Mailing List Archive

Mythweb - PHP Fatal Error
Thankyou to everyone for advice on switching to compiling from source. Mostly everything went well with Mythbackend and Mythfrontend essentially up and working without any problems. All my recordings are there and playable.

But not Mythweb. Just can not get it to work.

Am getting the following error in /var/log/apache2/error.log

PHP Fatal error: Call to a member function query_col() on a non-object in /usr/share/mythweb/includes/utils.php on line 59

Essentially I understand that this means that access to the mysql database is not working. But I have checked and triple checked mythtv user and password to database plus BE/FE both work.

Have placed mythweb.conf in /etc/apache2/sites-configured/ and used a2ensite mythweb.conf to create the symlinks to /etc/apache2/sites-enabled/

Have set the directory as follows which I assume must be working because it is finding the utils.php file
<Directory "/usr/share/mythweb/data">
Options +FollowSymLinks +IncludesNoExec
</Directory>
<Directory "/usr/share/mythweb" >

Authentication is commented out.
# AuthType Digest
# AuthName "MythTV"
# AuthUserFile /etc/mythweb.password.digest
# Require valid-user
# BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
# Order allow,deny
# Deny from all
# Allow from 192.168.0 192.168.1 127
# Satisfy any


Environment variables look correct
setenv db_server "localhost"
setenv db_name "mythconverg"
setenv db_login "mythtv"
setenv db_password "mythtv"

It seems like this should be simple to fix but I just can't get it, any assistance would be greatly appreciated.
Re: Mythweb - PHP Fatal Error [ In reply to ]
> On Dec 18, 2013, at 5:39 PM, Mark Perkins <perkins1724@hotmail.com> wrote:
>
> PHP Fatal error: Call to a member function query_col() on a non-object in /usr/share/mythweb/includes/utils.php on line 59

I may be off here but where are the myth php bindings installed? They're part of myth proper and might follow your prefix, /usr/local or /opt or whatever, but mythweb hard codes /usr/share/mythtv for the bindings path.

- George
Re: Mythweb - PHP Fatal Error [ In reply to ]
Mark Perkins wrote:
>
> Essentially I understand that this means that access to the mysql
> database is not working.

Depending on your distro (Mine backend is Ubuntu), you'll need php-mysql
installed. Mine shows:

dpkg -l|grep php|grep mysql

php5-mysql 5.4.9-4ubuntu2.3 amd64 MySQL module for php5

Doug



--
Ben Franklin quote:

"Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety."

_______________________________________________
mythtv-users mailing list
mythtv-users@mythtv.org
http://www.mythtv.org/mailman/listinfo/mythtv-users
Re: Mythweb - PHP Fatal Error [ In reply to ]
>I may be off here but where are the myth php bindings installed? They're part of myth proper and might follow your prefix, >/usr/local or /opt or whatever, but mythweb hard codes /usr/share/mythtv for the bindings path.>
>- George
Thanks George. Bindings were /usr/local/share/mythtv so I tried symlink /usr/share/mythtv -> /usr/local/share/mythtv but did not seem to help.
Re: Mythweb - PHP Fatal Error [ In reply to ]
> dpkg -l|grep php|grep mysql
>
> php5-mysql 5.4.9-4ubuntu2.3 amd64 MySQL module for php5
>
> Doug
>

Thanks Doug, tried dpkg -l|grep php|grep mysql which returned

ii php5-mysql 5.5.3+dfsg-1ubuntu2.1 i386 MySQL module for php5

It's a different version, is that likely to be a problem?
Re: Mythweb - PHP Fatal Error [ In reply to ]
Mark Perkins wrote:
>
> It's a different version, is that likely to be a problem?

Most likely not. You must be running a newer version of Ubuntu, I'm
running 13.04.

Doug

--
Ben Franklin quote:

"Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety."

