BackupPC-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [BackupPC-users] CentOS 4.7 suid fails repeatedly with BackupPC

2008-12-15 10:59:26
Subject: Re: [BackupPC-users] CentOS 4.7 suid fails repeatedly with BackupPC
From: "Jim McNamara" <jim.mcnamara AT gmail DOT com>
To: "General list for user discussion, questions and support" <backuppc-users AT lists.sourceforge DOT net>
Date: Mon, 15 Dec 2008 10:57:01 -0500


On Fri, Dec 12, 2008 at 7:13 PM, Nils Breunese (Lemonbit) <nils AT lemonbit DOT com> wrote:
Les Mikesell wrote:

>> [root@telephony conf.d]# cat /etc/selinux/config
>> # This file controls the state of SELinux on the system.
>> # SELINUX= can take one of these three values:
>> #       enforcing - SELinux security policy is enforced.
>> #       permissive - SELinux prints warnings instead of enforcing.
>> #       disabled - SELinux is fully disabled.
>> SELINUX=disabled
>> # SELINUXTYPE= type of policy in use. Possible values are:
>> #       targeted - Only targeted network daemons are protected.
>> #       strict - Full SELinux protection.
>> SELINUXTYPE=targeted
>
> Is that a cut/paste error or do you actually have targeted
> uncommented?

Probably it's uncommented. Why would that be strange? As long as
SELINUX=disabled it doesn't really matter what SELINUXTYPE is set to.

> By the way, it takes a reboot to make a change take effect.

The output of 'sestatus' tells you the status of SELinux.
[root@telephony logs]# sestatus
SELinux status:         disabled
 
We used to run BackupPC on CentOS 4 (now on CentOS 5), so I'm sure it
can work.

# ll /var/www/cgi-bin/BackupPC_Admin
-rwsr-x--- 1 backuppc apache 3993 Apr  8  2008 /var/www/cgi-bin/
BackupPC_Admin

Nils Breunese.
I didn't think it was incompatible with CentOS, I'm just stuck in the position of having done this probably 20 times on Debian without issue (past the first) and now with my first try on CentOS, I'm floundering badly. I changed the permissions on my BackupPC_Admin script from 4550 to 4750 to match yours, the owner and groups were already identical. I still get the same error.

[root@telephony logs]# ls -al /var/www/cgi-bin/
total 24
drwxr-xr-x  2 root     root     4096 Dec 12 11:44 .
drwxr-xr-x  9 root     root     4096 Dec 11 22:40 ..
-rwsr-x---  1 backuppc apache   3993 Dec 11 18:13 BackupPC_Admin
-rwxr-xr-x  1 backuppc backuppc   70 Dec 12 11:44 testsetuid



When I try to run the BackupPC script I still get the common "premature end of script headers" message, and the most telling thing I find is in the suexec.log file, which complains when I try to run BackupPC_Admin or the testsetuid script from the wiki -


[Mon Dec 15 10:37:00 2008] [error] [client 192.168.0.231] Premature end of script headers: BackupPC_Admin
[Mon Dec 15 10:38:09 2008] [error] [client 192.168.0.231] Premature end of script headers: BackupPC_Admin
[Mon Dec 15 10:38:15 2008] [error] [client 192.168.0.231] Premature end of script headers: testsetuid
[root@telephony logs]# tail suexec.log
[2008-12-15 10:37:00]: uid: (1010/backuppc) gid: (1010/1010) cmd: BackupPC_Admin
[2008-12-15 10:37:00]: file is either setuid or setgid: (/var/www/cgi-bin/BackupPC_Admin)
[2008-12-15 10:38:09]: uid: (1010/backuppc) gid: (1010/1010) cmd: BackupPC_Admin
[2008-12-15 10:38:09]: file is either setuid or setgid: (/var/www/cgi-bin/BackupPC_Admin)
[2008-12-15 10:38:15]: uid: (1010/backuppc) gid: (1010/1010) cmd: testsetuid
[2008-12-15 10:38:15]: target uid/gid (1010/1010) mismatch with directory (0/0) or program (1010/1010)

I would love to find the suexec config, but google seems to indicate that if you're unhappy with suexec, your only option is to compile your own and remove the packeged version. That seems odd, but this whole rpm thing seems fairly odd as well.

Thanks for the help so far, and I appreciate any further insights that people can provide.




------------------------------------------------------------------------------
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can't happen without you.  Join us at MIX09 to help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:    http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/

------------------------------------------------------------------------------
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can't happen without you.  Join us at MIX09 to help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:    http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [BackupPC-users] Backing up the backup to an external USB drive, Rodrigo Real
Next by Date:  Re: [BackupPC-users] Backing up the backup to an external USB drive, Chris Baker
Previous by Thread:  Re: [BackupPC-users] CentOS 4.7 suid fails repeatedly with BackupPC, Nils Breunese (Lemonbit)
Next by Thread:  Re: [BackupPC-users] CentOS 4.7 suid fails repeatedly with BackupPC, Adam Goryachev
Indexes:  [Date] [Thread] [Top] [All Lists]