39 - پیام , 342 - نظر

Plesk 7.5 and Redhat Enterprise Linux(RHEL) Problems

I installed Redhat Linux Enterprise (RHEL) in virtual machine and without any manual changes I went to install Plesk 7.5 Reloaded.

Plesk successfully installed on this box.But when I logined to plesk, I found that DNS server (BIND) in "server management" failed connect and start it.

I had the same story with my RHEL box which I leased from NetNation. They installed and delivered Plesk 7.5 in my box and When I logined to Plesk, I found that DNS Server (BIND) stopped and failed to start.

I asked NetNation support to resolve the problem and after two day they told me:

"It looks like manual changes have been made to the bind configuration on your server. With custom changes done outside of Plesk, we are unable to guarentee Plesk will be able to operate as a front end to the service."

So I decide to follow the case by myself .
I dig into /va/log/message and the error was:

Nov 3 11:59:35 lnn197 kernel: audit(1131006575.886:492): avc: denied { getattr } for pid=18156 comm="rndc"name="rndc.conf" dev=md2 ino=3753157 scontext=user_u:system_r:ndc_t tcontext=user_u:object_r:named_zone_t tclass=file

The command "service named start" failed but I could run "named" from the /usr/sbin/ with the following command:

#/usr/sbin/named -u named -c /etc/named.cong -t /var/named/run-root/

The above command successfully ran the named and everything was OK.

But I baffled why "service named restart" fails? So I asked Plesk support and fortunatly they told me something helpful:

"RedHat distributes RHEL with SElinux enabled by default. So default SElinux policy denies apache to manage bind (named). You should edit some boleans of selinux or switch selinux off for resolving of your issue."

I disabled the SElinux by editing /etc/sysconfig/selinux and setting SELINUX flag to Permissive.

And the problem resolved.

If you want to your SElinux enabled in enforing mode you should run the fillowing commands to tune some Booleans:

# setsebool -P named_write_master_zones=1
# setsebool -P named_disable_trans=1
# setsebool -P httpd_disable_trans=1
# setsebool -P mysql_disable_trans=1

Standard configuration of Red Hat® Enterprise Linux 4.0 (AS/ES) goes with enabled SElinux. Unfortunately Installer of current version of Plesk doesn't set selinux booleans correctly. This issue is fixed for the next version of Plesk which is targeted for release on the December 2005.

 

You can see the following link for something related to this problem:

http://radcom.ir/weblog/majid/archive/2005/11/06/10788.aspx

چند کلمه هم به فارسی:

طعم پشتیبانی اینها را هم نچشیده بودیم که چشیدیم، بیخودی کلی الاف و معطلمون کردند.خیلی رو دارند به خدا، همین طوری یه مزخرفی را نصب می کنند و تحویل می دهند بدون اینکه یه بار هم آن را تست کنند، ببیند کار می کنه یا نه.
بعد هم که بهشون میگی "مشکل داره حلش کنید"، جواب سربالا می دهند.

 

ارسال شده در تاریخ ۱۶ آبان ۱۳۸۴ - 12:45 عصر

نظرات

# How to enable or disable selinux while running  

After I read this post, I wondered how can I change the SELinux mode without need to restart the computer.
The answer is to use setenforce command.
setenforce modifies the mode which SELinux is running in. Use "Enforcing" or "1" to put SELinux in enforcing mode. Use "Permissive" or "0" to put SELinux in permissive mode. You need to modify /etc/grub.conf or /etc/selinux/config to disable SELinux.
۱۵ آذر ۱۳۸۴ - 9:52 صبح | Majid

ارسال نظرات

عنوان:  
نام:  
آدرس الکترونیکی:
زبان:
توضیح:  
لطفا متن مقابل را در زیر وارد کنید
(کوچک یا بزرگ بودن حروف مهم نیست)