_______________________________________________
mythtv-users mailing list
mythtv-users@mythtv.org
http://www.mythtv.org/mailman/listinfo/mythtv-users
Re: Mythweb - PHP Fatal Error [ In reply to ]
RESOLVED

Turns out that mysql config - specifically host config - was the problem. Even though I had:
setenv db_server "localhost"

in the mythweb.conf file apache2 would not connect via localhost. So even though my mysql mythtv user config was:
host | user
.......................................
localhost | mythtv
192.168.1.% | mythtv
192.168.0.% | mythtv
mark-ep35-ds3 | mythtv

It failed to authenticate.

I had trawled through a lot of google material over the last several hours but vaguely recalled someone complaining that apache2 was reporting local host connections on 127.0.1.1 so I added additional mythtv hosts as follows:

create user 'mythtv'@'127.0.0.%' identified by 'mythtv';
create user 'mythtv'@'127.0.1.%' identified by 'mythtv';
set password for 'mythtv'@'127.0.0.%' = password('mythtv');
set password for 'mythtv'@'127.0.1.%' = password('mythtv');
connect mythconverg;
grant all privileges on *.* to 'mythtv'@'127.0.0.%' with grant option;
grant all privileges on *.* to 'mythtv'@'127.0.1.%' with grant option;
flush privileges;
exit;And that was that, site came up straight away.

And just to add some icing to that cake I got a warning straight away that /mythweb/data/tv_icons/ directory was not writeable so a quick chmod 775 (group www-data that I had set previously) and all the icons appeared for the first time in my mythweb life.

I swear those icons have never looked so good.......
Re: Mythweb - PHP Fatal Error [ In reply to ]
Mark Perkins wrote:
> RESOLVED
>
> Turns out that mysql config - specifically host config - was the
> problem. Even though I had:
> setenv db_server "localhost"

Very cool! And, I'll make note of that for future installs.

Doug


--
Ben Franklin quote:

"Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety."

_______________________________________________
mythtv-users mailing list
mythtv-users@mythtv.org
http://www.mythtv.org/mailman/listinfo/mythtv-users
Re: Mythweb - PHP Fatal Error [ In reply to ]
I ran into a similar problem. I was getting:

server requested authentication method unknown to the client

I too spent some time with Google, played games with old_password set vs.
not set in my.cnf with no luck. Most of the advice said that the only way to
fix this was to downgrade PHP, which would be a huge hassle.

Then this thread came up. So I got to this part:


>
> set password for 'mythtv'@'127.0.0.%' = password('mythtv');
> set password for 'mythtv'@'127.0.1.%' = password('mythtv');

Interesting. I need to learn more about how wildcards in MySQL actually
work. Certainly not like one might expect. I did a grant for
'mythtv'@'%', and set the password for that as well, expecting that to
really be global. But it isn't. I had never heard of the "mysql.user"
table before, but I looked in there, and sure enough, while "show grants
for mythtv" shows the grants for 'mythtv'@'%', there are actually
separate entries in mysql.user for my backend, my old backend, and my
frontends, as well as for 'mythtv'@'localhost'. So I tried

set password for 'mythtv'@'localhost' = password('mythtv');

Progress (I think). I don't get an authentication error any more, now I
just get a page that has nothing but the text "MythTV", which is a link
to whatever URL I used to reach the page.

What's up with that? I think I'm close, but has anyone seen this and
know what step I'm missing?

If it matters:

OS: Fedora 19
MySQL: mariadb-5.5.33a-1
PHP: php-5.5.6-1
Apache: httpd-2.4.6-2

Thanks for any hints,
--Greg



_______________________________________________
mythtv-users mailing list
mythtv-users@mythtv.org
http://www.mythtv.org/mailman/listinfo/mythtv-users
Re: Mythweb - PHP Fatal Error [ In reply to ]
>> Progress (I think). I don't get an authentication error any more, now I
>> just get a page that has nothing but the text "MythTV", which is a link
>> to whatever URL I used to reach the page.

