Staging for a rollout of EL 6, and ran into a very strange permissions issue with xinetd that defies all (my) logic.
It's a script called "spfiled" that we use for messaging between our server cluster servers. I'm trying to get it to run with "least permissions necessary". Because it reads/writes files in conjunction with a web-based service, it runs as user "apache".
Here's my xinet.d/spfiled.conf: (this is in dev, each developer has his own number) #################### spfiled.conf ################## service spfiled461 { socket_type = stream wait = no user = apache group = apache server = /path/to/filed.php protocol = tcp disable = no bind = 192.168.3.2 port = 12461 banner_fail = /path/to/banner_fail.txt cps = 10000 0 max_load = 10.0 } #################### spfiled.conf ##################
Here's the permissions of the script: # ls -laFd /path/to/filed.php -rwxr-xr-- 1 bens apache 18042 Jan 7 2011 filed.php
When I restart xinetd, I see in system log: #################### /var/log/messages ################## Jul 18 16:32:25 bender xinetd[17830]: Server /path/to/filed.php is not executable [file=/etc/xinetd.d/spfiled461] [line=11] Jul 18 16:32:25 bender xinetd[17830]: Error parsing attribute server - DISABLING SERVICE [file=/etc/xinetd.d/spfiled461] [line=11]
I've turned off SELinux completely. # setenforce 0;
Strangely, setting permissions to o+x and it starts up fine, but I don't want to leave permissions that open.
What am I missing?