News:

Bored?  Looking to kill some time?  Want to chat with other SMF users?  Join us in IRC chat or Discord

Main Menu

Trying to install on Fedora 23

Started by corvey, April 15, 2016, 05:08:41 PM

Previous topic - Next topic

corvey

I've been trying to install SMF on Fedora 23 server and can't seem to make it work.   I think SELINUX may be just one of the many issues blocking me from installing it.   

I have LAMP manually installed with MariaDB and PHP 5.6.   I'm able to to install phpBB3 consistently with SELINUX by issuing chcon commands.   

Anyone know of a sure fire link to make this work on Fedora with SELINUX?   If the installation is really going to be that difficult then I'll have to skip even trying this SMF software out and stick with phpBB3.

SMF doesn't have clear step by step instructions on the process and I'm unable to get it going. I need instructions without skipping any important information like all of the SMF tutorials I've found so far are doing.  Sure, it explains the meaty stuff, but every time it conveniently skips small details in the process that kills the whole installation from successfully completing. 

This link http://wiki.simplemachines.org/smf/Installing is useless to me for getting the program installed.

I'm stressed out over this, sorry in advance.   Any solid guides would be appreciated, thanks.

LiroyvH

It would help if you could say exactly what the problem is. "It doesn't work" isn't much of a usable explanation.
What happens? What goes wrong? Do you get any errors? Does other stuff work; for example if you put a phpinfo.php file (<?php phpinfo(); ?>) in there: does it load and display your PHP information; or does that also not work? If not, what is the error? What does your error_log say?

Those are examples of very useful information to try and help you on your way :)
((U + C + I)x(10 − S)) / 20xAx1 / (1 − sin(F / 10))
President/CEO of Simple Machines - Server Manager
Please do not PM for support - anything else is usually OK.

corvey

Again, my apologies.  I'm sure it is something I'm doing wrong in the permissions, but I'm not sure what it is.  I've made a copy and paste picture for you to review. Hopefully you can spot my error.

Proper command lines including all directories and file paths by using the chown, chmod or chcon  to make the system as secure as possible would most appreciative.

Thanks for your time,
corvey


LiroyvH

So what does the error_log say?
And secondly... Root!? Why is everything owned by root, rather than a normal user? I better hope you're not running your webserver as root. :/
((U + C + I)x(10 − S)) / 20xAx1 / (1 − sin(F / 10))
President/CEO of Simple Machines - Server Manager
Please do not PM for support - anything else is usually OK.

corvey

I opened everything up to 777 on my testbed to show you install.php isn't working.      I need to find out why I can't access any of the SMF files.  I'm not an expert, a novice, really.  It would be nice to have some exact recommended command lines for precise security, B, and A, just to get it to work at all.

If I can't access it from the browser how would it even produce an error log in the server, other than the stated 403 from the browser?  And, where is the error log path you speak of?

 

LiroyvH

Yeah well, learnig how to properly operate a server and what best practices are, is something for which there are tutorials (or courses, actually... It's not that simple.) on other sites; generally it's a bad idea to run a production board on a self-configured server if you don't know how it works and what the (security) implications are, just get a small hosting plan in that case. If it's just a test board then it's less of an issue, but still...

Anyway, the error_log can be in a variety of places, even in the forum dir itself. There are, however, generic logs available. It depends on the config where they are (see httpd.conf). On Fedora, I believe they're by default in /var/log/httpd :) The error log should give diagnostic output on exactly why an error is thrown.

Also, both folder as files need to have proper ownership and permission values. Also sttange/poorly written .htaccess files can give problems. But first things first: dig up the error log and find the error :)
((U + C + I)x(10 − S)) / 20xAx1 / (1 − sin(F / 10))
President/CEO of Simple Machines - Server Manager
Please do not PM for support - anything else is usually OK.

corvey

I do see a lot of error activity in the error_log.  I attached the file, too.    I'm going to examine it a bit further since this log is new to me and I might be able to find the cause with it.   This helps, but if you have any further suggestions or advice I'd appreciate it.

Thanks

corvey

Disabling SELinux allows me to access the install.php.   However, I would prefer to know the solution to make SELinux work with SMF.  I must be doing something wrong with the command line, but I just don't know what it is.  Disabling SELinux for now will at least let me proceed to the next step of trying SMF out.

