Koozali.org: home of the SME Server

Re: SME Sever-Manager fails login with Can't exec "/usr/bin/pwauth": Permission denied

Offline waldviertler

  • ***
  • 107
  • +0/-0
I have the same problem. A fresh install BUT I used the console restore, to restore from 9.2 Backup.

I get "Invalid username or password." but I am sure the username and the password are correct. I typed the pw in editor and pasted it.

What can I do?

THanks in advice.
Martin

Offline Jean-Philippe Pialasse

  • *
  • 2,746
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
is the username admin?

if not, the username is not correct.

Offline waldviertler

  • ***
  • 107
  • +0/-0
Yes, the user is "admin".



Offline TerryF

  • grumpy old man
  • *
  • 1,821
  • +6/-0
I typed the pw in editor and pasted it.

Can you explain this please, what editor and why not just type into server-manager directly?
--
qui scribit bis legit

Offline waldviertler

  • ***
  • 107
  • +0/-0
The situation is:
I use Chrome to log in at the server manager since long time ago. Usually I only have to type the a from admin and auto fill in appears with username and pw. So I tried this a few times, then typed the password in and since there are no visible letters I typed the server password in the microsoft editor and pasted it to the pw field - just to make sure I typed it correctly. (I tried other browsers also.)
So after typing in username and pw and clicking on login, the fields are empty and above the field appears "Invalid username or password."
I use the SME-server since 1999 an I am pretty sure, how to use the login to the server-manager.

Martin

Offline ReetP

  • *
  • 3,722
  • +5/-0
Have you tried a ssh login?

If you use ssh keys as you should, then you should be able login and reset your password.

You can then also check the logs for login errors too.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline waldviertler

  • ***
  • 107
  • +0/-0
the login works  on the console on the server and it works well over putty.

I get this in the admin_error_log:

Code: [Select]
[Mon Jun 28 00:16:15.066253 2021] [cgi:error] [pid 15182] [client 127.0.0.1:40130] AH01215: Can't exec "/usr/bin/pwauth": Permission denied at /etc/e-smith/web/common/cgi-bin/login line 56., referer: https://192.168.1.254//server-common/cgi-bin/login?back=https%3a%2f%2f192.168.1.254%2fserver-manager
[Mon Jun 28 00:16:15.066940 2021] [cgi:error] [pid 15182] [client 127.0.0.1:40130] AH01215: Could not open pipe to pwauth: Permission denied at /etc/e-smith/web/common/cgi-bin/login line 58., referer: https://192.168.1.254//server-common/cgi-bin/login?back=https%3a%2f%2f192.168.1.254%2fserver-manager

When I look with chown: the user and the group of /etc/e-smith/web/common/cgi-bin/login is "root".
« Last Edit: June 28, 2021, 12:17:16 AM by waldviertler »

Offline ReetP

  • *
  • 3,722
  • +5/-0
Hmmm. Permission is likely right. Don't try and change it.

Have you got any custom-templates lying about?

Think there is one or more threads here on failure to access server-manager on previous version upgrades.

This is an old one but similar so I'm thinking something you have restored from v9 is giving v10 indigestion.

https://forums.contribs.org/index.php/topic,50179.15.html

Can you check the logs during restore? May be an errror there somewhere.

See here for some command to parse errors:

https://wiki.koozali.org/User_talk:Stephdl

Was it a brand new and fully updated v10 prior to restore?

Have you added any contribs or custom items at all?
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline waldviertler

  • ***
  • 107
  • +0/-0
I don't have any errors seen, while installation.
The version, that I installed, was the download from the website.
Then I restored from my backup, after that I updated SME10.
I added
Dehydrated
phpmyadmin

Thanks
Martin

Offline ReetP

  • *
  • 3,722
  • +5/-0
Can you be a bit more specific please.

Did you test directly after the restore BEFORE you added contribs?

Exactly which contribs did you install and the commands did you use?

Have you any other repos installed?

