1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Copying content & SELinux

Discussion in 'Plesk 10.x for Linux Issues, Fixes, How-To' started by tino, Aug 17, 2011.

  1. tino

    tino Basic Pleskian

    24
    23%
    Joined:
    Mar 6, 2008
    Messages:
    70
    Likes Received:
    0
    For some sites, I have manually copied site content to the httpdocs folder of the site.

    For example;

    Now, in the browser, I get an http 403 (forbidden).

    If I disable SELinux (e.g. setenforce 0) everything works. If I re-enable SELinux (e.g. setenforce 1) it stops working again.

    I know this works:

    What's the 'best practice' here?

    Tino
     
    Last edited: Aug 17, 2011
  2. IgorG

    IgorG Forums Analyst Staff Member

    49
    24%
    Joined:
    Oct 27, 2009
    Messages:
    24,546
    Likes Received:
    1,240
    Location:
    Novosibirsk, Russia
    'Best practice' is using default settings for SELinux defined in special package psa-selinux. This package modifies the SE-Linux predefined policies configurations to allow Plesk to perform its actions.
     
  3. 105547111

    105547111 Silver Pleskian

    32
    30%
    Joined:
    Jul 13, 2006
    Messages:
    643
    Likes Received:
    2
    Tino,

    Use cp instead then delete since mv does not maintain the context.

    Use cp -pZ

    This will preserve the owner and timestamps, and maintain the selinux context.
     
  4. tino

    tino Basic Pleskian

    24
    23%
    Joined:
    Mar 6, 2008
    Messages:
    70
    Likes Received:
    0
    Thanks for the insight.

    Since the files are coming from another machine, I guess that cp -pZ wouldn't make that much different, right? Because there are no special permissions to preserve...
    But I will try it!

    IgorG; Any ideas what these SELinux settings in psa-selinux are, so that I can set them after a cp/mv?

    Thanks all!

    Tino
     
  5. 105547111

    105547111 Silver Pleskian

    32
    30%
    Joined:
    Jul 13, 2006
    Messages:
    643
    Likes Received:
    2
    Hi Tino,

    Is this other machine online? Why not use rsync?

    rsync -qaruX

    You can always rsync --help for the syntax.

    If there is a bunch of files to do that will work just nicely.

    I use rsync on my server as I split off my ipv6 into a separate site, and I use it to copy any content added from either the ipv4 or ipv6 site. You can probably drop some option from the rsync as this was to only copy changed or content that the timestamp is later for. However run as root it will maintain the user/group and all the context.

    It's worthwhile fixing the context, don't drop selinux . I always see guides saying set enforcing to off and I shudder! If your ever stuck, let me know as it's easy to generate local selinux policy if your getting audits you can't fix, don't just disable httpd in Boolean
     
  6. tino

    tino Basic Pleskian

    24
    23%
    Joined:
    Mar 6, 2008
    Messages:
    70
    Likes Received:
    0
    I definitely do not want to turn off SELinux. :)

    Thanks for the information. I had to do this kind of stuff migration off of Parallels Pro. The Migration Wizard won't work, so I copied all the content over etc. A real pain...

    Thanks!

    Tino
     
  7. IgorG

    IgorG Forums Analyst Staff Member

    49
    24%
    Joined:
    Oct 27, 2009
    Messages:
    24,546
    Likes Received:
    1,240
    Location:
    Novosibirsk, Russia
  8. tino

    tino Basic Pleskian

    24
    23%
    Joined:
    Mar 6, 2008
    Messages:
    70
    Likes Received:
    0
    Thanks.

    Created the ticket, now see what happens. :)

    Tino
     
  9. 105547111

    105547111 Silver Pleskian

    32
    30%
    Joined:
    Jul 13, 2006
    Messages:
    643
    Likes Received:
    2
    If your ever got selinux issues let me know. It's so easy to make a local rule if you need to tweak some things from the audits. Beats just turning off stuff in Boolean.

    Let me know also if your got context issues with the files. You can wildcard them with chcon I needed.
     
Loading...