Jump to content
Froxlor Forum
  • 0

libnss-mysql work but froxlor users not in www group


mnt

Question

Hello,

i have nginx error:

2015/06/28 14:02:28 [crit] 81969#0: *8 stat() "/usr/home/customers/webs/test/aaa.bbb.lt/" failed (13: Permission denied), client: 188.69.22.22, server: aaa.bbb.lt, request: "GET / HTTP/1.1", host:
 "aaa.bbb.lt"

This error exists because /usr/home/customers/webs/test permissions is 0750.

I figure that this error occurs because my froxlor ftp users not in www group:
 
#groups www
www froxlorlocal
 
libnss-mysql i think work  good:
# getent group
.......
froxlorlocal:*:1003:www
vmail:*:2000
test::10000:test,www,froxlorlocal
tnetbalt::10001:tnetbalt,www,froxlorlocal
 
why froxlor users (test and tnetbalt) not exists in www group?
freebsd 10.1
froxlor 0.9.33.1
 

 

Link to comment
Share on other sites

10 answers to this question

Recommended Posts

change in libnss-mysql.cnf from

memsbygid SELECT members FROM ftp_groups WHERE gid='%1$u'

to

memsbygid SELECT username FROM ftp_users WHERE gid='%1$u' UNION SELECT 'www'

 

Link to comment
Share on other sites

Do your froxlor-settings say that the webserver-user's name is "www"? The default would be "www-data"....check ftp_groups to see whether "www(-data)" is in the members-field of the customers.

Link to comment
Share on other sites

In settings:

Webserver user-name : www

Webserver group-name : www

 

in table ftp-groups:

test 10000 test,www,froxlorlocal 1

tnetbaltic 10001 tnetbaltic,www,froxlorlocal,tnetbalticftp1 2

 

Link to comment
Share on other sites

I use libnss-mysql settings from froxlor configuration.

Today i startup one more freebsd 10.1 server with froxlor and i have the same problem.....

 

my /usr/local/etc/libnss-mysql.cfg :

getpwnam SELECT username, 'x', uid, gid, '0', '', 'MySQL User', homedir, shell, '0' FROM ftp_users WHERE username='%1$s' AND login_enabled = 'Y' LIMIT 1
getpwuid SELECT username, 'x', uid, gid, '0', '', 'MySQL User', homedir, shell, '0' FROM ftp_users WHERE uid='%1$u' AND login_enabled = 'Y' LIMIT 1
getpwent SELECT username, 'x', uid, gid, '0', '', 'MySQL User', homedir, shell, '0' FROM ftp_users
getspnam SELECT username, password, '12345', '0', '99999', '7', '', '', '' FROM ftp_users WHERE username='%1$s' LIMIT 1
getspent SELECT username, password, '12345', '0', '99999', '7', '', '', '' FROM ftp_users
getgrnam SELECT groupname, '', gid FROM ftp_groups WHERE groupname='%1$s' LIMIT 1
getgrgid SELECT groupname, '', gid FROM ftp_groups WHERE gid='%1$u' LIMIT 1
getgrent SELECT groupname, '', gid FROM ftp_groups
memsbygid SELECT members FROM ftp_groups WHERE gid='%1$u'
gidsbymem SELECT CONCAT_WS(',', gid) as gid FROM ftp_groups WHERE FIND_IN_SET('%1$s', members)

host 127.0.0.1
database froxlor
username froxlor
password .......
port 3306
timeout 10
compress 0

 

my /usr/local/etc/libnss-mysql-root.cfg :

username        froxlor
password        ..........

 

 

Link to comment
Share on other sites

From froxlor libnss-mysql configuration

Please execute the followings commands in shell:

#sh /etc/rc.d/nscd restart
#nscd --invalidate=group

 

in  freebsd nscd don't have --invalidate

maybe here problem?

 

#man nscd

  The nscd utility recognizes the following runtime options:
     -n      Do not daemonize; nscd will not fork or disconnect itself from
             the terminal.
     -s      Single-threaded mode.  Forces using only one thread for all pro-
             cessing purposes (it overrides the threads parameter in the
             nscd.conf(5) file).
     -t      Trace mode.  All trace messages will be written to stdout.  This
             mode is usually used with -n and -s flags are used for debugging
             purposes.
     -i cachename
             Invalidates personal cache.  When specified, nscd acts as the
             administration tool.  It asks the already running nscd to invali-
             date the specified part of the cache of the calling user.  For
             example, sometimes you may want to invalidate your ``hosts''
             cache.  You can specify ``all'' as the cachename to invalidate
             your personal cache as a whole.  You cannot use this option for
             the cachename for which the perform-actual-lookups option is
             enabled.
     -I cachename
             Invalidates the cache for every user.  When specified, nscd acts
             as the administration tool.  It asks the already running nscd to
             invalidate the specified part of the cache for every user.  You
             can specify ``all'' as the cachename to invalidate the whole
             cache.  Only the root can use this option.
 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...