...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline waldviertler

  • ***
  • 107
  • +0/-0
No, I restored and added deydrated and myphpadmin, after that I checked the server-manager.
I installed both like in wiki suggested:

Code: [Select]
yum install --enablerepo=smecontribs smeserver-phpmyadmin

and

Code: [Select]
yum install smeserver-letsencrypt --enablerepo=smecontribs

Offline TerryF

  • grumpy old man
  • *
  • 1,821
  • +6/-0
Re: can't access the server-manager. refused access : refused to connect.
« Reply #11 on: June 28, 2021, 11:58:51 AM »
OK, just to make sure, anything in
# ls -l /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf

and just poking about, contents of
# ls -l /etc/e-smith/templates/etc/httpd/admin-conf/httpd.conf
--
qui scribit bis legit

Offline waldviertler

  • ***
  • 107
  • +0/-0
Re: can't access the server-manager. refused access : refused to connect.
« Reply #12 on: June 28, 2021, 12:08:01 PM »
This is from my server:

Code: [Select]
[root@www Cal-neu]#  ls -l /etc/e-smith/templates/etc/httpd/admin-conf/httpd.conf
insgesamt 36
-rw-r--r--. 1 root root  667  2. Nov 2006  01localAccessString
-rw-r--r--. 1 root root 4022 19. Mär 04:33 20Manager
-rw-r--r--. 1 root root  250 19. Mär 04:33 20ManagerAuthTKT
-rw-r--r--. 1 root root  215  2. Nov 2006  85DefaultAccess
-rw-r--r--. 1 root root  212  2. Nov 2006  85ServerResourcesAccess
-rw-r--r--. 1 root root  349  2. Nov 2006  90e-smithAccess15brand
-rw-r--r--. 1 root root 1369 19. Mär 04:33 90e-smithAccess15common
-rw-r--r--. 1 root root 1536 19. Mär 04:33 90e-smithAccess20manager
-rw-r--r--. 1 root root  463 19. Mär 04:33 90e-smithAccess20password

[root@www Cal-neu]# ls -l /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf
insgesamt 12
-rw-r--r-- 1 root root  117 22. Jän 2020  75AddTypePlist
-rw-r--r-- 1 root root 2130  5. Dez 2019  92nutupscmon
-rw-r--r-- 1 root root  124  9. Jän 2017  VirtualHosts40ACME

Offline TerryF

  • grumpy old man
  • *
  • 1,821
  • +6/-0
Re: can't access the server-manager. refused access : refused to connect.
« Reply #13 on: June 28, 2021, 12:22:36 PM »
Code: [Select]
[quote author=waldviertler link=topic=54516.msg285645#msg285645 date=1624874881]
This is from my server:
[root@www Cal-neu]# ls -l /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf
insgesamt 12
-rw-r--r-- 1 root root  117 22. Jän 2020  75AddTypePlist
-rw-r--r-- 1 root root 2130  5. Dez 2019  92nutupscmon
-rw-r--r-- 1 root root  124  9. Jän 2017  VirtualHosts40ACME
[/quote]

Delete all and give the httpd service a kick or reboot/reconfig
or better still, move all to a safe place and give the httpd service a kick or reboot/reconfig
--
qui scribit bis legit

Offline TerryF

  • grumpy old man
  • *
  • 1,821
  • +6/-0
--
qui scribit bis legit

Offline waldviertler

  • ***
  • 107
  • +0/-0
Re: can't access the server-manager. refused access : refused to connect.
« Reply #15 on: June 28, 2021, 01:34:46 PM »
I have tried #2 and #3 - but no avail.

Should I delete all files from 2006?

Code: [Select]
[root@www Cal-neu]#  ls -l /etc/e-smith/templates/etc/httpd/admin-conf/httpd.conf
insgesamt 36
-rw-r--r--. 1 root root  667  2. Nov 2006  01localAccessString
-rw-r--r--. 1 root root  215  2. Nov 2006  85DefaultAccess
-rw-r--r--. 1 root root  212  2. Nov 2006  85ServerResourcesAccess
-rw-r--r--. 1 root root  349  2. Nov 2006  90e-smithAccess15brand

Offline TerryF

  • grumpy old man
  • *
  • 1,821
  • +6/-0
Re: can't access the server-manager. refused access : refused to connect.
« Reply #16 on: June 28, 2021, 01:58:58 PM »
No, was just ensuring they were there..

