[CWB] File access permission check failed

Hardie, Andrew a.hardie at lancaster.ac.uk
Fri Feb 1 09:42:19 CET 2019 

Thanks for this fix Mansur, I have added it to the sysadmin manual.

best

Andrew.

From: cwb-bounces at sslmit.unibo.it<mailto:cwb-bounces at sslmit.unibo.it> <cwb-bounces at sslmit.unibo.it<mailto:cwb-bounces at sslmit.unibo.it>> On Behalf Of mansur
Sent: 26 January 2019 13:33
To: Open source development of the Corpus WorkBench <cwb at sslmit.unibo.it<mailto:cwb at sslmit.unibo.it>>
Subject: Re: [CWB] File access permission check failed

Hi, Chao!

Great! Make sure you don't leave SELinux disabled, it is a bad solution. Something like this should help you to configure SELinux properly:
1) Add rule for that directory:
semanage fcontext -a -t httpd_sys_rw_content_t "/opt/CQPData(/.*)?"
2) Apply that rule:
restorecon -R -v /opt/CQPData

If you don't have semanage installed, then:
yum install -y policycoreutils-python

With best wishes,
Mansur

Am Sa., 26. Jan. 2019 um 16:11 Uhr schrieb Chao Sun <chao.sun at sydney.edu.au<mailto:chao.sun at sydney.edu.au>>:
Hi Mansur,

Thank you very much, you are a gem!

This is exactly the case and I didn’t realise there’s such thing exist in RH enterprise (used Ubuntu/Arch in the past).

I have temporarily disabled SELinux and all problem solved. Upload area is viewable and upload seems to be fine.

Can’t believe how much time I wasted on this issue. If you didn’t point it out I might get stuck there forever.

Best Regards,
Chao

Dr CHAO SUN | Data Scientist
Faculty of Arts and Social Sciences | The University of Sydney
Rm N302 off Lobby J, Quadrangle A14 | The University of Sydney | NSW | 2006
T +61 2 9351 4240  | F +61 2 9351 5333
E chao.sun at sydney.edu.au<mailto:chao.sun at sydney.edu.au> | W sydney.edu.au<http://sydney.edu.au>
CRICOS 00026A

On 26 Jan 2019, at 10:23 pm, mansur <6688000 at gmail.com<mailto:6688000 at gmail.com>> wrote:

Hello, Chao!

Do you have SELinux enabled? If yes, try to check its permissions...

With best wishes,
Mansur

Am Sa., 26. Jan. 2019 um 06:04 Uhr schrieb Chao Sun <chao.sun at sydney.edu.au<mailto:chao.sun at sydney.edu.au>>:
Hello,

I am recently rebuilding a CQPweb server on Redhat and hit on this problem that I have never met in the past.

When I try to upload .vrt files, I got this error message:
ERROR: CWB registry dir ``/opt/CQPData/reg'' seems not to exist, or is not readable!

I then run the system diagnosis from the admin page, and in order to be certain on the username that the script is running under (I know it’s apache under RH and www-data under Ubuntu), I have added “.exec(‘whoami’)’ to the end of the check script in cqp.inc.php.

if (!is_readable($cwb_registry))
                        {
                                $infoblob .= "$EOL    CHECK FAILED. Ensure that $cwb_registry"
                                        . " is readable by the username this script is running under.$EOL".exec('whoami');
                                break;
                        }
                        else
                                $infoblob .= " yes it is!$EOL$EOL";

And the output confirmed the user of php script is apache.

Checking that CWB registry is readable by this user... CHECK FAILED. Ensure that /opt/CQPData/reg is readable by the username this script is running under. apache
The problem is that before doing this check, I have already set the file/directory permissions to the target directories.
I then added user apache to the group mysql, added user mysql to the group apache. Then changed apache:apache as the directory owner, and even set the permission on all directory to 777 recursively.

None of the above file permissions solve the problem, and the directory /opt/CQPData/reg is always unreadable to CQPWeb.
The permission settings to the directories are as following at the moment:

/opt/CQPData
drwxrwxr-x. 7 apache apache 70 Jan 19 13:05 CQPData

Sub directories:
drwxrwxr-x. 2 apache apache   6 Jan 19 13:04 cache
drwxrwxr-x. 2 apache apache   6 Jan 19 13:04 data
drwxrwxr-x. 2 mysql  apache   6 Jan 19 13:04 mysql
drwxrwxrwx. 2 apache apache   6 Jan 26 13:14 reg
drwxrwxr-x. 2 apache apache 100 Jan 26 12:45 uploads

The registry directory is open to everyone, needless to say to the owner user and group.

I don’t think this is related to the MySQL settings though, but reset all the options as instructed in the admin manual to grant privileges etc.

Please help on debugging this issue. Thanks in advance!

Regards,
Chao

Dr CHAO SUN | Data Scientist
Faculty of Arts and Social Sciences | The University of Sydney
Rm N302 off Lobby J, Quadrangle A14 | The University of Sydney | NSW | 2006
T +61 2 9351 4240  | F +61 2 9351 5333
E chao.sun at sydney.edu.au<mailto:chao.sun at sydney.edu.au> | W sydney.edu.au<http://sydney.edu.au/>
CRICOS 00026A


_______________________________________________
CWB mailing list
CWB at sslmit.unibo.it<mailto:CWB at sslmit.unibo.it>
http://liste.sslmit.unibo.it/mailman/listinfo/cwb<https://protect-au.mimecast.com/s/_BdvC6X13RtLO22vCp1v5b?domain=liste.sslmit.unibo.it>
_______________________________________________
CWB mailing list
CWB at sslmit.unibo.it<mailto:CWB at sslmit.unibo.it>
https://protect-au.mimecast.com/s/_BdvC6X13RtLO22vCp1v5b?domain=liste.sslmit.unibo.it

_______________________________________________
CWB mailing list
CWB at sslmit.unibo.it<mailto:CWB at sslmit.unibo.it>
http://liste.sslmit.unibo.it/mailman/listinfo/cwb
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://liste.sslmit.unibo.it/pipermail/cwb/attachments/20190201/5c892db5/attachment-0001.html>

More information about the CWB mailing list