Ticket #32: part0001.4.html

File part0001.4.html, 2.8 KB (added by Adam Goss, 16 years ago)

Added by email2trac

Line 
1I believe I have finally solved my own problem.  There were no AVC messages in the message log, but I dug into the audit log and found that the reason the service was being denied access to the files, even when they where chmod 777 was SELinux.  I created a custom SELinux policy based on the alerts generated after a reboot and failed email2trac test and it appears to have fixed the problem.
2<br><br><div><span class="gmail_quote">On 11/5/07, <b class="gmail_sendername">email2trac</b> &lt;<a href="mailto:email2trac@sara.nl">email2trac@sara.nl</a>&gt; wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
3#32: permissions issue, email2trac config<br>-----------------------------+----------------------------------------------<br>Reporter:&nbsp;&nbsp;<a href="mailto:acgoss@gmail.com">acgoss@gmail.com</a>&nbsp;&nbsp;|&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Owner:&nbsp;&nbsp;bas<br>&nbsp;&nbsp;&nbsp;&nbsp;Type:&nbsp;&nbsp;defect&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Status:&nbsp;&nbsp;assigned
4<br>Priority:&nbsp;&nbsp;major&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp;&nbsp;&nbsp;&nbsp;Component:&nbsp;&nbsp;email2trac<br> Version:&nbsp;&nbsp;0.10&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|&nbsp;&nbsp; Resolution:<br>Keywords:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|<br>-----------------------------+----------------------------------------------
5<br>Comment (by bas):<br><br> This setup will never work for root and apache, because the postfix user<br> will start up email2trac and this userid has no write access to the trac-<br> database. That is why you need run_email2trac for this. It will change the
6<br> userid from &lt;postfix&gt; to the &lt;apache&gt; user.&nbsp;&nbsp;The process of changing user<br> fails some how and i think it has to do with not allowing to run suid<br> programs.<br><br> Can you just put this is /etc/aliases:
7<br> {{{<br> test: /var/tmp/test.sh<br> }}}<br><br> test.sh<br> {{{<br> /usr/bin/id &gt; /var/tmp/postfix.user<br> }}}<br><br> else use the other postfix setup:<br>&nbsp;&nbsp;*<br> <a href="https://subtrac.sara.nl/oss/email2trac/wiki/Email2tracMta#Noteforpostfix">
8https://subtrac.sara.nl/oss/email2trac/wiki/Email2tracMta#Noteforpostfix</a><br><br>--<br>Ticket URL: &lt;<a href="https://subtrac.sara.nl/oss/email2trac/ticket/32#comment:7">https://subtrac.sara.nl/oss/email2trac/ticket/32#comment:7
9</a>&gt;<br>email2trac &lt;<a href="https://subtrac.sara.nl/oss/email2trac">https://subtrac.sara.nl/oss/email2trac</a>&gt;<br>Documentation server for email2trac</blockquote></div><br>