Just the removal of the custom template ones is sufficent..

Did you attempt to restart httpd?

Or do a reconfig and reboot?
--
qui scribit bis legit

Offline TerryF

  • grumpy old man
  • *
  • 1,821
  • +6/-0
Re: can't access the server-manager. refused access : refused to connect.
« Reply #17 on: June 28, 2021, 02:00:22 PM »
What is result of 
#  systemctl status httpd-e-smith.service

--
qui scribit bis legit

Offline waldviertler

  • ***
  • 107
  • +0/-0
Re: can't access the server-manager. refused access : refused to connect.
« Reply #18 on: June 28, 2021, 02:13:34 PM »
I have done a restart of httpd, but no reconfig and reboot.
I'll try these next.

This is the result of 
systemctl status httpd-e-smith.service

Code: [Select]
[root@www ~]# systemctl status httpd-e-smith.service
● httpd-e-smith.service - httpd-e-smith The Koozali SME Server Apache HTTP Service
   Loaded: loaded (/usr/lib/systemd/system/httpd-e-smith.service; enabled; vendor preset: enabled)
   Active: active (running) since Mon 2021-06-28 14:10:34 CEST; 12s ago
     Docs: man:httpd(8)
           man:apachectl(8)
  Process: 26798 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS)
  Process: 26828 ExecStartPre=/sbin/e-smith/systemd/httpd-e-smith-prepare (code=exited, status=0/SUCCESS)
  Process: 26824 ExecStartPre=/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf (code=exited, status=0/SUCCESS)
  Process: 26818 ExecStartPre=/sbin/e-smith/service-status httpd-e-smith (code=exited, status=0/SUCCESS)
 Main PID: 26833 (/usr/sbin/httpd)
   Status: "Total requests: 26; Current requests/sec: 2.89; Current traffic:  28KB/sec"
   Memory: 18.3M
   CGroup: /system.slice/httpd-e-smith.service
           ├─26833 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
           ├─26834 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
           ├─26835 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
           ├─26836 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
           ├─26837 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
           ├─26838 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
           ├─26839 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
           ├─26840 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
           ├─26841 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
           ├─26842 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
           ├─26843 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
           ├─26844 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
           ├─26845 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
           ├─26846 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
           ├─26847 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
           ├─26848 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
           ├─26849 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
           └─26850 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND

Jun 28 14:10:33 www.pdorf.at systemd[1]: Starting httpd-e-smith The Koozali SME Server Apache HTTP Service...
Jun 28 14:10:34 www.pdorf.at systemd[1]: Started httpd-e-smith The Koozali SME Server Apache HTTP Service.
[root@www ~]#

In the meantime I have done:
Code: [Select]
signal-event post-upgrade
signal-event reboot
But also no avail.
« Last Edit: June 28, 2021, 02:38:58 PM by waldviertler »

Offline TerryF

  • grumpy old man
  • *
  • 1,821
  • +6/-0
Re: can't access the server-manager. refused access : refused to connect.
« Reply #19 on: June 28, 2021, 03:31:52 PM »
stumped, reached my limit..need one of the samrt guys to chime in here
--
qui scribit bis legit

Offline Jean-Philippe Pialasse

  • *
  • 2,746
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: can't access the server-manager. refused access : refused to connect.
« Reply #20 on: June 28, 2021, 07:57:22 PM »
This is from my server:

Code: [Select]
[root@www Cal-neu]#  ls -l /etc/e-smith/templates/etc/httpd/admin-conf/httpd.conf
insgesamt 36
-rw-r--r--. 1 root root  667  2. Nov 2006  01localAccessString
-rw-r--r--. 1 root root 4022 19. Mär 04:33 20Manager
-rw-r--r--. 1 root root  250 19. Mär 04:33 20ManagerAuthTKT
-rw-r--r--. 1 root root  215  2. Nov 2006  85DefaultAccess
-rw-r--r--. 1 root root  212  2. Nov 2006  85ServerResourcesAccess
-rw-r--r--. 1 root root  349  2. Nov 2006  90e-smithAccess15brand
-rw-r--r--. 1 root root 1369 19. Mär 04:33 90e-smithAccess15common
-rw-r--r--. 1 root root 1536 19. Mär 04:33 90e-smithAccess20manager
-rw-r--r--. 1 root root  463 19. Mär 04:33 90e-smithAccess20password

[root@www Cal-neu]# ls -l /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf
insgesamt 12
-rw-r--r-- 1 root root  117 22. Jän 2020  75AddTypePlist
-rw-r--r-- 1 root root 2130  5. Dez 2019  92nutupscmon
-rw-r--r-- 1 root root  124  9. Jän 2017  VirtualHosts40ACME


you are not systematic here and are just looking at random place.
not being systematic increases risk or adding more problems and not seeing where is the original problem

on httpd-admin you check templates and on httpd-e-smith you check the templates-custom.

please just paste the result of

/sbin/e-smith/audittools/templates


and

systemctl status -l httpd-admin


also by unable to login with admin password, I start to understand there you are not even able to get the login page while you can access the ibays ?

Offline Jean-Philippe Pialasse

  • *
  • 2,746
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
please report

rpm -q pwauth

should be pwauth-2.3.10-10.el7.sme.x86_64 or else you got into trouble there. 

also how did you install SME 10 ? from 10.0 final iso? from previous iso? from a centos box using sme2centos?

is it fully updated with yum update ?

is there any extra repo configured ? what gives:

/sbin/e-smith/audittools/repositories

Offline waldviertler

  • ***
  • 107
  • +0/-0
Re: can't access the server-manager. refused access : refused to connect.
« Reply #22 on: June 28, 2021, 09:08:19 PM »
Thank you for your time.

/sbin/e-smith/audittools/templates
Code: [Select]
/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/40DenyRiffRaff: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/sudoers/30nut: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/sudoers/10sudoers: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/ups/upssched.conf/01CONFIG: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/ups/upsmon.conf/NOTIFYCMD: MANUALLY_ADDED, OVERRIDE
/etc/e-smith/templates-custom/etc/dar/DailyBackup.dcf/41go-into: MANUALLY_ADDED, ADDITION

systemctl status -l httpd-admin :
Code: [Select]
● httpd-admin.service - httpd-admin The Koozali SME Server Server-Manager web service
   Loaded: loaded (/usr/lib/systemd/system/httpd-admin.service; enabled; vendor preset: enabled)
   Active: active (running) since Mon 2021-06-28 14:32:49 CEST; 6h ago
     Docs: man:httpd(8)
           man:apachectl(8)
 Main PID: 7769 (httpd)
   Status: "Total requests: 11; Current requests/sec: 0; Current traffic:   0 B/sec"
   Memory: 1.7M
   CGroup: /system.slice/httpd-admin.service
           ├─ 7769 /usr/sbin/httpd -f /etc/httpd/admin-conf/httpd.conf -DFOREGROUND
           ├─ 7809 /usr/sbin/httpd -f /etc/httpd/admin-conf/httpd.conf -DFOREGROUND
           ├─10204 /usr/sbin/httpd -f /etc/httpd/admin-conf/httpd.conf -DFOREGROUND
           └─10218 /usr/sbin/httpd -f /etc/httpd/admin-conf/httpd.conf -DFOREGROUND

Jun 28 14:32:48 www.pdorf.at systemd[1]: Starting httpd-admin The Koozali SME Server Server-Manager web service...
Jun 28 14:32:49 www.pdorf.at systemd[1]: Started httpd-admin The Koozali SME Server Server-Manager web service.
[root@www ~]#

I can get the login page, and I can also access the ibays.



