Applicable to:
- Plesk for Linux
Symptoms
-
Unable to log in to Horde on Plesk server as it reloads the login page when entering the correct password
-
SELinux is enabled
# getenforce
Enforcing -
The following can be seen in the
/var/log/audit/audit.log
file:CONFIG_TEXT: type=AVC msg=audit(1603459707.800:2782049): avc: denied { write } for pid=61114 comm="php-cgi" name="proactive.sock" dev="dm-0" ino=1312865 scontext=system_u:system_r:httpd_sys_script_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=sock_file permissive=0
type=SYSCALL msg=audit(1603459707.800:2782049): arch=c000003e syscall=42 success=no exit=-13 a0=7 a1=7ffeb5336030 a2=6e a3=bb items=0 ppid=45029 pid=61114 auid=4294967295 uid=987 gid=1008 euid=987 suid=987 fsuid=987 egid=1008 sgid=1008 fsgid=1008 tty=(none) ses=4294967295 comm="php-cgi" exe="/opt/plesk/php/7.3/bin/php-cgi" subj=system_u:system_r:httpd_sys_script_t:s0 key=(null)
-
In
/var/log/maillog:
CONFIG_TEXT: Dovecot
ns22 dovecot: imap-login: Login: user=<joedoe@example.com>, method=CRAM-MD5, rip=::1, lip=::1, mpid=5403, TLS, session=<L7bg/PShIs0AAAAAAAAAAAAAAAAAAAAB>
ns22 dovecot: service=imap, user=joedoe@example.com, ip=[::1]. Logged out rcvd=26, sent=512
Courier
ns22 courier-imaps: LOGIN, user=joedoe@example.com, ip=[::1], port=[52772], protocol=IMAP
ns22 courier-imaps: LOGOUT, user=joedoe@example.com, ip=[::1], headers=0, body=0, rcvd=46, sent=350, time=0, starttls=1 -
With Horde debugging enabled the following notice appear in log file
/var/log/psa-horde/psa-horde.log
CONFIG_TEXT: HORDE Guest user is not authorized for Horde
-
stracing the Apache process provides the following line:
CONFIG_TEXT: open("/var/lib/php/session/sess_l2mscgvjj03gefioseknson8b6", O_RDWR|O_CREAT|O_NOFOLLOW, 0600) = -1 EACCES (Permission denied) <0.000069>
Cause
The directory /var/lib/php/session/
has incorrect SELinux context.
Resolution
Restore the SELinux context:
-
Connect to the server via SSH
-
Restore the SELinux context:
# restorecon -R -v /var/lib/php/session/
-
In case the issue remains, reinstall "psa-selinux" package to reapply Plesk SELinux policies:
# yum reinstall psa-selinux
Comments
0 comments
Please sign in to leave a comment.