What does the following show?

rpm -qa|grep -i mysql

Anything interesting in your apache logs?

Doug
_______________________________________________
mythtv-users mailing list
mythtv-users@mythtv.org
http://www.mythtv.org/mailman/listinfo/mythtv-users
Re: Mythweb - PHP Fatal Error [ In reply to ]
On Thu, 2013-12-19 at 10:49 -0500, Doug Lytle wrote:
> >> Progress (I think). I don't get an authentication error any more, now I
> >> just get a page that has nothing but the text "MythTV", which is a link
> >> to whatever URL I used to reach the page.
>
> What does the following show?
>
> rpm -qa|grep -i mysql

MySQL-python-1.2.3-7.fc19.x86_64
qt-mysql-4.8.5-10.fc19.x86_64
php-mysqlnd-5.5.6-1.fc19.x86_64
perl-DBD-MySQL-4.023-2.fc19.x86_64

> Anything interesting in your apache logs?

Should have thought of that myself, but since I'm only a novice when it
comes to the web part of things, I don't know what to make of it. From
the error_log I see this repeated six times for each attempt:

[Thu Dec 19 09:07:25.819469 2013] [:error] [pid 16678] [client
192.168.1.32:54260] PHP Warning: Unknown: function '0' not found or
invalid function name in Unknown on line 0, referer:
http://mongoliad.gregandeva.net/mythweb/

Here's what's in the access_log:

192.168.1.32 - - [19/Dec/2013:09:07:25 -0700] "GET /mythweb/ HTTP/1.1"
200 908 "
-" "Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101
Firefox/25.0"
192.168.1.32 - - [19/Dec/2013:09:07:25 -0700]
"GET /mythweb/js/prototip/prototip
.css HTTP/1.1" 200 724 "http://mongoliad.gregandeva.net/mythweb/"
"Mozilla/5.0 (
X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0"
192.168.1.32 - - [19/Dec/2013:09:07:25 -0700]
"GET /mythweb/js/dialog/dialog.css
HTTP/1.1" 200 571 "http://mongoliad.gregandeva.net/mythweb/"
"Mozilla/5.0 (X11;
Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0"
192.168.1.32 - - [19/Dec/2013:09:07:25 -0700]
"GET /mythweb/js/jquery-1.9.1.min.
js HTTP/1.1" 200 92629 "http://mongoliad.gregandeva.net/mythweb/"
"Mozilla/5.0 (
X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0"
192.168.1.32 - - [19/Dec/2013:09:07:25 -0700]
"GET /mythweb/js/prototype.js HTTP
/1.1" 200 129738 "http://mongoliad.gregandeva.net/mythweb/" "Mozilla/5.0
(X11; L
inux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0"
192.168.1.32 - - [19/Dec/2013:09:07:25 -0700]
"GET /mythweb/js/dialog/dialog.js
HTTP/1.1" 200 14661 "http://mongoliad.gregandeva.net/mythweb/"
"Mozilla/5.0 (X11
; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0"