Offline Jean-Philippe Pialasse

  • *
  • 2,746
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: can't access the server-manager. refused access : refused to connect.
« Reply #23 on: June 28, 2021, 09:36:13 PM »
please provide content of the following command while trying to login

Code: [Select]
tail -f /var/log/httpd/admin_error_log

Offline TerryF

  • grumpy old man
  • *
  • 1,821
  • +6/-0
Re: can't access the server-manager. refused access : refused to connect.
« Reply #24 on: June 28, 2021, 10:11:47 PM »
again, need to stick with my small area of activity, testing
--
qui scribit bis legit

Offline waldviertler

  • ***
  • 107
  • +0/-0
Re: can't access the server-manager. refused access : refused to connect.
« Reply #25 on: June 28, 2021, 10:39:56 PM »
This is the content of
Code: [Select]
tail -f /var/log/httpd/admin_error_log while trying to login:

Code: [Select]
[Mon Jun 28 22:38:26.439424 2021] [cgi:error] [pid 7809] [client 127.0.0.1:47002] AH01215: Can't exec "/usr/bin/pwauth": Permission denied at /etc/e-smith/web/common/cgi-bin/login line 56., referer: https://192.168.1.254/server-common/cgi-bin/login?redirect=1&back=https%3A%2F%2F192.168.1.254%2Fserver-manager
[Mon Jun 28 22:38:26.440051 2021] [cgi:error] [pid 7809] [client 127.0.0.1:47002] AH01215: Could not open pipe to pwauth: Permission denied at /etc/e-smith/web/common/cgi-bin/login line 58., referer: https://192.168.1.254/server-common/cgi-bin/login?redirect=1&back=https%3A%2F%2F192.168.1.254%2Fserver-manager
« Last Edit: June 28, 2021, 10:50:58 PM by waldviertler »

Offline waldviertler

  • ***
  • 107
  • +0/-0
rpm -q pwauth:

Code: [Select]
pwauth-2.3.10-10.el7.sme.x86_64
I installed SME10 with "smeserver-10.0-x86_64.iso" that I downloaded from: http://mirror.pialasse.com/releases/10/iso/x86_64/

I burned the iso on a DVD and installed it in text mode.

I have all available updates installed.

/sbin/e-smith/audittools/repositories gives:
Code: [Select]
base: enabled
centosplus: disabled
epel: disabled
extras: disabled
fasttrack: disabled
fws: disabled
remi-safe: enabled
smeaddons: enabled
smecontribs: disabled
smedev: disabled
smeextras: enabled
smeos: enabled
smetest: disabled
smeupdates: enabled
smeupdates-testing: disabled
stephdl: disabled
testing: disabled
updates: enabled

« Last Edit: June 28, 2021, 11:00:57 PM by waldviertler »

Offline waldviertler

  • ***
  • 107
  • +0/-0
I chownd
Code: [Select]
/usr/bin/pwauth
from root apache to root www - and now I can login to the server-manager!

Thank you for your time!

Offline Jean-Philippe Pialasse

  • *
  • 2,746
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
but we will never know why...  checked on 2 fresh install and pwauth is with correct permission. 

how did you restore ?

Offline waldviertler

  • ***
  • 107
  • +0/-0
After installing SME10 it asked if I wanted to restore....

But now after

Code: [Select]
signal-event post-upgrade
signal-event reboot

chown is back to root apache.

How can I change this to root www permanently?


Offline Jean-Philippe Pialasse

  • *
  • 2,746
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: can't access the server-manager. refused access : refused to connect.
« Reply #30 on: June 29, 2021, 01:11:44 AM »
please give the result of

Code: [Select]
ll /usr/bin/pwauth

rpm -q pwauth
rpm -V pwauth


then do
Code: [Select]
rpm —setugids pwauth
rpm —setperms pwauth



Offline waldviertler

  • ***
  • 107
  • +0/-0
Re: can't access the server-manager. refused access : refused to connect.
« Reply #31 on: June 29, 2021, 01:48:04 AM »
Code: [Select]
[root@www ~]# ll /usr/bin/pwauth
-rwsr-x---. 1 root apache 11272 12. Apr 2016  /usr/bin/pwauth
[root@www ~]#
[root@www ~]# rpm -q pwauth
pwauth-2.3.10-10.el7.sme.x86_64
[root@www ~]# rpm -V pwauth
SM5....T.    /etc/pam.d/pwauth

