On 10/28/2015 03:56 PM, Paolo Galtieri wrote:
I have 2 systems running f22. On these 2 systems I have setup snort. On both these systems snort logs to directory /var/log/snort. On both these systems /var/log/snort is owned by user snort and group snort. However, on one of the systems I cannot write to /var/log/snort as user snort. On the system that works /bin/ls -ldZ /var/log/snort lrwxrwxrwx. 1 root root unconfined_u:object_r:snort_log_t:s0 34 Oct 22 12:54 /var/log/snort -> /media/NSM/NSM-SENSOR-1/logs/snort /bin/ls -ldZ /media/NSM/NSM-SENSOR-1/logs/snort drwxr-xr-x. 2 snort snort unconfined_u:object_r:colord_var_lib_t:s0 4096 Oct 27 10:50 /media/NSM/NSM-SENSOR-1/logs/snort On the system that fails /bin/ls -ldZ /var/log/snort lrwxrwxrwx. 1 root root unconfined_u:object_r:snort_log_t:s0 44 Oct 24 17:29 /var/log/snort -> /run/media/pgaltieri/NEWDATA2/NSM/logs/snort /bin/ls -ldZ /run/media/pgaltieri/NEWDATA2/NSM/logs/snort drwxr-xr-x. 2 snort snort unconfined_u:object_r:unlabeled_t:s0 4096 Oct 28 15:31 /run/media/pgaltieri/NEWDATA2/NSM/logs/snort Note that on the failing system the selinux context shows the directory has unlabeled_t context while on the working system it's colord_var_lib_t. I set this at some point (I think), but I forget how I did it :-( I have also set up user snort so that I can login to the account and I get su - snort Password: su: warning: cannot change directory to /var/log/snort: Permission denied -bash: /var/log/snort/.bash_profile: Permission denied I can write to the directory if I do sudo touch /var/log/snort/testfile So what do I need to do to fix this so I can get snort to write to it's log directory? Any assistance is appreciated.
Check the permissions and ownership of each component in the path /run/media/pgaltieri/NEWDATA2/NSM/logs/snort. One of the components is either not permitting read or execute (traverse in the case of directories) permission to user snort in the case of the .bashrc or write or execute permission to user snort in the case of trying to write log files. I don't think it's an selinux issue per se. Note that "sudo touch" does that as root and root can do anything it wants (as long as selinux permits it). ---------------------------------------------------------------------- - Rick Stevens, Systems Engineer, AllDigital ricks@xxxxxxxxxxxxxx - - AIM/Skype: therps2 ICQ: 226437340 Yahoo: origrps2 - - - - Grabel's Law: 2 is not equal to 3--not even for large values of 2. - ---------------------------------------------------------------------- -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