> 192.168.1.32 - - [19/Dec/2013:09:07:25 -0700] "GET /mythweb/js/prototip/prototip.js HTTP/1.1" 200 17848 "http://mongoliad.gregandeva.net/mythweb/" "Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0"
192.168.1.32 - - [19/Dec/2013:09:07:25 -0700] "GET /mythweb/js/utils.js
HTTP/1.1" 200 5094 "http://mongoliad.gregandeva.net/mythweb/"
"Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0"
192.168.1.32 - - [19/Dec/2013:09:07:25 -0700]
"GET /mythweb/js/AC_OETags.js HTTP/1.1" 200 7557
"http://mongoliad.gregandeva.net/mythweb/" "Mozilla/5.0 (X11; Linux
x86_64; rv:25.0) Gecko/20100101 Firefox/25.0"
192.168.1.32 - - [19/Dec/2013:09:07:25 -0700]
"GET /mythweb/js/recommend.js HTTP/1.1" 200 2550
"http://mongoliad.gregandeva.net/mythweb/" "Mozilla/5.0 (X11; Linux
x86_64; rv:25.0) Gecko/20100101 Firefox/25.0"
192.168.1.32 - - [19/Dec/2013:09:07:25 -0700]
"GET /mythweb/js/table_sort.js HTTP/1.1" 200 19752
"http://mongoliad.gregandeva.net/mythweb/" "Mozilla/5.0 (X11; Linux
x86_64; rv:25.0) Gecko/20100101 Firefox/25.0"
192.168.1.32 - - [19/Dec/2013:09:07:25 -0700]
"GET /mythweb/skin_url/style.css HTTP/1.1" 200 908
"http://mongoliad.gregandeva.net/mythweb/" "Mozilla/5.0 (X11; Linux
x86_64; rv:25.0) Gecko/20100101 Firefox/25.0"
192.168.1.32 - - [19/Dec/2013:09:07:25 -0700]
"GET /mythweb/skin_url/menus.css HTTP/1.1" 200 908
"http://mongoliad.gregandeva.net/mythweb/" "Mozilla/5.0 (X11; Linux
x86_64; rv:25.0) Gecko/20100101 Firefox/25.0"
192.168.1.32 - - [19/Dec/2013:09:07:25 -0700]
"GET /mythweb/skin_url/header.css HTTP/1.1" 200 908
"http://mongoliad.gregandeva.net/mythweb/" "Mozilla/5.0 (X11; Linux
x86_64; rv:25.0) Gecko/20100101 Firefox/25.0"
192.168.1.32 - - [19/Dec/2013:09:07:25 -0700]
"GET /mythweb/skin_url/programming.css HTTP/1.1" 200 908
"http://mongoliad.gregandeva.net/mythweb/" "Mozilla/5.0 (X11; Linux
x86_64; rv:25.0) Gecko/20100101 Firefox/25.0"
192.168.1.32 - - [19/Dec/2013:09:07:25 -0700]
"GET /mythweb/skin_urlimg/mythtv-logo.png HTTP/1.1" 200 908
"http://mongoliad.gregandeva.net/mythweb/" "Mozilla/5.0 (X11; Linux
x86_64; rv:25.0) Gecko/20100101 Firefox/25.0"
192.168.1.32 - - [19/Dec/2013:09:07:25 -0700] "GET /favicon.ico
HTTP/1.1" 404 209 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:25.0)
Gecko/20100101 Firefox/25.0"
::1 - - [19/Dec/2013:09:07:31 -0700] "OPTIONS * HTTP/1.0" 200 - "-"
"Apache/2.4.6 (Fedora) PHP/5.5.6 (internal dummy connection)"
::1 - - [19/Dec/2013:09:07:32 -0700] "OPTIONS * HTTP/1.0" 200 - "-"
"Apache/2.4.6 (Fedora) PHP/5.5.6 (internal dummy connection)"

--Greg


_______________________________________________
mythtv-users mailing list
mythtv-users@mythtv.org
http://www.mythtv.org/mailman/listinfo/mythtv-users
Re: Mythweb - PHP Fatal Error [ In reply to ]
Greg Woods wrote:
> [Thu Dec 19 09:07:25.819469 2013] [:error] [pid 16678] [client
> 192.168.1.32:54260] PHP Warning: Unknown: function '0' not found or
> invalid function name in Unknown on line 0, referer:
> http://mongoliad.gregandeva.net/mythweb/

Google points to this:

http://code.mythtv.org/trac/ticket/10504

Doug

--
Ben Franklin quote:

"Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety."

