Installation of Postfix, Dovecot and Roundcube

Mikheil · September 4, 2022, 8:53am

I followed the excellent TID on Linuxbabe and Postfix and Roundcube and it all worked perfectly until…

http://office.myDomain.com/installer

I get a 403. You don’t have permission to access this resource. Server unable to read htaccess file. Denying access to be safe.

I’ve even tried setting the permissions to 777 on .htaccess and still get the same error. I did chmod -R apache:apache /var/www.

Same problem. Anyone know what I’m doing wrong?

iwalker · September 4, 2022, 9:02am

I’m assuming you mean this article? Install Roundcube Webmail on CentOS 8/RHEL 8 with Apache/Nginx

Did you do all the steps in step 6? Also, just to check, can you do this:

setenforce 0

this puts selinux in permissive mode, and then try the installer url again in the web browser? If it works, then it means an selinux issue is still outstanding and would need to be resolved - most likely due to /var/www/roundcube directory not having the correct contexts. To re-enable selinux again after, do:

setenforce 1

or reboot the server, and selinux will be enabled again.

If setting selinux in permissive allows you to continue the installation, it means that something in step 6 was missed. Check /var/log/audit/audit.log for more info. Or do:

audit2allow -a /var/log/audit/audit.log

and post the output here.

Mikheil · September 4, 2022, 9:04am

One of the first things I do is disable SELinux, it’s just a damn nuisance

iwalker · September 4, 2022, 9:06am

Check /var/log/httpd/*_log files, especially access and error logs - if other log files have been configured in the apache configuration, then the name of the file might differ. Any permission problems if related to apache config should show in these files.

Mikheil · September 4, 2022, 9:13am

(13)Permission denied: [client 192.168.0.216:37038] AH00529: /var/www/roundcube/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that ‘/var/www/roundcube/’ is executable, referer: http://mail.officer.myDomain.com/installer

I did chmod -R 755 /var/www after the chown

iwalker · September 4, 2022, 9:26am

Can you do:

ls -lh /var/www/roundcube/.htaccess

You may wish to do:

chmod 664 /var/www/roundcube/.htaccess

to ensure it has rw-rw-r permissions.

Directories should have 755, so you have restricted/unrestricted it even more. The command 765 shouldn’t be used on files as you make them executable.

Mikheil · September 4, 2022, 9:28am

ls -lh /var/www/roundcube/.htaccess
-rwxrwxrwx. 1 apache apache 2.5K Jul 23 22:17 /var/www/roundcube/.htaccess

iwalker · September 4, 2022, 9:30am

Yeah that is too much. Due to the incorrect chown command, you need to fix this:

cd /var/www/
chown -R apache:apache .
find . -type d -exec chmod 755 '{}' \;
find . -type f -exec chmod 640 '{}' \;

that will ensure the directories have the correct permissions, as well as the files. type d being directories, type f being files.

Mikheil · September 4, 2022, 9:33am

Did that. Still the same problem

iwalker · September 4, 2022, 9:34am

So have to check apache configuration, since file permissions are fine. If selinux is disabled, then it’s not this. So I think means that only apache can be the problem now.

I expect the /var/www/roundcube doesn’t have an allow override all option, eg in the apache config for roundcube that you did:

<Directory /var/www/roundcube>
    AllowOverride all
</Directory>

this is explained in Step 4 of the LinuxBabe howto.

Mikheil · September 4, 2022, 9:38am

The file in /etc/httpd/conf.d named mail.office.myDomain.com is IDENTICAL to the one in Linuxbabe, except I changed the first line to the above.

<VirtualHost*:80>
   ServerName mail.office.myDomain.com

How do I know it’s identical? I cut and pasted it!

iwalker · September 4, 2022, 9:39am

Maybe you know that, but I don’t since I cannot see your server, nor can I see the confile files. Nor can I know if you checked and set the permissions properly.

Either way, if it was configured properly it would work. So… I suggest you make sure 100% that you followed the article properly.

Mikheil · September 4, 2022, 9:40am

<VirtualHost *:80>
  ServerName mail.office.myDomain.com
  DocumentRoot /var/www/roundcube/

  ErrorLog /var/log/httpd/roundcube_error.log
  CustomLog /var/log/httpd/roundcube_access.log combined

  <Directory />
    Options FollowSymLinks
    AllowOverride All
  </Directory>

  <Directory /var/www/roundcube/>
    Options FollowSymLinks MultiViews
    AllowOverride All
    Order allow,deny
    allow from all
  </Directory>
</VirtualHost>

All the commands you gave me, I also cut and pasted so there are no typos or spelling mistakes. So if your commands are correct, so are my permissions.

iwalker · September 4, 2022, 9:44am

Can you post the results of:

getenforce

please copy/paste from the console, so we can be 100% sure selinux is disabled.

iwalker · September 4, 2022, 9:49am

Someone on roundcube forum had the same problem, and it was selinux-related: pcfq_openfile: unable to check htaccess file...

Mikheil · September 4, 2022, 9:50am

Interesting problem:
This is my selinux.config file:

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

BUT
getenforce
Enforcing

WTF is going on now?

iwalker · September 4, 2022, 9:51am

Maybe you didn’t reboot after changing the config? So:

setenforce 0

and check the roundcube installer again? Or, reboot to make sure selinux is disabled. After reboot, run getenforce again to make sure.

Mikheil · September 4, 2022, 9:54am

OK, I’ll do that, but as soon as the installation dnf update is over, I disable selinux and it must have been rebooted at least 20 times since then.

After setting setenforce 0
setenforce 0
[root@hermes ~]# getenforce
Permissive

I want it DISABLED. How do I do that?

iwalker · September 4, 2022, 9:55am

We will concentrate on that later, now that it says permissive, check the installer. Does it work?

Mikheil · September 4, 2022, 9:57am

The answer - Yes and No
yes it goes to the install screen, but I see
Checking available databases

Check which of the supported extensions are installed. At least one of them is required.
MySQL:  NOT AVAILABLE(See https://www.php.net/manual/en/ref.pdo-mysql.php)
PostgreSQL:  NOT AVAILABLE(See https://www.php.net/manual/en/ref.pdo-pgsql.php)
SQLite:  OK
SQLite (v2):  NOT AVAILABLE(See https://www.php.net/manual/en/ref.pdo-sqlite.php)
SQL Server (SQLSRV):  NOT AVAILABLE(See https://www.php.net/manual/en/ref.pdo-sqlsrv.php)
SQL Server (DBLIB):  NOT AVAILABLE(See https://www.php.net/manual/en/ref.pdo-dblib.php)
Oracle:  NOT AVAILABLE(See https://www.php.net/manual/en/book.oci8.php)

MySQL is installed and setup as per Linuxbabe.

SELinux again?

I’m going to reboot the blasted thing - again!

Topic		Replies	Views
SELinux prevents Postfix from reading cert files Rocky Linux General	4	409	August 25, 2023
Dovecot/postfix mkhomedir issue Rocky Linux General	2	788	August 25, 2023
SELinux message Rocky Linux General	3	525	August 25, 2023
Non-root users unable to read perl scripts Rocky Linux General	8	1317	August 25, 2023
.htaccess not working restricting file Rocky Linux General	3	515	August 25, 2023

Installation of Postfix, Dovecot and Roundcube

Related Topics