Page 1 of 3

vhttpd

Posted: Wed May 12, 2021 11:30 pm
by aitchon
I'm installing Texis on a Centos7 vm as a non-root user called txusr. In the install instructions, it states "You will need to login or su to root to start vhttpd, after the install." When I try running vhttpd as root, I get this error:

/home/txusr/morph3/bin/vhttpd: Permission denied

Here are the permissions on vhttpd:

-rwxr-xr-x 1 txusr txusr 10508896 May 12 18:35 vhttpd

How can I get vhttpd to run if it only has exec rights for txusr?

Re: vhttpd

Posted: Thu May 13, 2021 10:10 am
by mark
Sounds like an selinux issue. Check /var/log/audit/audit.log and
ls -lZ /home/txusr/morph3/bin/vhttpd

Re: vhttpd

Posted: Thu May 13, 2021 10:51 am
by aitchon
There is no audit.log.

sh-4.2$ ls -lZ /home/txusr/morph3/bin/vhttpd
-rwxr-xr-x txusr txusr ? /home/txusr/morph3/bin/vhttpd

Re: vhttpd

Posted: Thu May 13, 2021 11:04 am
by mark
Hmm, ok, looks like you have selinux disabled.

Make sure you're really root using the

Code: Select all

id
command.

Also try

Code: Select all

ldd /home/txusr/morph3/bin/vhttpd
to see what the system thinks of the executable.

Re: vhttpd

Posted: Thu May 13, 2021 11:34 am
by aitchon
As root, I'm not allowed to ls on /home/txusr/

sh-4.2# ls /home/txusr/
ls: cannot open directory /home/txusr/: Permission denied

As txusr, I can ldd:

sh-4.2$ ldd /home/txusr/morph3/bin/vhttpd
linux-vdso.so.1 => (0x00007ffe2dff3000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f0e6809f000)
libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007f0e67e68000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007f0e67c64000)
librt.so.1 => /lib64/librt.so.1 (0x00007f0e67a5c000)
libncurses.so.5 => /lib64/libncurses.so.5 (0x00007f0e67835000)
libstdc++.so.6 => /lib64/libstdc++.so.6 (0x00007f0e6752e000)
libm.so.6 => /lib64/libm.so.6 (0x00007f0e6722c000)
libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00007f0e67016000)
libc.so.6 => /lib64/libc.so.6 (0x00007f0e66c48000)
/lib64/ld-linux-x86-64.so.2 (0x00007f0e682bb000)
libfreebl3.so => /lib64/libfreebl3.so (0x00007f0e66a45000)
libtinfo.so.5 => /lib64/libtinfo.so.5 (0x00007f0e6681b000)

Re: vhttpd

Posted: Thu May 13, 2021 11:40 am
by mark
Unless selinux is on, you should be able to do pretty much anything as root. Try the "id" command as "root" to see what you get. Also, that's not an NFS or other network filesystem is it?

Re: vhttpd

Posted: Thu May 13, 2021 11:42 am
by aitchon
This is actually in a container. I'll look into enabling selinux.

sh-4.2# id
uid=0(root) gid=0(root) groups=0(root),1(bin)

Re: vhttpd

Posted: Thu May 13, 2021 11:47 am
by mark
I'd expect enabling selinux to make things more restrictive, not less.

Re: vhttpd

Posted: Thu May 13, 2021 11:53 am
by John
How was the container built? Was it docker? I have created a docker container before that worked.

Re: vhttpd

Posted: Thu May 13, 2021 12:01 pm
by aitchon
Yes, it's docker. I also have a container working ok with Texis. But this container which is also running in kubernetes, I need vhttpd running. It seems to work fine with just docker, but when I move to kubernetes, that's when I get the permissions issue.