Permission Deneid: Driving me crazy!

[LJMorpheus]

Cannot view live graphs as RRDTool will not execute, everything else 100% fine. Exported Graphs are fine.

/var/log/httpd/error.log
sh: /usr/local/rrd/bin/rrdtool: Permission denied

/var/log/messages
dbcnetmon kernel: audit(1116505275.562:0): avc: denied { execute } for pid=27620 exe=/bin/bash name=rrdtool dev=dm-0 ino=5706076 scontext=root:system_r:httpd_sys_script_t tcontext=root:object_r:usr_t tclass=file

Permissions on all files are perfect, does anyone know how to fix this - I have spent almost 2 days just trying to figure out why RRDTool fails to execute.

Sudo as the user and manually running the RRDTool and generating images into the Cacti rra folders works fine.

Is Apache/PHP stopping the execution? I cannot see anything in php.ini and I have relaxed my Apache so mush I cannot think of anything else.

[TheWitness]

Your Apache service account need rw to both the log and rra folders. It also require rx to the rrdtool binary folder.

TheWitness

[LJMorpheus]

RRDTool is installed under /usr/local/rrd, currently set to 777 cacti installed to /var/www/html/cacti also set-to 777.

I have now go so far as to run apache as the cacti user! and re-set the ownership to rrdtool and html to cacti, still same error

[TheWitness]

I wish I could help further. I am not a *nix person per se. You will be able to overcome this as thousands of users have this product running in *nix. I wish you the best of luck.

TheWitness

[mshook]

/var/log/messages
dbcnetmon kernel: audit(1116505275.562:0): avc: denied { execute } for pid=27620 exe=/bin/bash name=rrdtool dev=dm-0 ino=5706076 scontext=root:system_r:httpd_sys_script_t tcontext=root:object_r:usr_t tclass=file

Permissions on all files are perfect, does anyone know how to fix this - I have spent almost 2 days just trying to figure out why RRDTool fails to execute.

Permissions are not quite correct on the files or your SELinux policy is wrong.
Download and install the source policy, and in the source directory add the following to domains/misc/local.te:
allow httpd_sys_script_t usr_t:file execute;

(got this config line by piping your message to audit2allow)
Then run make reload. That should be it.

If you need more details, let me know.

[yanhannet]

i have got the same question,and i rebuild my system for many times .but no use.I need for more help .thanks.........
redhat AS4
cacti 0.86d
rrdtool 1.2.9

RRDTool Says:

sh: /var/www/rrdtool/bin/rrdtool: Permission denied

[TheWitness]

hmmm,

chmod -R 777 /var/www/rrdtool/bin

TheWitness

[yanhannet]

i have done .even i have done this:
chmod -R 777 /var
chmod -R 777 /usr
chmod -R 777 /etc


but no use, how can i do then ???

[TheWitness]

Not too sure. You might want to e-mail Rony for more assistance.

TheWitness

[yanhannet]

ok ,
maybe that is what i need to do, could you tell me his mail. thanks.

[mshook]

sh: /var/www/rrdtool/bin/rrdtool: Permission denied

Any messages in the log files?

[yanhannet]

not any messages.i use debug on .just this..................and i can find rrd files in rra/.....

[mshook]

not any messages.i use debug on .just this..................and i can find rrd files in rra/.....

Could you post the output of:
"ls -la /var/www/rrdtool/bin/"

and

"file /var/www/rrdtool/bin/rrdtool"

Thanks.

[yanhannet]

[root@asserver bin]# ls -la /var/www/rrdtool/bin
total 88
drwxrwxrwx 2 cactiuser root 4096 Jun 21 10:11 .
drwxrwxrwx 9 cactiuser root 4096 Jun 21 09:59 ..
-rwxrwxrwx 1 cactiuser root 27421 Jun 21 09:59 rrdcgi
-rwxrwxrwx 1 cactiuser root 4849 Jun 21 09:59 rrdtool
-rwxrwxrwx 1 cactiuser root 22166 Jun 21 09:59 rrdupdate
[root@asserver bin]# file /var/www/rrdtool/bin/rrdtool
/var/www/rrdtool/bin/rrdtool: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for GNU/Linux 2.2.5, dynamically linked (uses shared libs), not stripped
[root@asserver bin]#


thanks ...

[yanhannet]

[root@asserver cacti]# php poller.php
OK u:0.00 s:0.00 r:1.01
OK u:0.00 s:0.00 r:1.01
OK u:0.00 s:0.00 r:1.01
OK u:0.00 s:0.00 r:1.01
OK u:0.00 s:0.00 r:1.01
OK u:0.00 s:0.00 r:1.01
OK u:0.00 s:0.00 r:1.01
Content-type: text/html
X-Powered-By: PHP/4.3.9

06/21/2005 05:22:35 PM - SYSTEM STATS: Time: 1.0467 s, Method: cmd.php, Processes: 1, Threads: N/A, Hosts: 2, Hosts/Process: 2


[asserver]#less /var/log/httpd/error_log
......

sh: /usr/local/rrdtool/bin/rrdtool: Permission denied
[Tue Jun 21 17:18:50 2005] [error] [client 10.0.2.21] File does not exist: /var/
www/cacti/favicon.ico
sh: /usr/local/rrdtool/bin/rrdtool: Permission denied
[Tue Jun 21 17:18:50 2005] [error] [client 10.0.2.21] File does not exist: /var/
www/cacti/favicon.ico

cacti.log
06/21/2005 05:18:59 PM - CMDPHP: Poller[0] Time: 0.2774 s, Theads: N/A, Hosts: 1
06/21/2005 05:19:06 PM - SYSTEM STATS: Time: 1.0676 s, Method: cmd.php, Processes: 1, Threads: N/A, Hosts: 2, Hosts/Process: 2
06/21/2005 05:22:35 PM - SYSTEM STATS: Time: 1.0467 s, Method: cmd.php, Processes: 1, Threads: N/A, Hosts: 2, Hosts/Process: 2


and i have done:
chmod 777 -R /var/www/cacti/
chmod 777 -R /usr/local/rrdtool/


and the same .
RRDTool Says:

sh: /usr/local/rrdtool/bin/rrdtool: Permission denied

how can i do then ?????????????????