Applicable to:
- Plesk Onyx 17.8 for Linux
Symptoms
-
Plesk Onyx 17.8 is installed on CentOS, RedHat or CloudLinux;
-
When Roundcube webmail is used, the following errors are written to the
/var/log/httpd/error_log:
CONFIG_TEXT: mod_fcgid: stderr: PHP Warning: file_put_contents(/var/log/plesk-roundcube/errors): failed to open stream: Permission denied in /usr/share/psa-roundcube/program/lib/Roundcube/rcube.php on line 1259, referer: http://webmail.example.com/
-
SELinux is in 'Enforced' state:
# getenforce
Enforcing -
SELinux security context for the
/var/log/plesk-roundcube/sendmail
is:# ls -lZ /var/log/plesk-roundcube/sendmail
-rw-r-----. roundcube_sysuser roundcube_sysgroup system_u:object_r:cron_log_t:s0 -
/var/log/audit/audit.log
contains thу following error message:CONFIG_TEXT: audit(1521791921.029:461): avc: denied { open } for pid=9978 comm="php-cgi" path="/var/log/plesk-roundcube/sendmail" dev="sda2" ino=1286680 scontext=system_u:system_r:httpd_sys_script_t:s0 tcontext=system_u:object_r:cron_log_t:s0 tclass=file
Cause
Incorrect security context type cron_log_t
set to Roundcube log files, the correct one is var_log_t
.
It is a Plesk bug with ID #PPP-35816, which is considered to be fixed in one of the next Plesk updates.
Resolution
-
Connect to the server through SSH
-
Execute the commands below to set valid SELinux type (
var_log_t
):# semanage fcontext -a -t var_log_t /var/log/plesk-roundcube/sendmail
# semanage fcontext -a -t var_log_t /var/log/plesk-roundcube/errors
# restorecon -R /var/log/plesk-roundcube/ -
Verify that changes were applied properly:
# ls -lZ /var/log/plesk-roundcube/sendmail
-rw-r-----. roundcube_sysuser roundcube_sysgroup system_u:object_r:var_log_t:s0# ls -lZ /var/log/plesk-roundcube/errors
-rw-r-----. roundcube_sysuser roundcube_sysgroup system_u:object_r:var_log_t:s0
Comments
0 comments
Please sign in to leave a comment.