OTRS temp files permissions

Moderator: crythias

Post Reply
manoj99
Znuny newbie
Posts: 41
Joined: 22 Jan 2020, 00:00
Znuny Version: 5.0.42
Real Name: mk99

OTRS temp files permissions

Post by manoj99 »

Hello,

I'm currently running OTRS 5 on CentOS + mod_perl + httpd + SeLinux enabled.

I have been getting permissions issues
Can't write /opt/otrs/var/tmp/CacheFileStorable/User/4/3/43756e2a56122933ea501d9067d74c58
if the user permissions are otrs:apache then it is able to write but the permissions change dynamically to apache:apache which raises the above error for files/dir under /opt/otrs/var/tmp/. and the selinux label for /opt/otrs/var/tmp is httpd_sys_rw_content_t recursively

Currently, manually running a hardening script to change permissions back to otrs:apache


Also, due to permissions issue, I believe the recurring cron tasks are failing.

Just to mention otrs is a member of apache group


Any help is highly appreciated.


Thanks,
M.
root
Administrator
Posts: 3934
Joined: 18 Dec 2007, 12:23
Znuny Version: Znuny and Znuny LTS
Real Name: Roy Kaldung
Company: Znuny
Contact:

Re: OTRS temp files permissions

Post by root »

manoj99 wrote: 12 Apr 2021, 17:56 Just to mention otrs is a member of apache group
Hi,

Start with having apache the primary group of the otrs user.

- Roy
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO

Use a test system - always.

Do you need professional services? Check out https://www.znuny.com/

Do you want to contribute or want to know where it goes ?
manoj99
Znuny newbie
Posts: 41
Joined: 22 Jan 2020, 00:00
Znuny Version: 5.0.42
Real Name: mk99

Re: OTRS temp files permissions

Post by manoj99 »

Hi Roy,

I changed apache to be the primary group of otrs user but still see the write permissions error on /opt/otrs/var/tmp/CacheFileStorable/*/*
[root@hostname]# id apache
uid=297(apache) gid=394(apache) groups=394(apache),48(apache)
[root@hostnamef]# id otrs
uid=1343(otrs) gid=394(apache) groups=394(apache),48(apache)

Thanks,
M
Post Reply