SElinux and squirrelmail (write access denied to a file with 777 permissions)

Daniel J Walsh dwalsh at redhat.com
Tue Jul 12 10:35:48 UTC 2005


redhatdude at bellsouth.net wrote:

> Hello,
> I want to allow the plugin Administration in squirrelmail. I already  
> set up the user to use it but it can not save the settings to the  
> configuration file when I use it.
> Even though I have the owner of the file set to apache and the  
> permissions to 777 I keep getting denied writing access to that file  
> in audit.log
> Here is the message I get:
>
> type=PATH msg=audit(1121192142.580:2223212): item=0 name="/usr/share/ 
> squirrelmail/config/config.php" flags=310  inode=1376614 dev=fd:00  
> mode=040755 ouid=0 ogid=0 rdev=00:00
> type=Unknown msg=audit(1121192142.580:2223212):  cwd="/usr/share/ 
> squirrelmail/plugins/administrator"
> type=SYSCALL msg=audit(1121192142.580:2223212): arch=40000003  
> syscall=5 success=no exit=-13 a0=8c607ac a1=241 a2=1b6 a3=0 items=1  
> pid=3718 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48  
> egid=48 sgid=48 fsgid=48 comm="httpd" exe="/usr/sbin/httpd"
> type=AVC msg=audit(1121192142.580:2223212): avc:  denied  { write }  
> for  pid=3718 comm="httpd" name="config.php" dev=dm-0 ino=1379389  
> scontext=root:system_r:httpd_t tcontext=root:object_r:usr_t tclass=file
>
> How can I get writing access to that file?
> Thanks
> EJ
>
If you set the following does it fix the problem?
chcon -t httpd_squirrelmail_t /usr/share/squirrelmail/config/config/php  
(/etc/squirrelmail/config.php on my machine)

Dan




More information about the fedora-list mailing list