_______________________________________________
mythtv-users mailing list
mythtv-users@mythtv.org
http://www.mythtv.org/mailman/listinfo/mythtv-users
Re: Mythweb - PHP Fatal Error [ In reply to ]
On Thu, Dec 19, 2013 at 7:38 PM, Doug Lytle <support@drdos.info> wrote:

> Greg Woods wrote:
> > [Thu Dec 19 09:07:25.819469 2013] [:error] [pid 16678] [client
> > 192.168.1.32:54260] PHP Warning: Unknown: function '0' not found or
> > invalid function name in Unknown on line 0, referer:
> > http://mongoliad.gregandeva.net/mythweb/
>
> Google points to this:
>
> http://code.mythtv.org/trac/ticket/10504
>

The patch attached to the ticket below worked for me. The one above wiped
out most of the errors, and this took care of the rest. It only involves
adding/commenting out a few lines in mythweb.conf, so it's easy to apply.

The ticket does say that the error was fixed 9 months ago, so YMMV.

http://code.mythtv.org/trac/ticket/11277

Jerry
Re: Mythweb - PHP Fatal Error [ In reply to ]
On Thu, 2013-12-19 at 20:21 -0500, Jerry wrote:
> On Thu, Dec 19, 2013 at 7:38 PM, Doug Lytle <support@drdos.info>
> wrote:
> Greg Woods wrote:
> > [Thu Dec 19 09:07:25.819469 2013] [:error] [pid 16678]
> [client
> > 192.168.1.32:54260] PHP Warning: Unknown: function '0' not
> found or
> > invalid function name in Unknown on line 0, referer:
> > http://mongoliad.gregandeva.net/mythweb/
>
> Google points to this:
>
> http://code.mythtv.org/trac/ticket/10504
>
>
> The patch attached to the ticket below worked for me. The one above
> wiped out most of the errors, and this took care of the rest. It only
> involves adding/commenting out a few lines in mythweb.conf, so it's
> easy to apply.
>
> The ticket does say that the error was fixed 9 months ago, so YMMV.
>
> http://code.mythtv.org/trac/ticket/11277

My Google fu has never been very good, so thanks very much for those
pointers (really, I did try Googling the error message).

And, in fact, I had neglected to replace my old mythweb.conf with the
one included with the new version of mythweb. But when I did that,
Apache fails to start, so I've got some work to do when I have time to
get into it:



Dec 20 06:52:50 mongoliad.gregandeva.net httpd[15406]: AH00526: Syntax
error on line 30 of /etc/httpd/conf.d/mythweb.conf:
Dec 20 06:52:50 mongoliad.gregandeva.net httpd[15406]: You may not use
'Options +All' or 'Options -All'.
Dec 20 06:52:50 mongoliad.gregandeva.net systemd[1]: httpd.service: main
process exited, code=exited, status=1/FAILURE

--Greg



_______________________________________________
mythtv-users mailing list
mythtv-users@mythtv.org
http://www.mythtv.org/mailman/listinfo/mythtv-users
Re: Mythweb - PHP Fatal Error [ In reply to ]
>> Dec 20 06:52:50 mongoliad.gregandeva.net httpd[15406]: AH00526: Syntax
>> error on line 30 of /etc/httpd/conf.d/mythweb.conf:
>> Dec 20 06:52:50 mongoliad.gregandeva.net httpd[15406]: You may not use
>> 'Options +All' or 'Options -All'.

Edit your mythweb.conf, go to line 30 and change it to:

Options -All +FollowSymLinks +IncludesNoExec

Doug
_______________________________________________
mythtv-users mailing list
mythtv-users@mythtv.org
http://www.mythtv.org/mailman/listinfo/mythtv-users
Re: Mythweb - PHP Fatal Error [ In reply to ]
On Fri, 2013-12-20 at 09:30 -0500, Doug Lytle wrote:
> >> Dec 20 06:52:50 mongoliad.gregandeva.net httpd[15406]: AH00526: Syntax
> >> error on line 30 of /etc/httpd/conf.d/mythweb.conf:
> >> Dec 20 06:52:50 mongoliad.gregandeva.net httpd[15406]: You may not use
> >> 'Options +All' or 'Options -All'.
>
> Edit your mythweb.conf, go to line 30 and change it to:
>
> Options -All +FollowSymLinks +IncludesNoExecOptions


That is already what is at line 30.

