Jump to content
Froxlor Forum
  • 0
mnt

libnss-mysql work but froxlor users not in www group

Question

Hello,

i have nginx error:

2015/06/28 14:02:28 [crit] 81969#0: *8 stat() "/usr/home/customers/webs/test/aaa.bbb.lt/" failed (13: Permission denied), client: 188.69.22.22, server: aaa.bbb.lt, request: "GET / HTTP/1.1", host:
 "aaa.bbb.lt"

This error exists because /usr/home/customers/webs/test permissions is 0750.

I figure that this error occurs because my froxlor ftp users not in www group:
 
#groups www
www froxlorlocal
 
libnss-mysql i think work  good:
# getent group
.......
froxlorlocal:*:1003:www
vmail:*:2000
test::10000:test,www,froxlorlocal
tnetbalt::10001:tnetbalt,www,froxlorlocal
 
why froxlor users (test and tnetbalt) not exists in www group?
freebsd 10.1
froxlor 0.9.33.1
 

 

Share this post


Link to post
Share on other sites

10 answers to this question

Recommended Posts

  • 0

change in libnss-mysql.cnf from

memsbygid SELECT members FROM ftp_groups WHERE gid='%1$u'

to

memsbygid SELECT username FROM ftp_users WHERE gid='%1$u' UNION SELECT 'www'

 

Share this post


Link to post
Share on other sites
  • 0

Do your froxlor-settings say that the webserver-user's name is "www"? The default would be "www-data"....check ftp_groups to see whether "www(-data)" is in the members-field of the customers.

Share this post


Link to post
Share on other sites
  • 0

In settings:

Webserver user-name : www

Webserver group-name : www

 

in table ftp-groups:

test 10000 test,www,froxlorlocal 1

tnetbaltic 10001 tnetbaltic,www,froxlorlocal,tnetbalticftp1 2

 

Share this post


Link to post
Share on other sites
  • 0

So, www is in the users groups. All good. Double check libnss config and restart nscd, Webserver and fpm

Share this post


Link to post
Share on other sites
  • 0

I use libnss-mysql settings from froxlor configuration.

Today i startup one more freebsd 10.1 server with froxlor and i have the same problem.....

 

my /usr/local/etc/libnss-mysql.cfg :

getpwnam SELECT username, 'x', uid, gid, '0', '', 'MySQL User', homedir, shell, '0' FROM ftp_users WHERE username='%1$s' AND login_enabled = 'Y' LIMIT 1
getpwuid SELECT username, 'x', uid, gid, '0', '', 'MySQL User', homedir, shell, '0' FROM ftp_users WHERE uid='%1$u' AND login_enabled = 'Y' LIMIT 1
getpwent SELECT username, 'x', uid, gid, '0', '', 'MySQL User', homedir, shell, '0' FROM ftp_users
getspnam SELECT username, password, '12345', '0', '99999', '7', '', '', '' FROM ftp_users WHERE username='%1$s' LIMIT 1
getspent SELECT username, password, '12345', '0', '99999', '7', '', '', '' FROM ftp_users
getgrnam SELECT groupname, '', gid FROM ftp_groups WHERE groupname='%1$s' LIMIT 1
getgrgid SELECT groupname, '', gid FROM ftp_groups WHERE gid='%1$u' LIMIT 1
getgrent SELECT groupname, '', gid FROM ftp_groups
memsbygid SELECT members FROM ftp_groups WHERE gid='%1$u'
gidsbymem SELECT CONCAT_WS(',', gid) as gid FROM ftp_groups WHERE FIND_IN_SET('%1$s', members)

host 127.0.0.1
database froxlor
username froxlor
password .......
port 3306
timeout 10
compress 0

 

my /usr/local/etc/libnss-mysql-root.cfg :

username        froxlor
password        ..........

 

 

Share this post


Link to post
Share on other sites
  • 0

From froxlor libnss-mysql configuration

Please execute the followings commands in shell:

#sh /etc/rc.d/nscd restart
#nscd --invalidate=group

 

in  freebsd nscd don't have --invalidate

maybe here problem?

 

#man nscd

  The nscd utility recognizes the following runtime options:
     -n      Do not daemonize; nscd will not fork or disconnect itself from
             the terminal.
     -s      Single-threaded mode.  Forces using only one thread for all pro-
             cessing purposes (it overrides the threads parameter in the
             nscd.conf(5) file).
     -t      Trace mode.  All trace messages will be written to stdout.  This
             mode is usually used with -n and -s flags are used for debugging
             purposes.
     -i cachename
             Invalidates personal cache.  When specified, nscd acts as the
             administration tool.  It asks the already running nscd to invali-
             date the specified part of the cache of the calling user.  For
             example, sometimes you may want to invalidate your ``hosts''
             cache.  You can specify ``all'' as the cachename to invalidate
             your personal cache as a whole.  You cannot use this option for
             the cachename for which the perform-actual-lookups option is
             enabled.
     -I cachename
             Invalidates the cache for every user.  When specified, nscd acts
             as the administration tool.  It asks the already running nscd to
             invalidate the specified part of the cache for every user.  You
             can specify ``all'' as the cachename to invalidate the whole
             cache.  Only the root can use this option.
 

