NMIS8 Unix File Permissions
NMIS normally runs under it's own user, all files under the nmis directory should be owned by nmis and in the group nmis. In order to allow apache to serve the CGI scripts, the nmis group is added to the apache user.
NMIS supplies several tools/scripts to help you get the permissions set correctly and to check that nothing is out of place.
Basic File Permissions
Make nmis user and group own all the files.
chown -Rv nmis:nmis <nmisdir># chmod -Rv g+w <nmisdir>
If you decide on a different user and group name, update the NMIS Configuration Config.nmis accordingly.
One of the joys of Unix is granular file permissions, one of the frustrations of Unix is granular file permissions. To assist we have added a handy script in the admin directory <nmisdir>/admin/fixperms.pl which will read the NMIS Configuration and fix the permissions accordingly.
/usr/local/nmis8/admin/fixperms.pl
Sample output from fixperms.pl command
This script will fix the permissions for NMIS based on the configuration /usr/local/nmis8/admin/../conf/Config.nmis The directory to be processed is: /usr/local/nmis8 The user will be set to: nmis The group will be set to: nmis
Apache User File Permissions
As described in the installation guide, the HTTP Daemon user needs to be able to read and write the NMIS files, so you need to put the owner of the HTTP Daemon, this is usually the user apache or www-data. You can determine by running:
[root@nmisdev ~]# ps -ef | grep http root 3927 1 0 14:14 ? 00:00:00 /usr/sbin/httpd apache 3952 3927 0 14:14 ? 00:00:00 /usr/sbin/httpd --snip-- apache 3959 3927 0 14:14 ? 00:00:00 /usr/sbin/httpd root 5411 5382 0 14:38 pts/1 00:00:00 grep http
So the HTTP Daemon user is apache in this example.
Modify the Apache user groups
usermod -G nmis apache
Then restart the HTTP Daemon
service httpd restart Stopping httpd: [ OK ] Starting httpd: [ OK ]
SELinux Troubleshooting Tip
Sometimes there are things happening on Linux systems which don't make sense, many times it is because SELinux is preventing things. You can spend alot of time getting SELinux to behave, or you can put it in permissive mode, or disable it, in the NMIS VM it has been disabled.
Much information to be found with Google, the following describes either option.
http://www.crypt.gen.nz/selinux/disable_selinux.html
NMIS Tools and scripts
nmis.pl provides 2 methods for checking the directory structure of nmis and ensuring that the structure is complete and has the correct permissions (based on your Config.nmis). Running type=audit will report discrepancies between your structure and what is required, type=config will fix those errors
# optionally audit your config /usr/local/nmis8/bin/nmis.pl type=audit # fix your config /usr/local/nmis8/bin/nmis.pl type=config
Additonally, the script fixperms.pl will go through and set the permissions on each file to ensure that NMIS can access the files it requires to operate normally
# fix permissions /usr/local/nmis8/admin/fixperms.pl