Child pages
  • NMIS File Permissions

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

Table of Contents

NMIS8 Unix File Permissions

NMIS normally runs under it's own user, all files under the nmis directory should be owned by nmis and in the group nmis.  In order to allow apache to serve the CGI scripts, the nmis group is added to the apache user.

NMIS supplies several tools/scripts to help you get the permissions set correctly and to check that nothing is out of place.

Basic File Permissions

Make nmis user and group own all the files. 

Code Block
chown -Rv nmis:nmis <nmisdir># chmod -Rv g+w <nmisdir>

If you decide on a different user and group name, update the NMIS Configuration Config.nmis accordingly.

One of the joys of Unix is granular file permissions, one of the frustrations of Unix is granular file permissions.  To assist we have added a handy script in the admin directory <nmisdir>/admin/fixperms.pl which will read the NMIS Configuration and fix the permissions accordingly. 

Code Block
/usr/local/nmis8/admin/fixperms.pl

Sample output from fixperms.pl command 

Code Block
languagebash
This script will fix the permissions for NMIS based on the configuration /usr/local/nmis8/admin/../conf/Config.nmis
The directory to be processed is: /usr/local/nmis8
The user will be set to: nmis
The group will be set to: nmis

Apache User File Permissions

As described in the installation guide, the HTTP Daemon user needs to be able to read and write the NMIS files, so you need to put the owner of the HTTP Daemon, this is usually the user apache or www-data.  You can determine by running: 

Code Block
[root@nmisdev ~]# ps -ef | grep http
root 3927 1 0 14:14 ? 00:00:00 /usr/sbin/httpd
apache 3952 3927 0 14:14 ? 00:00:00 /usr/sbin/httpd
--snip--
apache 3959 3927 0 14:14 ? 00:00:00 /usr/sbin/httpd
root 5411 5382 0 14:38 pts/1 00:00:00 grep http
So the HTTP Daemon user is apache in this example.

Modify the Apache user groups 

Code Block
usermod -G nmis apache

Then restart the HTTP Daemon 

Code Block
service httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]

SELinux Troubleshooting Tip

Sometimes there are things happening on Linux systems which don't make sense, many times it is because SELinux is preventing things.  You can spend alot of time getting SELinux to behave, or you can put it in permissive mode, or disable it, in the NMIS VM it has been disabled.

Much information to be found with Google, the following describes either option.

http://www.crypt.gen.nz/selinux/disable_selinux.html

NMIS Tools and scripts

nmis.pl provides 2 methods for checking the directory structure of nmis and ensuring that the structure is complete and has the correct permissions (based on your Config.nmis).  Running type=audit will report discrepancies between your structure and what is required, type=config will fix those errors 

Code Block
# optionally audit your config
/usr/local/nmis8/bin/nmis.pl type=audit
# fix your config
/usr/local/nmis8/bin/nmis.pl type=config

Additonally, the script fixperms.pl will go through and set the permissions on each file to ensure that NMIS can access the files it requires to operate normally 

Code Block
# fix permissions 
 /usr/local/nmis8/admin/fixperms.pl