search

sabre-io / Baikal

Baïkal is a Calendar+Contacts server
https://sabre.io/baikal/
GNU General Public License v3.0
2.5k stars 289 forks source link

SELinux guidance? #1107

Closed tromlet closed 2 years ago

tromlet commented 2 years ago

Baikal version: 0.9.2

Problem you are having: With SELinux enabled, I get the following error:

"Error - Insufficient permissions on the configuration folders

In order to work properly, Baïkal needs to have write permissions in the Specific/ and config/ folder."

I'm running Alma Linux 8.5, and the apache user has 755 permissions on all folders and 644 permissions on all files in the baikal directory. When I punch in the setenforce 0 command to put SELinux into a permissive enforcement "stance", the page loads just fine.

Suggested solution: Add some SELinux guidance to the installation instructions page here: https://sabre.io/baikal/install/

ByteHamster commented 2 years ago

With 644, only the owner can write a file. Is apache the owner of Baikal's files?

tromlet commented 2 years ago

Yessir. I did a chown -R apache:apache /var/www/my/path/to/baikal. :(

That said, turns out I found a setting that worked (for me): setsebool -P httpd_unified 1 allowed the page to display without me disabling SELinux, so that's nice. Not sure if that would work for everyone or more complex setups, my understanding of SELinux is not tip top - but it might help folks if that solution was there on the installation page.

I think it is reasonable to say that most modern server distros are coming with SELinux installed and enabled, so application setup instructions should probably bear that in mind.