Share this post


Link to post
Share on other sites
  • 0

You can try running "nscd --invalidate=group" - it just clears the cache. It's worth a try :)

Share this post


Link to post
Share on other sites
  • 0

# nscd --invalidate=group
nscd: illegal option -- -
usage: nscd [-dnst] [-i cachename] [-I cachename]
 

Share this post


Link to post
Share on other sites
  • 0

read your help screen:

-i cachename
Invalidates personal cache.[...]


Edit: or better even:

nscd -I all

Share this post


Link to post
Share on other sites
  • 0

i try this.

# nscd -I all
M1 from main: daemon PID is 64540
M1 from main: global cache transformation succeeded
 

# groups www
www froxlorlocal
 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Similar Content

    • By FlingeR
      Hi,
      I was trying Froxlor 0.9 in OpenBSD, and there are lots of differences in systems folders, files and commands when you are configurating the daemons.
      *BSD distros are used a lot in web-servers, it would be good for the project to keep this in mind, I can help with
      lib/configfiles/openbsd.xml and with the future Froxlor 2 for assessment in supporting OpenBSD.
      In case of the 0.9 version you should have an "example.xml" file to follow, but I can adapt the gentoo version to make a new one.
      So... offering my help if welcomed.
      FlingeR
    • By tt33tt
      Hallo alle zusammen,
       
      ich will suexec entsprechend der Anleitung http://redmine.froxlor.org/projects/froxlor/wiki/FCGID_-_Handbuch einrichten.
      Dort wird gesagt, ich müsse libnss-mysql installieren. In Ubuntu kommt aber die Meldung, dass es das nicht mehr gibt.
      Kann ich libnss-mysql durch libnss-mysql-bg ersetzen oder muss dafür das Konfigurationsskript in Froxlor geändert werden (Konfiguration >> Distribution >> Sonstige (System) >> libnss (system login with mysql)?
       
      Thx
    • By e-e
      Hallo ihr Froxlor Freunde!
       
      Ich wollte mal dazent nachfragen, woran es bei der FreeBSD Portversion hakt - wir sind da immernoch bei 0.9.33.2 - warum "hängt" das so lange zurück?
       
      Kann man helfen, damit es zeitnaher auch dahin portiert wird?
       
      Danke
      e-e
    • By v3ng
      Hallo, 
       
      Folgendes Problem, ich wollte gerade meine komplette Owncloud Instanz löschen. FTP meldet jedoch bei einem Ordner ("lib"), dass er keine Rechte hätte. Das Verzeichnis hat genau die selben Rechte sowie Owner, wie andere Verzeichnisse auch, welche ich ohne Probleme löschen kann. 
      Via Shell als selbiger Nutzer funktioniert es ohne Probleme. Nur via FTP klappt es nicht. 
      Genutzt wird ProFTPd. 
       
      Über Hilfe bin ich sehr Dankbar.
       
      Schönes Wochenende!
    • By hale-xp
      Hi all!
       
      First off all, thx a lot for this superior admin panel, i love it!
       
      The setup under Debian7 wheezy was straight forward and I am very happy to have gone for froxlor.
       
      There was only one problem: I wasn't able to receive E-Mail, sending did work.
      The /var/log/mail.log:
      Sep 23 19:12:28 hostname postfix/pipe[8552]: 692BX34A21W: to=<mail@address.tld>, relay=dovecot, delay=155993, delays=155993/0.02/0/0.08, dsn=4.3.0, status=deferred (temporary failure. Command output: doveconf: Fatal: open(/etc/dovecot/dovecot.conf) failed: Permission denied ) Like it says in the froxlor config i did:
      chmod 0640 "/etc/dovecot/dovecot.conf" chown root:root "/etc/dovecot/dovecot.conf" This wouldn't work and gives the posted fatal error. :-(
       
      My solution so far is:
      change the permission from 640 to 644 and leave the chown as it suggests in the config.
      Also i changed permission of all files in /etc/dovecot/conf.d/ to 644 as well, leaving the owner and group as it was.
       
      After restarting postfix and dovecot everything works here! :-)
       
      I am not sure if this is a good fix and would be glad to hear what you think about it.
       
      Have a nice day and all the best,
       
      hale-xp
×
×
  • Create New...