I tried just using "Options +FollowSymLinks +IncludesNoExec". That
allows Apache to start, but now I get a 404 not found response (without
anything in the error_log after the startup message, the access_log does
show the access to /mythweb). I am going to have to spend some time on
this when I get home from work, to figure out all the changes that have
to be made from the default mythweb.conf file. I ran a diff between the
0.27-supplied file and my old one, and there are a significant number of
changes, so I need a block of time to review them.

--Greg


_______________________________________________
mythtv-users mailing list
mythtv-users@mythtv.org
http://www.mythtv.org/mailman/listinfo/mythtv-users
Re: Mythweb - PHP Fatal Error [ In reply to ]
> > Edit your mythweb.conf, go to line 30 and change it to:
> >
> > Options -All +FollowSymLinks +IncludesNoExecOptions
>
>
> That is already what is at line 30.
>
> I tried just using "Options +FollowSymLinks +IncludesNoExec".

I also just deleted the -All part. Some error message about -All and +All being deprecated which then causes the apache config tester to fail the mythweb.conf file and fail to load Apache. Just removing the -All part worked for me (well at least I haven't yet identified what removing it has caused to break).
Re: Mythweb - PHP Fatal Error [ In reply to ]
On Thu, 2013-12-19 at 20:21 -0500, Jerry wrote:
> On Thu, Dec 19, 2013 at 7:38 PM, Doug Lytle <support@drdos.info>
> wrote:
> Greg Woods wrote:
> > [Thu Dec 19 09:07:25.819469 2013] [:error] [pid 16678]
> [client
> > 192.168.1.32:54260] PHP Warning: Unknown: function '0' not
> found or
> > invalid function name in Unknown on line 0, referer:
> > http://mongoliad.gregandeva.net/mythweb/
>
> Google points to this:
>
> http://code.mythtv.org/trac/ticket/10504
>
>
> The patch attached to the ticket below worked for me. The one above
> wiped out most of the errors, and this took care of the rest. It only
> involves adding/commenting out a few lines in mythweb.conf, so it's
> easy to apply.
>
> The ticket does say that the error was fixed 9 months ago, so YMMV.
>
> http://code.mythtv.org/trac/ticket/11277

Applying the patch from 11277 took care of the error messages but it was
still not working. Then...

AAAAUUUGH! After wasting at least two hours on this, it turned out to be
&*#(@=)Z#!B!&$+! selinux. I routinely turn this off to avoid exactly
this kind of mostly silent failure, but I forgot to do that on this
install. Now that selinux is set to disabled, all is well. Thanks guys
for your help.

--Greg



_______________________________________________
mythtv-users mailing list
mythtv-users@mythtv.org
http://www.mythtv.org/mailman/listinfo/mythtv-users
Re: Mythweb - PHP Fatal Error [ In reply to ]
Greg Woods wrote:
> Now that selinux is set to disabled, all is well.

Doesn't it just bite! Had that happen to me on other projects.

Doug

--
Ben Franklin quote:

"Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety."

_______________________________________________
mythtv-users mailing list
mythtv-users@mythtv.org
http://www.mythtv.org/mailman/listinfo/mythtv-users
Re: Mythweb - PHP Fatal Error [ In reply to ]
On Sun, Dec 22, 2013 at 2:17 PM, Greg Woods <greg@gregandeva.net> wrote:
>
> AAAAUUUGH! After wasting at least two hours on this, it turned out to be
> &*#(@=)Z#!B!&$+! selinux. I routinely turn this off to avoid exactly
> this kind of mostly silent failure, but I forgot to do that on this
> install. Now that selinux is set to disabled, all is well. Thanks guys
> for your help.
>
> --Greg
>

OMG...don't even get me started on that thing. Over the years I've
come to believe that the sole purpose of selinux is to make you feel
guilty that you "should" be running it but can't because it
mysteriously breaks stuff in a way that can only be fixed by someone
with a PHD in selinux :D. One of my first experiences with it many
years ago was when for no reason (with a perfectly configured apache)
it would only allow php scripts to run in the root or the web server
but NOT in any sub-directories. From what I recall (though I try not
to) debugging it will about make you run into the distance crying for
a sendmail.cf file to play with...

