best not to use Fast Startup or Hibernation at all.
Original article: https://www.howtogeek.com/243901/the-pros-and-cons-of-windows-10s-fast-startup-mode/
I am trying to mount a volume on a RHEL 6.4 virtual machine permanently.
My fstab entry is as:
172.17.4.228:/bp_nfs_test1 /mnt1 nfs rsize=8192,wsize=8192,intr
And I mounted the volume as:
mount 172.17.4.228:/bp_nfs_test1 /mnt1
When I run df -h I can see the volume and able to access it properly.
But when I reboot the VM, the mount is gone and not able to access it anymore even though the entry in /etc/fstab is present
I have to manually mount the volume again (mount -a), then only I am able to see my volume in df -h and access it.
Any help is appreciated
The mount process on boot is very early, so your network won't be online thus preventing the nfs share from being mounted. You'll need to enable netfs, which manages network file shares, and runs after the network is up. Your desired process is:
Standard mounts processed.
NFS share is skipped during initial mounts (by adding _netdev to options).
After network is online, netfs will process network file systems like nfs and bring them online.
To prevent automounter for attempting to mount your nfs share before the network services are available, add _netdev to your options:
172.17.4.228:/bp_nfs_test1 /mnt1 nfs rsize=8192,wsize=8192,intr,_netdev
Enable netfs:
chkconfig netfs on
Alternatively, you could also configure the share through the /etc/auto.master configuration and have it mount when the share is accessed.
I have created a chrooted sftp user, and mounted a directory to the users chrooted home.
Within this directory I have one directory for each website the sftp user has access to.
When I rebooted my Ubuntu 10.04 server, the content of the mounted folder is gone.
/home/chrootedUser/websites/website1
To my frustration the website1 directory is gone/deleted.
My /etc/fstab config:
http://pastebin.com/gxz3w9Mg
My mounts (using command mount):
http://pastebin.com/XcGGvGVE
I hope someone can point me in the right direction, please let me know if you need anything else.
Unmount /home/chrootedUser/websites and your files will be there. Probably your mount didn't work for the first time when you were creating those files. But now it works.
fstab should do automounting for you just fine. It's difficult to tell what exactly went wrong, you can read /proc/self/mounts to check your mounts.
I'm writing a new daemon, which will be hosted on Debian Linux.
I've found that /var/log has root only write permissions, so my daemon cannot write log files there.
However, if it writes there, it appears it will gain automatic log rotation, and also work as a user might expect.
What is the recommended way for a daemon to write log entries that appear in /var/log, without having to be run as root?
The daemon is a webserver, so the log traffic will be similar to Apache.
You should create a subdirectory like /var/log/mydaemon having the daemon's user ownership
As root, create a logfile there and change the files owner to the webserver user:
# touch /var/log/myserver.log
# chown wwwuser /var/log/myserver.log
Then the server can write to the files if run as user wwwuser. It will not gain automatic log rotation, though. You have to add the logfile to /etc/logrotate.conf or /etc/logrotate.d/... and make your server reopen the logfile when logrotate signals it should.
You might also use syslog for logging, if that fit's your scenario better.
Two options:
Start as root, open the file, then drop permissions with setuid. (I don't remember the exact system calls for dropping permissions.) You'll have to do this anyway if you want to bind to TCP port 80 or any port below 1024.
Create a subdirectory like /var/log/mydaemon having the daemon's user ownership, as WiseTechi said.
Files under /var/log aren't automatically rotated; instead, rotation is controlled by /etc/logrotate.conf and files under /etc/logrotate.d.
use the "logger" command
http://linux.die.net/man/1/logger