And after that I have done:
Code: [Select]
rpm -setugids pwauth
rpm -setperms pwauth


Offline waldviertler

  • ***
  • 107
  • +0/-0
Re: can't access the server-manager. refused access : refused to connect.
« Reply #32 on: June 29, 2021, 01:53:41 AM »
Still the same thing.
Have to change from root apache to root www -> then I have access.
« Last Edit: June 29, 2021, 01:55:57 AM by waldviertler »

Offline Jean-Philippe Pialasse

  • *
  • 2,746
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: can't access the server-manager. refused access : refused to connect.
« Reply #33 on: June 29, 2021, 03:47:41 AM »
there is an issue in your install. www and apache should be the same user
chown root:www is not the solution even if you got access back. you will have a lot more hidden issues

grep apache /etc/passwd
grep www /etc/passwd

Offline waldviertler

  • ***
  • 107
  • +0/-0
Re: can't access the server-manager. refused access : refused to connect.
« Reply #34 on: June 29, 2021, 09:37:37 AM »
[root@www ~]# grep apache /etc/passwd
Code: [Select]
apache:x:102:102:Apache:/var/www:/sbin/nologin[root@www ~]# grep www /etc/passwd
Code: [Select]
apache:x:102:102:Apache:/var/www:/sbin/nologin
www:x:102:102:SME Server web server:/home/e-smith:/bin/false

Offline Jean-Philippe Pialasse

  • *
  • 2,746
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: can't access the server-manager. refused access : refused to connect.
« Reply #35 on: June 29, 2021, 12:01:04 PM »
grep apache /etc/group

Offline waldviertler

  • ***
  • 107
  • +0/-0
Re: can't access the server-manager. refused access : refused to connect.
« Reply #36 on: June 29, 2021, 12:18:13 PM »
grep apache /etc/group
Code: [Select]
apache:x:102:

Offline Jean-Philippe Pialasse

  • *
  • 2,746
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
ok,
first thing I managed to split the two topics correctly, so we will be at ease now to focus on your issue : pwauth

this one should give the full picture:
Code: [Select]
grep 102 /etc/passwd /etc/group

Offline waldviertler

  • ***
  • 107
  • +0/-0
Thanks!

grep 102 /etc/passwd /etc/group
Code: [Select]
/etc/passwd:apache:x:102:102:Apache:/var/www:/sbin/nologin
/etc/passwd:www:x:102:102:SME Server web server:/home/e-smith:/bin/false
/etc/group:apache:x:102:

Offline Jean-Philippe Pialasse

  • *
  • 2,746
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
  • you are missing a group, or www group has an incorrect gid
  • expected order in passwd is reversed


Code: [Select]
# grep 102 /etc/passwd /etc/shadow /etc/group
/etc/passwd:www:x:102:102:SME Server web server:/home/e-smith:/bin/false
/etc/passwd:apache:x:102:102:Apache:/var/www:/sbin/nologin
/etc/group:www:x:102:admin
/etc/group:apache:x:102:


first thing first :
Code: [Select]
grep www /etc/group

Offline waldviertler

  • ***
  • 107
  • +0/-0
grep www /etc/group

(I changed here the real user names to user1 and so on, and the real ibay names to ibay1 and so on.)

