Announcement

Collapse
No announcement yet.

Can't swtich attachement storage to file system

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • ErnestA
    replied
    OK, so after hours of trying to trace down and now figure out how to fix this problem, I finally got it.

    This is going to be very important for anyone running linux with selinux enabled. In Fedora, I think it was introduced in FC3 or 4, so it's been around for the last 4 or 5 versions.

    Anyways, to cut to the chase. If you've tried absolutely everything to get this running and it still won't work and you know you have selinux installed check your audit log. In fedora it's /var/log/audit/audit.log

    Look for httpd entries, the easiest way to do that is with the following command:

    cat /var/log/audit/audit.log | grep httpd

    If you see an entry similar to this, selinux is interfering with apache's ability to write to a directory:

    type=AVC msg=audit(1232152399.241:2566): avc: denied { getattr } for pid=20180 comm="httpd" path="/vbattachments" dev=sda3 ino=106550 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_ubject_r:default_t:s0 tclass=dir

    To fix this problem, you need to use the chcon command to change the label of the directory. selinux takes different actions based on the label of the file/directory. In my case the default label was applied to the directory. I needed to change that label to the httpd_sys_content_rw_t which would allow apache to write to that directory.

    Let's say that you have a directory in the root called /vbattachments, and this is where you want your vBulletin attachements placed. The command to change the label would be:

    chcon -R -t httpd_sys_content_rw_t /vbattachments

    After that, do an ls -l -Z |grep vbattachments (or whatever your dir name is)


    [[email protected] /]# ls -l -Z |grep vbattachments
    drwxrwxrwx apache apache unconfined_ubject_r:httpd_sys_content_rw_t:s0 vbattachments

    This one was a bugger and vbulletin may want to make a sticky for this one as selinux is becoming more and more widespread.

    The easier solution would have been to disable selinux, but it's there for a reason, to protect your system, so it's better to spend the time debugging and fix it properly.

    Fewf! Glad this one's over!

    ErnestA.

    Leave a comment:


  • Steve Machol
    replied
    No sorry, I don't.

    Leave a comment:


  • ErnestA
    replied
    I think it's selinux (security enhanced linux) causing the issue... I noticed httpd getting denied by selinux in the audit log file.

    I'm trying to figure out how to add an exception of some kind to the config.

    Don't suppose you know how to do this?

    Leave a comment:


  • Steve Machol
    replied
    Hard to say buy try chowning this to your web account user.

    Leave a comment:


  • ErnestA
    started a topic Can't swtich attachement storage to file system

    Can't swtich attachement storage to file system

    Hi, I've searched and searched the VBulletin website for an answer to this and I'm stumped. I have vBulletin setup on my own server (so I have root access).

    Setup an attachement directory called /archive/vbattachments. chowned to apache.apache as well as chmod 0777 (and even tried 1777). Verified that safe_mode in php.ini was NOT turned on. upload_tmp_dir was null, so I enabled that and created another directory /archive/tmp and chmod to 0777 (and tried 1777) as well.

    Also tried creating a subfolder under the forums web directory with chmod 777 and using a relative path, that didn't work either.

    Here you can see he permissions and ownership on the actual /archive/xxxx sub directories.


    [[email protected] /]# ls -l archive
    total 8
    drwxrwxrwt 2 apache apache 4096 2009-01-16 15:48 tmp
    drwxrwxrwt 2 apache apache 4096 2009-01-16 14:00 vbattachments



    And here you can see the /archive folder permissions and ownership.

    [[email protected] /]# ls -l |grep archive
    drwxrwxrwt 4 apache apache 4096 2009-01-16 15:48 archive


    I've also set the upload_max_filesize to 64M.

    Running on Fedora Core 10.

    Also, did the diagnostic upload and here was the relavent info:

    file_uploads:Onopen_basedir:Nonesafe_mode:Offupload_tmp_dir:/archive/tmpupload_max_filesize:64.00 MB

    Really stumped as to why this doesn't want to work. Also, running vB 3.8.0
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X