Tom
_______________________________________________
mythtv-users mailing list
mythtv-users@mythtv.org
http://www.mythtv.org/mailman/listinfo/mythtv-users
Re: Mythweb - PHP Fatal Error [ In reply to ]
On 12/23/2013 07:01 PM, Tom Dexter wrote:
> On Sun, Dec 22, 2013 at 2:17 PM, Greg Woods <greg@gregandeva.net> wrote:
>>
>> AAAAUUUGH! After wasting at least two hours on this, it turned out to be
>> &*#(@=)Z#!B!&$+! selinux. I routinely turn this off to avoid exactly
>> this kind of mostly silent failure, but I forgot to do that on this
>> install. Now that selinux is set to disabled, all is well. Thanks guys
>> for your help.
>>
>> --Greg
>>
>
> OMG...don't even get me started on that thing. Over the years I've
> come to believe that the sole purpose of selinux is to make you feel
> guilty that you "should" be running it but can't because it
> mysteriously breaks stuff in a way that can only be fixed by someone
> with a PHD in selinux :D. One of my first experiences with it many
> years ago was when for no reason (with a perfectly configured apache)
> it would only allow php scripts to run in the root or the web server
> but NOT in any sub-directories. From what I recall (though I try not
> to) debugging it will about make you run into the distance crying for
> a sendmail.cf file to play with...

From what I remember, SELinux was invented by NSA to improve the level of
security by making it more granular that standard Unix. Of course, Edward
Snowden is a perfect example of how well that works! Once someone has the
administrative password, all bets are off.

Larry


_______________________________________________
mythtv-users mailing list
mythtv-users@mythtv.org
http://www.mythtv.org/mailman/listinfo/mythtv-users
Re: Mythweb - PHP Fatal Error [ In reply to ]
On 12/23/13, 8:46 PM, Larry Finger wrote:
> On 12/23/2013 07:01 PM, Tom Dexter wrote:
>> On Sun, Dec 22, 2013 at 2:17 PM, Greg Woods <greg@gregandeva.net> wrote:
>>>
>>> AAAAUUUGH! After wasting at least two hours on this, it turned out
>>> to be
>>> &*#(@=)Z#!B!&$+! selinux. I routinely turn this off to avoid exactly
>>> this kind of mostly silent failure, but I forgot to do that on this
>>> install. Now that selinux is set to disabled, all is well. Thanks guys
>>> for your help.
>>>
>>> --Greg
>>>
>>
>> OMG...don't even get me started on that thing. Over the years I've
>> come to believe that the sole purpose of selinux is to make you feel
>> guilty that you "should" be running it but can't because it
>> mysteriously breaks stuff in a way that can only be fixed by someone
>> with a PHD in selinux :D. One of my first experiences with it many
>> years ago was when for no reason (with a perfectly configured apache)
>> it would only allow php scripts to run in the root or the web server
>> but NOT in any sub-directories. From what I recall (though I try not
>> to) debugging it will about make you run into the distance crying for
>> a sendmail.cf file to play with...
>
> From what I remember, SELinux was invented by NSA to improve the level
> of security by making it more granular that standard Unix. Of course,
> Edward Snowden is a perfect example of how well that works! Once
> someone has the administrative password, all bets are off.
>
> Larry
>
>
> _______________________________________________
It was part of an NSA project to educate programmers about how to write
a trusted operating system. Can't recall which contractor handled it
back then.
The end result was more like a program designed to generate the most
profanity possible in the shortest amount of time possible. ;)

http://www.nsa.gov/research/selinux/index.shtml

Now, it'll be baking my noodle all night remembering what outfit
contracted to work on SELinux. I was on the mailing list for it back
when it was still all shiny and new.

