Unidata - To provide the data services, tools, and cyberinfrastructure leadership that advance Earth system science, enhance educational opportunities, and broaden participation. Unidata
         
  advanced  
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(Fwd) Re: more things to do

Brian and John,

Thanks for the research.  This information is useful for our support
staff to be aware of and would be good for the tracking system too.
As such, I'll forward the relevant portions;

mike

> The bette syslog problem is a little more complicated.  Fedora Core 3
> now ships with a security enhanced kernel called selinux which prevents
> users from accessing parts of the filesystem.  These restrictions
> include the root user and also control what can write where.
>
> I worked with Steve to pinpoint the symptoms.  There were two:
>
> 1) The syslog daemon, even though it is running as root, can not write
> to a file in a directory unless the file is either owned by root or the
> file has group write permissions.
>
> 2) The syslog daemon does not write to files outside of /var/log.
>
> To fix the problem, John suggested changing the /etc/selinux/config file
> so that SELINUX was set to disabled or permissive and rebooting (as it
> is a kernel module).  This got rid of the symptoms, but disabled the FC3
> security features.  I told Steve I would look into the selinux
> configuration to see if I could suggest a way to open the permissions
> slightly instead of turning the service off.
 
 
  Contact Us     Site Map     Search     Terms and Conditions     Privacy Policy     Participation Policy
 
National Science Foundation (NSF) UCAR Office of Programs University Corporation for Atmospheric Research (UCAR)   Unidata is a member of the UCAR Office of Programs, is managed by the University Corporation for Atmospheric Research, and is sponsored by the National Science Foundation.
P.O. Box 3000     Boulder, CO 80307-3000 USA     Tel: 303-497-8643     Fax: 303-497-8690