NMIS File Permissions

NMIS8 Unix File Permissions

NMIS normally runs under it's own user, all files under the nmis directory should be owned by nmis and in the group nmis.  In order to allow apache to serve the CGI scripts, the nmis group is added to the apache user.

NMIS supplies several tools/scripts to help you get the permissions set correctly and to check that nothing is out of place.

Basic File Permissions

Make nmis user and group own all the files. 

chown -Rv nmis:nmis <nmisdir># chmod -Rv g+w <nmisdir>

If you decide on a different user and group name, update the NMIS Configuration Config.nmis accordingly.

One of the joys of Unix is granular file permissions, one of the frustrations of Unix is granular file permissions.  To assist we have added a handy script in the admin directory <nmisdir>/admin/fixperms.pl which will read the NMIS Configuration and fix the permissions accordingly. 

/usr/local/nmis8/admin/fixperms.pl

Sample output from fixperms.pl command 

This script will fix the permissions for NMIS based on the configuration /usr/local/nmis8/admin/../conf/Config.nmis
The directory to be processed is: /usr/local/nmis8
The user will be set to: nmis
The group will be set to: nmis

Apache User File Permissions

As described in the installation guide, the HTTP Daemon user needs to be able to read and write the NMIS files, so you need to put the owner of the HTTP Daemon, this is usually the user apache or www-data.  You can determine by running: 

[root@nmisdev ~]# ps -ef | grep http
root 3927 1 0 14:14 ? 00:00:00 /usr/sbin/httpd
apache 3952 3927 0 14:14 ? 00:00:00 /usr/sbin/httpd
--snip--
apache 3959 3927 0 14:14 ? 00:00:00 /usr/sbin/httpd
root 5411 5382 0 14:38 pts/1 00:00:00 grep http
So the HTTP Daemon user is apache in this example.

Modify the Apache user groups 

usermod -G nmis apache

Then restart the HTTP Daemon 

service httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]