Red Hat

I have an external drive (1 TB) attached via usb to a server running Red Hat Linux 6.2. During an application install one step requires perms set by root. Even though I could ls -l and see that root was able to do the 4755 but the install would fail. Someone pointed out the dot in the permission listing rwxr-xr--. for example and said SELinux security context does not allow perm change (sudo su - root) and the configuration fails.

I researched and used getenforce, sestatus and the results were "enforcing". I tried to change this temporarily by using setenforce 0 which changed it to permissive. However no success in the install, same issue.

I tried chcon --reference and also

Code:

chcon -t textrel_shlib_t /usd   (as root)
chcon: failed to change context of `/usd' to `system_u:object_r:textrel_shlib_t:s0': Operation not supported

I am not an admin. I searched here as well as google, but no go. There are only two threads that I found on this forum but both do not deal with an external drive.

Some extra details
---

Code:

[root@aiilnx64 ~]# getfacl /usd
getfacl: Removing leading '/' from absolute path names
# file: usd
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
---
ls -ldZ /usd
drwxr-xr-x. root root system_u:object_r:nfs_t:s0    /usd
---

Moderator's Comments:

Please use code tags

Any advice is deeply appreciated. Also, if you are in a good mood, could you suggest a poor man's SAN or storage that could be used without such problems.

Thank you in advance

As the install fails even when SELinux is set to permissive mode, it does not seem to be a problem (one word of advice though: SELinux may cause significant performance hit on production systems, it's still not a complete product). But still, I suggest that you have a look at /var/log/audit/audit.log for possible AVC denials during that installation. The below command will show you the AVC denials for the day:

Code:

ausearch -m avc -ts today

The below command will show you the step you need to take to prevent the AVC denial:

Code:

sealert –a /var/log/audit/audit.log   # requires setroubleshoot-server to be installed

However, I would still look at the permissions. You said the installation failed, but with what error message? Can you post "ls -l" for the executable file? I see setuid bit is enabled, but is it an ELF binary file or a script one? Remember, setuid does not work on script files on modern systems. What file system does the external drive have?

Please post the required information and I might be able to help you out.

A poor man's SAN? I assume you actually meant a NAS considering the context. You can easily build up a Linux box as a NAS with NFS or SAMBA. There are lots of guides on this around the net. If you come across any issue or have a doubt, just drop in here. If you are not that comfortable with SELinux, just disable it by editing /etc/sysconfig/selinux and rebooting the machine. You may also disable the firewall (not recommended though, it's really easy to work with iptables, take a day to learn it and it's awesome).

ausearch -m avc -ts today
<no matches>
**I will re-attempt to install to give you more relevant info

One of the file on which during install I as root do a setuid and it shows correctly done
-rwsr-xr-x. 1 root sasuser 104375 May 11 2011 sasauth
sasauth: setuid ELF 32-bit LSB executable

The external drive is your run of the mill 1 TB external drive, I think gateway. Okay funny part, if I do install on same external drive from a linux 32 bit, no issue, doing it from 64 bit the issue. The issue actually is that the install stops and prompts to run setuid and then select CONTINUE to finsih install, on linux 64 bit it says perms changed successfully but then on CONTINUE nothing happens. There is no bit issue as I have both versions.

The sealert did not work as you pointed out I do not have the setroubleshoot server installed.

Poor man SAN I was simply referring to storage as to what can I use/get on a beer budget...

Oh and thank you for your time and knowledge!

So what filesystem does your external drive have? Is it EXT3/4 or NTFS? On NTFS filesystem UNIX/Linux permission bits may not work properly, although the underlying ntfs-3g system has improved a lot. So, I would suggest that you try copying the executable file to a local directory and try installing from there.

Okay, so you were really referring to SAN. Well, as always, with Linux you can build your own cheap SAN. Just grab any old machine (you may have to buy IO expansion cards, but that's cheaper than buying a new machine), install CentOS or Ubuntu (that way, you do not have to spend for support), make use of software RAID (so zero expense on RAID card), install scsi-target-utils, sg3_utils pacakages to make the box an iSCSI target (there are numerous articles on this. Any help, just drop in a thread here). That's it and you have a rock solid SAN server! ;-)

---------- Post updated at 05:16 PM ---------- Previous update was at 05:11 PM ----------

Oh yeah, almost forgot to mention that, the only thing you're going to have to spend your money on is buying hard disks (again, SATA disks are cheaper)