similar to: Changed permissions - printing quit

On Tue, Mar 14, 2017 at 02:46:19PM -0400, Ron Wheeler wrote: > https://docs.fedoraproject.org/en-US/Fedora/11/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-Enabling_and_Disabling_SELinux.html > > If disabling Selinux solves your problem, then your problem may be related > to Selinux. > If it does not change yout problem, you may want to look

PS: Now I found this: type=PROCTITLE msg=audit(09/22/2017 12:08:29.911:1023) : proctitle=/usr/lib/sendmail -t -oi -oem -fwawi-genimp type=SYSCALL msg=audit(09/22/2017 12:08:29.911:1023) : arch=x86_64 syscall=setgroups success=no exit=EPERM(Operation not permitted) a0=0x1 a1=0x7ffc1df3b0d0 a2=0x0 a3=0x7f5d77c3a300 items=0 ppid=19417 pid=19418 auid=unset uid=lighttpd gid=lighttpd euid=root

On 09/20/2017 07:19 AM, hw wrote: > hw wrote: >> >> Hi, >> >> how do I allow CGI programs to print (using 'lpr -P some-printer >> some-file.pdf') when >> lighttpd is being used for a web server? >> >> When selinux is permissive, the printer prints; when it?s enforcing, >> the printer >> does not print, and I?m getting the log

What are you using for the database - SQLite? I am using mysql (mariadb). I am not familiar with SQLlite. Can you access the database from the console - look up the list of tables - display the contents from a table? Anything to see if your SQLite is working and has asterisk data in it. From your Asterisk console, |CLI> core show help database| should give you a list of commands that you

Apache DocumentRoot on an NFS directory: [root at localhost ~]# service httpd start Starting httpd: Warning: DocumentRoot [/home/www/html] does not exist Syntax error on line 292 of /etc/httpd/conf/httpd.conf: DocumentRoot must be a directory [FAILED] [root at localhost ~]# After some research, I found this (dated) link

Hi, After configuring systemd unit with ReadWritePaths=/home/mail, I get the following error logs in audit: type=AVC msg=audit(1586604621.637:6736): avc: denied { write } for pid=12750 comm="imap" name="Maildir" dev="dm-3" ino=438370738 scontext=system_u:system_r:dovecot_t:s0 tcontext=unconfined_u:object_r:etc_runtime_t:s0 tclass=dir permissive=0 type=SYSCALL

<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> <br> </div> <blockquote type="cite"> <div> On 11/04/2020 15:47 Alex JOST < <a href="mailto:jost+lists@dimejo.at">jost+lists@dimejo.at</a>> wrote: </div> <div>

i had a small query , whant is the difference between stickybit SUID and SGID , is there any proper site where i can get a clear understanding . -- Regards Agnello D'souza -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20100709/c7c22588/attachment.html>

Daniel Walsh wrote: > On 09/22/2017 06:58 AM, hw wrote: >> >> PS: Now I found this: >> >> >> type=PROCTITLE msg=audit(09/22/2017 12:08:29.911:1023) : proctitle=/usr/lib/sendmail -t -oi -oem -fwawi-genimp >> type=SYSCALL msg=audit(09/22/2017 12:08:29.911:1023) : arch=x86_64 syscall=setgroups success=no exit=EPERM(Operation not permitted) a0=0x1

On 3/22/23 12:42, Daniel P. Berrang? wrote: > On Wed, Mar 22, 2023 at 12:13:49PM +0100, Laszlo Ersek wrote: >> On 3/22/23 11:42, Laszlo Ersek wrote: >> >>> Now the "podman build -f ci/containers/alpine-edge.Dockerfile -t >>> libnbd-alpine-edge" command is failing with a different error message -- >>> the download completes, but the internal

Hi, I find that files (not directories) in an smbfs-mounted share always have the sgid bit set. I've looked in the FAQ and HOWTO but didn't see anything. I wonder if someone might suggest a way to fix it. The share is served from Windows 2003 SP2 and mounted on a Fedora 10 Linux machine (samba-client-3.2.5-0.23.fc10.i386) with this command line: mount //wcl-fp1/shared /mnt/shared -t

Is it possible to audit the Linux User Shell? I am trying to gather what commands a user is running no our systems. Can auditd handle this? TIA -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20070903/3d4d491d/attachment.html>

On Wed, February 15, 2017 12:23 pm, Gordon Messmer wrote: > On 02/15/2017 08:47 AM, Valeri Galtsev wrote: >> And yes, ALL user writable places (including often overlooked /dev/shm) >> are mounted with nosuid, nosgid, nodev, noexec options on servers where >> users are allowed to have shell. > > > How sure are you? I just run a bunch of find commands before rolling

Hi, how do I allow lighttpd access to a directory like this: dr-xrwxr-x. lighttpd example unconfined_u:object_r:samba_share_t:s0 files_articles I tried to create and install a selinux module, and it didn?t work. The non-working module can not be removed, either: semodule -r lighttpd-files_articles.pp libsemanage.semanage_direct_remove_key: Unable to remove module lighttpd-files_articles.pp at

Hi, This is a very scary problem I have here. I use a precompiled 2.0.6 samba on my SGI IRIX 6.3 system. I also have smbpasswd file setup. When I tried to change the samba password using smbpasswd program ( from a non root account whic I use) I got an error messgae saying that it cannot change the password. My goodness, I found that the instead of changing password for my account smbpasswd

I've got a problem I hope someone can help with. We have a directory on a redhat box where we want anyone who creates a file (usually done with samba access) to have that file be created as if by a special "user" and group.. Now in the smb.privateshares config file we specify force user and force group.. However when we create a file in this directory it shows it being owned by the

Hey *, I'm getting an audit coming down the pipes and I have 2 4.6 release boxes to clean up. I say "clean up" because they have some requirements that I missed despite due diligence. My specific question is: To what extent can I get rid of UUCP? Aside from the SUID/SGID stuff that pops up via my finds, I simply see no reason to have any UUCP stuff on these boxes. Is this stuff

Hi, Im trying to run samba as a non-root user and I was wondering if this is even possible, and if not what is preventing it from being ran as a normal user??

Hello All, I set up ltsp regulary, on Centos6 machines. This morning I have a Selinux problem that usualy does not occur: after setting everything up, the thinclients boot, but nobody can login. It only works after the command : # echo 0 > /selinux/enforce I tried this semanage command: # semanage fcontext -a -t bin_t /usr/bin/xauth but it makes no difference. The message I'm now

I recently began getting periodic emails from SEalert that SELinux is preventing /usr/libexec/qemu-kvm "getattr" access from the directory I store all my virtual machines for KVM. All VMs are stored under /vmstore , which is it's own mount point, and every file and folder under /vmstore currently has the correct context that was set by doing the following: semanage fcontext -a -t