_______________________________________________
mythtv-users mailing list
mythtv-users@mythtv.org
http://www.mythtv.org/mailman/listinfo/mythtv-users
Re: Mythweb - PHP Fatal Error [ In reply to ]
On Mon, 2013-12-23 at 21:21 -0500, Stephen P. Villano wrote:

> > From what I remember, SELinux was invented by NSA to improve the level
> > of security by making it more granular that standard Unix.

Mostly, yes. It was intended to provide a framework for precisely
defining what a given program should be allowed to do (and thereby
preventing it from doing things that it has no business doing), usually
programs that had to run as root. In those days, buffer overflows
against root daemons (such as named) was the most common way of breaking
into systems. Overflow a buffer on the stack, and cause the daemon to
exec a root shell. Selinux prevents that by not granting named
permissions it does not need to do its job (such as the ability to exec
a new program).

I don't know that Selinux really requires a PhD to write policies :-)
But it does require more knowledge and more work than the average
sysadmin has time for. And I have always questioned the idea of having
it turned on by default. It can be useful in an environment where
security is critically important on servers that are directly exposed to
bad guys, but for a home desktop behind a firewall, it's overkill, and
it makes it very difficult to run anything that isn't part of the
standard distribution (or to use anything that *is* part of the standard
distribution in a way that is perfectly valid but was not anticipated by
the developers). So I almost always turn it off as the first thing I do
after a new install, but I forgot this time and caused myself (and
others who were trying to help me) to waste a bunch of time.

If someone is running a Red Hat-derived distro and they are reporting a
mysterious problem, instead of asking them if they've tried turning it
off and back on again, Roy should ask instead if they are running
Selinux :-)

--Greg


_______________________________________________
mythtv-users mailing list
mythtv-users@mythtv.org
http://www.mythtv.org/mailman/listinfo/mythtv-users
Re: Mythweb - PHP Fatal Error [ In reply to ]
On Thu, Dec 26, 2013 at 5:21 PM, Greg Woods <greg@gregandeva.net> wrote:
> ... but for a home desktop behind a firewall, it's overkill,

I presume you meant to say on a home desktop with
airgap separation. The way most people use firewalls
by inviting the "bad stuff" in via browsing and downloads,
a firewall is not the magic solution some might want
(in at least one (bad?) vampire movie, the mythology
said that once you invite the vampire into your house,
you are powerless; Browsing the 'net (downloading
content) is inviting them in.)
_______________________________________________
mythtv-users mailing list
mythtv-users@mythtv.org
http://www.mythtv.org/mailman/listinfo/mythtv-users
Re: Mythweb - PHP Fatal Error [ In reply to ]
On 12/26/13, 10:48 PM, Gary Buhrmaster wrote:
> On Thu, Dec 26, 2013 at 5:21 PM, Greg Woods <greg@gregandeva.net> wrote:
>> ... but for a home desktop behind a firewall, it's overkill,
> I presume you meant to say on a home desktop with
> airgap separation. The way most people use firewalls
> by inviting the "bad stuff" in via browsing and downloads,
> a firewall is not the magic solution some might want
> (in at least one (bad?) vampire movie, the mythology
> said that once you invite the vampire into your house,
> you are powerless; Browsing the 'net (downloading
> content) is inviting them in.)
> _______________________________________________
>
True, we lost a server admin because he violated policy by reading his
Gmail on a server console.
At least he didn't have access to a domain controller to do that, for
then he'd have invited the evil spirits into the holy of holies. For
then he would have had to be smitten immediately with the mightiest of
poxes.
_______________________________________________
mythtv-users mailing list
mythtv-users@mythtv.org
http://www.mythtv.org/mailman/listinfo/mythtv-users

1 2  View All