"Can't access id"

[das329717]

If you're on a Fedora 16/17 system that uses systemd to start Apache - this is your solution.

TL;DR version: edit /lib/systemd/system/httpd.service and change the value PrivateTmp to 'no'.

This is an informational post, in which I ran into a problem that I couldn't find ANYWHERE on here or google. I was running into the "Can't access id" problem many others were having, but mine is unique. Below are the symptoms and some of the areas I checked:

RTORRENT:
[22.03.2012 02:17:12] rTorrent user can't access 'id' program. Some functionality will be unavailable.

APACHE:
[Thu Mar 22 01:42:02 2012] [error] [client 192.168.1.1] PHP Warning: file(/tmp/rutorrent-stats-2105090364f6ae5dacf917): failed to open stream: No such file or directory in /var/www/vhosts/rutorrent/php/settings.php on line 187, referer: http://flux.example.com/

ID: (rtorrent user)
-bash-4.2$ which id
/bin/id
-bash-4.2$ id -G
100
-bash-4.2$ id -u
1002

CONFIG.PHP:
"id" => '/bin/id',

TEMP DIR:
drwxrwxrwt. 26 root root 4096 Mar 22 02:01 /tmp
-rw-rw-r-- 1 share users 21 Mar 22 20:12 rutorrent-stats-10914218994f6bea36d00fc
-bash-4.2$ cat /tmp/rutorrent-stats-10914218994f6bea36d00fc
1002
100
/home/share

Apache is where I checked next, as it looked like Apache wasn't able to access the /tmp directory. So I ran 'systemctl show httpd.service' & I noticed a line that read : PrivateTmp=yes. It seems this is the default install value for Fedora 17, not sure about 16.

I edited /lib/systemd/system/httpd.service and changed the value to PrivateTmp=no. It seems to have fixed the problem. Hope this helps.

Logan

 

[dsouvik215]

I have the same problem on lighty BUT with Centos 6.2. Reverting to Centos 5.8 resolve the issue. Never figure out what is wrong in 6.2.
Anyone know where to fix for Centos 6.2 and Lighttpd?

Thanks

 

[jith45]

I'm having the same problem with centos 6.4 and apache (tested with lighhttpd and also got the same result)

example from error.log:

Code:
[Sun Oct 13 20:30:08 2013] [error] [client *.*.*.*] PHP Warning: file(/tmp/rutorrent-stats-1559851336525ae6b0c378b): failed to open stream: Permission denied in /var/www/html/rutorrent/php/settings.php on line 197, referer: http://*.*.*.*/rutorrent/
I've noticed that changing selinux from "Enforcing" to "Permissive" will work around this but I would prefer a more secure solution.

I guess the problem is that the web server (running as apache user) can't access the files created by the user running the rtorrent program.
(even if the files are under /tmp 777)

Is it recommended to run rtorrent as the same user as the web server? can you set the privatetmp is some way in centos?

Any other hints?

Thanks in advance,

 

[somus1735]

Try to use svn version.
1) I add configurable tmp directory in it (check last line in the conf/config.php)
2) Checking of the id binary now doesn't require existence of tmp directory at all.

 

[jith45]

Yes, I agree... I managed to solve this the following way:

I guess part of the problem is that on machines running selinux the files under /tmp have

file context = unconfined_ubject_r:user_tmp_t

While the webserver = unconfined_u:system_r:httpd_t

So setting to premissive disables that (and that's why it works)

I modified the rutorrent/php/settings.php

Before:

$randName = uniqid("/tmp/rutorrent-stats-".rand());

After:

$randName = uniqid("/tmp/rutorrent-stats/rutorrent-stats-".rand());

change context:
chcon -R -t httpd_sys_content_t /tmp/rutorrent-stats

Add the path to file context:
semanage fcontext -a -t httpd_sys_content_t "/tmp/rutorrent-stats(/.*)?"

chown <rtorrent user>:<webserver user> /tmp/rutorrent-stats
chmod 775 /tmp/rutorrent-stats

And now I can run rutorrent in enforcing mode

Thanks for all help!