Code: [Select]
shared:x:500:admin,ibay1,user1,user2,user3,user4,user5,ibay2,ibay3,ibay4,user6,user7,ibay5,public,user8,ibay6,ibay7,user8,sysinfo,user9,uucp,ibay8,user10,www
www:x:104:admin
test:x:5009:admin,user1,user2,user3,user4,www
faxmaster:x:5016:admin,user1,user2,www

Offline Jean-Philippe Pialasse

  • *
  • 2,746
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
ok quite unexpected.

www gid is defined upon installation of base rpm and is set to 102.

are you able to check files from your backup you restored to see what in the /etc/group for www?


also check if this command (which can take a while to run depending on the amount of data you have)

Code: [Select]
find / -group 104
the fix will be to restore the correct gid to www group but first need to see if any files have been incorrectly set.  this could maybe help find the issue and discover if we only need a temp fix for you or need to implement something.

please send the list to security at koozali dot org.



also this command could help see the process of restore if you used console restore

grep ^www -r /var/cache/e-smith/restore/etc/
« Last Edit: June 29, 2021, 10:52:32 PM by Jean-Philippe Pialasse »

Offline waldviertler

  • ***
  • 107
  • +0/-0
I mailed the list.
I have problems with major updates since SME7...
I will check the /etc/group in backup as soon as possible -

grep ^www -r /var/cache/e-smith/restore/etc/

Code: [Select]
/var/cache/e-smith/restore/etc/passwd.1624659034:www:x:102:102:SME Server web server:/home/e-smith:/bin/false
/var/cache/e-smith/restore/etc/shadow.1624659034:www:!!:18803:0:99999:7:::
/var/cache/e-smith/restore/etc/group.1624659034:www:x:102:admin
/var/cache/e-smith/restore/etc/gshadow.1624659034:www:!::admin

Offline Jean-Philippe Pialasse

  • *
  • 2,746
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
this last grep tell me you were correct before migration. this is a copy of the migration process.

the fix

Code: [Select]

groupmod -g 102 www



a last check, you do not want to do the next step if 104 is also in use for something else than www so

Code: [Select]
grep :104: /etc/group

then to fix existing files, i saw in your sent file

Code: [Select]
find / -group 104 -not -path "/proc*" -exec chgrp -h www {} \;
just to be safe i would restart httpd-e-smith first and try to acces horde webmail.  then do a post-upgrade reboot

Offline waldviertler

  • ***
  • 107
  • +0/-0
This is the result from check:

grep :104: /etc/group

Code: [Select]
www:x:104:admin
Is it save to apply the fix?

Offline Jean-Philippe Pialasse

  • *
  • 2,746
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
This is the result from check:

grep :104: /etc/group

Code: [Select]
www:x:104:admin
Is it save to apply the fix?

seems to be.
but always good to have backups ;)

Offline waldviertler

  • ***
  • 107
  • +0/-0
I have done a backup.

groupmod -g 102 www

gives
Code: [Select]
groupmod: GID »102« existiert bereits.
while "existiert bereits" means "exists already".

Is that ok?

Offline waldviertler

  • ***
  • 107
  • +0/-0
I have done this:

Code: [Select]
[root@www ~]# groupmod -g 102 www
groupmod: GID »102« existiert bereits.
[root@www ~]# find / -group 104 -not -path "/proc*" -exec chgrp -h www {} \;
[root@www]# expand-template /etc/httpd/conf/httpd.conf
[root@www]# httpd -t
Syntax OK
[root@www]# systemctl restart httpd-e-smith.service
signal-event post-upgrade
signal-event reboot


When I try to access horde webmail - I got this error in the browser:
A fatal error has occurred
Cannot write to cache directory /var/lib/php/horde/tmp
Details have been logged for the administrator.



Offline Jean-Philippe Pialasse

  • *
  • 2,746
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
ok then what gives now

Code: [Select]
grep ^www /etc/group
ll -d /var/lib/php/horde/tmp

Offline Jean-Philippe Pialasse

  • *
  • 2,746
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
ok forgot the -o option

Code: [Select]
groupmod -o -g 102 www

Offline waldviertler

  • ***
  • 107
  • +0/-0
Fine! It works! (Manager and Horde) Thank you!!!!

I have done:
Code: [Select]
groupmod -o -g 102 www
find / -group 104 -not -path "/proc*" -exec chgrp -h www {} \;
expand-template /etc/httpd/conf/httpd.conf
httpd -t
got:
Syntax OK
Code: [Select]
systemctl restart httpd-e-smith.service
signal-event post-upgrade
signal-event reboot