Page 1 of 3
vhttpd
Posted: Wed May 12, 2021 11:30 pm
by aitchon
I'm installing Texis on a Centos7 vm as a non-root user called txusr. In the install instructions, it states "You will need to login or su to root to start vhttpd, after the install." When I try running vhttpd as root, I get this error:
/home/txusr/morph3/bin/vhttpd: Permission denied
Here are the permissions on vhttpd:
-rwxr-xr-x 1 txusr txusr 10508896 May 12 18:35 vhttpd
How can I get vhttpd to run if it only has exec rights for txusr?
Re: vhttpd
Posted: Thu May 13, 2021 10:10 am
by mark
Sounds like an selinux issue. Check /var/log/audit/audit.log and
ls -lZ /home/txusr/morph3/bin/vhttpd
Re: vhttpd
Posted: Thu May 13, 2021 10:51 am
by aitchon
There is no audit.log.
sh-4.2$ ls -lZ /home/txusr/morph3/bin/vhttpd
-rwxr-xr-x txusr txusr ? /home/txusr/morph3/bin/vhttpd
Re: vhttpd
Posted: Thu May 13, 2021 11:04 am
by mark
Hmm, ok, looks like you have selinux disabled.
Make sure you're really root using the
command.
Also try
to see what the system thinks of the executable.
Re: vhttpd
Posted: Thu May 13, 2021 11:34 am
by aitchon
As root, I'm not allowed to ls on /home/txusr/
sh-4.2# ls /home/txusr/
ls: cannot open directory /home/txusr/: Permission denied
As txusr, I can ldd:
sh-4.2$ ldd /home/txusr/morph3/bin/vhttpd
linux-vdso.so.1 => (0x00007ffe2dff3000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f0e6809f000)
libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007f0e67e68000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007f0e67c64000)
librt.so.1 => /lib64/librt.so.1 (0x00007f0e67a5c000)
libncurses.so.5 => /lib64/libncurses.so.5 (0x00007f0e67835000)
libstdc++.so.6 => /lib64/libstdc++.so.6 (0x00007f0e6752e000)
libm.so.6 => /lib64/libm.so.6 (0x00007f0e6722c000)
libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00007f0e67016000)
libc.so.6 => /lib64/libc.so.6 (0x00007f0e66c48000)
/lib64/ld-linux-x86-64.so.2 (0x00007f0e682bb000)
libfreebl3.so => /lib64/libfreebl3.so (0x00007f0e66a45000)
libtinfo.so.5 => /lib64/libtinfo.so.5 (0x00007f0e6681b000)
Re: vhttpd
Posted: Thu May 13, 2021 11:40 am
by mark
Unless selinux is on, you should be able to do pretty much anything as root. Try the "id" command as "root" to see what you get. Also, that's not an NFS or other network filesystem is it?
Re: vhttpd
Posted: Thu May 13, 2021 11:42 am
by aitchon
This is actually in a container. I'll look into enabling selinux.
sh-4.2# id
uid=0(root) gid=0(root) groups=0(root),1(bin)
Re: vhttpd
Posted: Thu May 13, 2021 11:47 am
by mark
I'd expect enabling selinux to make things more restrictive, not less.
Re: vhttpd
Posted: Thu May 13, 2021 11:53 am
by John
How was the container built? Was it docker? I have created a docker container before that worked.
Re: vhttpd
Posted: Thu May 13, 2021 12:01 pm
by aitchon
Yes, it's docker. I also have a container working ok with Texis. But this container which is also running in kubernetes, I need vhttpd running. It seems to work fine with just docker, but when I move to kubernetes, that's when I get the permissions issue.