Obviously we hope the installation script will create a running installation for you, but there will no doubt be occasions when it does not. Before seeking help via the mailing lists and other resources on the sourceforge site, there are some things you should clarify. The first of these is to confirm what the status of the various subsystems are. Here's a quick check list:
Can't find lsb_release in
order to determine distribution and you are on an older Fedora Core
or CentOS version, try running: yum install redhat-lsb
and then running the installer again.
Upgrades often leave out this package although it should be part
of the standard operating system.DBI
connect('wacs:myserver.myisp.com','wacs',...) failed: Can't connect to
MySQL server on 'myserver.myisp.com' (110) at ./vendpop line 39
check that you can ping the hostname of your server locally. Often people
don't have things set up so that a machine with an "internet name" can
see itself by the same name on the local network. The above error is
a symptom of this problem./var/log/httpd/myserver-errorlog/var/log/messagesmyserver/wacs/)
myserver/cgi-bin/wacsnewmodels)/usr/bin/pam_auth (packaged installations)
or /usr/local/bin/pam_auth (easyinstall/manual installations)
- give it your username and password, separated by a space, and then press
<ENTER>. If it replies with OK all is well; if it
replies with ERR or some other error message (and you know
you typed your password right of course) then there's a problem. Please see
the section called “wacssetup completes but you can't login” for more information on this.SELinux is an enhancement to Linux that allows potentially vulnerable services (like an internet-exposed web server) to be operated on a basis where each action the program tries to take needs to be explicitly allowed, rather than the normal allowed unless denied approach of most Unix environments. As such SELinux presents a whole new group of challenges for getting WACS to work, because we have to extend the ruleset as to what is allowed and what is not. It can be done, but it will take work and some experimentation. Whereever we have not used the Operating System supplied packages (Web Server, Database, etc), we're going to have to add those rules. The first thing to check is whether SELinux is enabled - to do this, type:
% sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: permissive
Mode from config file: permissive
Policy version: 20
Policy from config file: targeted
%
If it's either disabled, or is enabled but with a current mode of
permissive, it's not actualling going to be causing us a problem right now.
If it is enabled and enforcing, we've got to work on it.
The web server process needs a security context of
httpd_sys_content_t to be present on any directory it
needs to access, so the first step is to add this context to each directory
(outside of the normal ones) that it is likely to access.
This is done with the chcon commands shown above in the
manual install chapter - example:
# chcon system_u:object_r:httpd_sys_content_t /var/run/wacs
#
In addition to the directory gaining the httpd_sys_content_t
security context, any pre-existing files will also need the same,
so this can be done with:
# chcon -R system_u:object_r:httpd_sys_content_t /var/run/wacs/*
#
To inspect the security context of a file or directory, you use the -Z option to the ls command:
# ls -Z /var/run/wacs/
-rw-r--r-- apache apache system_u:object_r:httpd_var_run_t leases.acl
#
While the easyinstall script does try to set these for all the areas the
web server might go (/var/run/wacs, /etc/wacs.d
and the files area /home/wacs/*), any problems
which are causing avc_denied messages in the dmesg output are most likely
down to this issue.