Fedora Core 4 / Cacti Directory Permissions

Post support questions that directly relate to Linux/Unix operating systems.

Moderators: Developers, Moderators

Post Reply
davekoko
Posts: 4
Joined: Wed Feb 15, 2006 6:06 pm

Fedora Core 4 / Cacti Directory Permissions

Post by davekoko »

I have attempted several times to install / reinstall the Fedora Core 4 'yum' package for Cacti. I am now stuck trying to figure out why my directory permissions are not working for the Cacti log file and RRD files. I have the cacti poller set to run every 5 minutes as user 'apache' and the apache server is set to run as user: apache / group: apache. I have chowned both the /rra and /log direcories to apache:apache - as well as making sure the files in these directories also have the same permissions here is what the http error log is reporting whenevr I attempt to view the Cacti log file:

PHP Warning: touch() [<a href='function.touch'>function.touch</a>]: Unable to create file /usr/share/cacti/log/cacti.log because Permission denied in /usr/share/cacti/utilities.php on line 119

Also, whenever I attempt to preview or view a graph I see the following errors:

ERROR: opening '/usr/share/cacti/rra/localhost_mem_buffers_3.rrd': Permission denied
ERROR: opening '/usr/share/cacti/rra/localhost_load_1min_5.rrd': Permission denied
ERROR: opening '/usr/share/cacti/rra/localhost_users_6.rrd': Permission denied
ERROR: opening '/usr/share/cacti/rra/localhost_proc_7.rrd': Permission denied

After several combinations of users /groups and file permissions that include being wide open (777) I am stumped on how to overcome this issue. Any suggestions on how what I should set for directory and file permissions ?

Thanks in advance for any help somone out there can provide :-)
Top
davekoko
Posts: 4
Joined: Wed Feb 15, 2006 6:06 pm

Disable SELinux

Post by davekoko »

Well after looking through several of the previous posts I found a reference to the SELINUX policy. I disabled the SELINUX policy in the /etc/selinux/config file and everything started to work :

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
#SELINUX=enforcing
SELINUX=disabled


# SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted

This is a bit like swatting a fly with a hammer, but it is a step in the right direction. I will work on changing the HTTPD specific policy and re-enabling SELinux. For now I'm going to have fun graphing :-)
Top
Mehuge
Posts: 4
Joined: Thu Feb 23, 2006 11:34 am

Post by Mehuge »

You could do:

chcon -R -h -t httpd_sys_content_t /usr/share/cacti/log
chcon -R -h -t httpd_sys_content_t /usr/share/cacti/rra

There is an excellent document on fedora.redhat.com that explains it all and is well worth a read.

http://fedora.redhat.com/docs/selinux-a ... index.html
Top
Post Reply

Return to “Help: Linux/Unix Specific”

Who is online

Users browsing this forum: No registered users and 4 guests