<IfModule !IdcApacheAuth>
LoadModule IdcApacheAuth "/oracle/ucm/server/shared/os/linux/lib/IdcApache22Auth.so"
</IfModule>
IdcUserDB "idc" "/oracle/ucm/server/data/users/userdb.txt" Alias "/idc" "/oracle/ucm/server/weblayout/"
<Location "/idc">
IdcSecurity "idc"
Allow from allDirectoryIndex portal.htm
</Location>
Following Permission denied exception thrown when i restarted the server after adding the above configuration.
httpd: Syntax error on line 1001 of /etc/httpd/conf/httpd.conf: Cannot load /oracle/ucm/server/shared/os/linux/lib/IdcApache22Auth.so into server: /oracle/ucm/server/shared/os/linux/lib/IdcApache22Auth.so: cannot open shared object file: Permission denied
This is really not an issue. Actually an advanced security feature in linux called SELinux is blocking the library file from loading. SELinux (Security Enhanced Linux) is a proxy controlling the request to all aspects of the system including filesystem, processes, users, network connections, etc.
Method 1 - Disable SELinux
One way of fixing this issue is turning the mode of SELinux to off or warning only.
In command shell type
shell system-config-selinux
to bring the graphical administraion window of SELinux and set the following parameters
System default enforcing mode - Disabled or Permisive
current enforcing mode - Permisive
Also you can manualy configure it by editing configuration file
/etc/selinux/config
set the variable SELINUX=disabled and reboot the system.
Alternatively can use the following commands to temparoryly disable SELinux until next reboot.
setenforce 1
echo 0 > /selinux/enforce
Specify in /etc/grub.conf on the "kernel" command line: enforcing=0 which will also
work on reboot and permenent.
Method 2 - Configure the SELinux security paramters
Login as root and copy the file IdcApache22Auth.so to /usr/lib which has permissions for running the file. Should use the copy command instead of move command to set the directory permissions in file.
cp /oracle/ucm/server/shared/os/linux/lib/IdcApache22Auth.so /usr/lib
Then change the httpd.conf file parameter from
/oracle/ucm/server/shared/os/linux/lib/IdcApache22Auth.so
to
/usr/lib/IdcApache22Auth.so
Check current security setting using following commands
ls -Z /oracle will show the current settings
ps -eZ to see security contexts of processes
Make the /oracle directory accessible by invoking the following command
chcon -R -h -t httpd_sys_content_t /oracle
-R: Recursive. Files and directories in current directory and all subdirectories.
-h: Affect symbolic links.
-t: Specify type of security context.
Make the httpd connect to ucm by setting the following httpd option. Execute the following command
setsebool -P httpd_can_network_connect=1
retart httpd by issueing follwing command as root
service httpd restart
Now the above issue should be fixed.
=============================
No comments:
Post a Comment