If anybody knows SELINUX, please give me some tips.  Thanks.



LiroyvH

It's not an SMF problem, but a server/permission  problem. It's not about making SMF working with SELinux really; but rather ensuring you set up the environment properly. Now SELinux can be a pain in the ass, but disabling it isn't a real solution; and setting chmod 777 to fix a 403 error is also what we sysadmins like to call "the cowardly way out". (Don't take that as an insult btw ;) It's a thing many people do.)

The error you're seeing Apache generate is usually permission related. It requires +x not only on files, but also parent folders. Secondly, yes it can be SELinux related; that doesn't mean you should disable it: but rather indeed fix the underlying issue. Somewhere down the line, if SELinux is the evil one (and it does look like that considering disabling it fixed the issue), chcon was not ran on a required component (eg a parent folder) or the permissions got screwed again.

Please refer to this document, and let us know if following both steps (permission fixes *and* SELinux fixes; and do execute it up to the docroot as instructed!) in there fixes the problem for you *with* SELinux enabled:
https://wiki.apache.org/httpd/13PermissionDenied
((U + C + I)x(10 − S)) / 20xAx1 / (1 − sin(F / 10))
President/CEO of Simple Machines - Server Manager
Please do not PM for support - anything else is usually OK.

corvey

#9
777 was a last resort when 755 and 644 respectfully didn't work per the SMF instructions with SELinux enabled.   The Apache2 link you submitted is dated material and doesn't seem to apply for Fedora 23 due to invalid filenames and paths and aren't specific to the SMF structure.

Wouldn't "forum" (AKA SMF directory) in this case BE the parent directory as indicated?  And, if so, why did the copy of info.php into "forum" directory work, but install.php didn't?

chcon was issued on three levels, are there more needed?

Nevertheless, it is a permissions problem and it IS for a fact SELinux interfering.

SElinux may be beyond the scope of SMF in general I don't know, but if anyone has direct experience with SELinux and wants to chime in that would be great.

I'll let this thread marinate for a while and check back later, thanks in advance. :D





青山 素子

Make sure owner and group are set correctly. If I recall correctly, the default SELinux context used for httpd won't allow access to files owned by root.
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


LiroyvH

#11
The supplied link applies to Apache 2.4, which is the latest version. (Unless you count the dev version 2.5)
If you read it, it says the path is an *example*; you need to substitute it for the path that you actually want to fix... Httpd runs on pretty much any Linux flavor you like; so no: the documentation is not written specifically for Fedora, and the SMF structure is irrelevant. Check it all as explained, and move your way up through the directory structure... That usually ought to fix your problems.

If it does not work after following the explanation (and indeed after first fixing the root ownership issue, which it shouldn't be in the first place; that will indeed demand world-read permissions, unless you run Apache/php as root, in which case: abandon ship!), we can look further at it; but please first follow the steps in the Apache httpd documentation. First things first before we start chasing something, whilst it's likely an issue in the basic config that can be fixed easily.

And if you ran that, all the way to the docroot as the documentation asks, then check if it's still the same error or if you're now getting something else. (And then we'll need more information about your configuration, paths, owner + permissions and commands you tried to use to fix it.)
Also, if it doesnt fix it; please show the output for "getsebool -a | grep http". Thanks.
((U + C + I)x(10 − S)) / 20xAx1 / (1 − sin(F / 10))
President/CEO of Simple Machines - Server Manager
Please do not PM for support - anything else is usually OK.

青山 素子

In addition to what CoreISP is saying, I also recommend you review the Troubleshooting SELinux information on the Fedora wiki, and the (IMO) better SELinux How To on the CentOS wiki. As CentOS is very similar to Fedora, it should apply almost perfectly.

If all else fails, you could run in permissive mode for a bit while trying to figure things out, but keep in mind that you'd be essentially pausing a very good security layer. This issue isn't SMF-specific, you'll run into it with many other PHP applications, so it's best to work it out if you can.
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


corvey

Restorecon was the answer I needed to make it work with SElinux enforced and in the mess I had already made. I'm going to wipe it all out now and start from scratch to see if I can do it right this time with proper permissions, everywhere.  I'm getting closer.  I'll be back later to verify my solution from the ground up after testing again. 

Thanks for the help.






corvey

Yep, fresh install and restorecon was the missing link to make it work.   8)

Advertisement: