Koozali.org: home of the SME Server

Re: SME Sever-Manager fails login with Can't exec "/usr/bin/pwauth": Permission denied

Offline waldviertler

  • ***
  • 107
  • +0/-0
Re: can't access the server-manager. refused access : refused to connect.
« Reply #15 on: June 28, 2021, 01:34:46 PM »
I have tried #2 and #3 - but no avail.

Should I delete all files from 2006?

Code: [Select]
[root@www Cal-neu]#  ls -l /etc/e-smith/templates/etc/httpd/admin-conf/httpd.conf
insgesamt 36
-rw-r--r--. 1 root root  667  2. Nov 2006  01localAccessString
-rw-r--r--. 1 root root  215  2. Nov 2006  85DefaultAccess
-rw-r--r--. 1 root root  212  2. Nov 2006  85ServerResourcesAccess
-rw-r--r--. 1 root root  349  2. Nov 2006  90e-smithAccess15brand

Offline TerryF

  • grumpy old man
  • *
  • 1,821
  • +6/-0
Re: can't access the server-manager. refused access : refused to connect.
« Reply #16 on: June 28, 2021, 01:58:58 PM »
No, was just ensuring they were there..

Just the removal of the custom template ones is sufficent..

Did you attempt to restart httpd?

Or do a reconfig and reboot?
--
qui scribit bis legit

Offline TerryF

  • grumpy old man
  • *
  • 1,821
  • +6/-0
Re: can't access the server-manager. refused access : refused to connect.
« Reply #17 on: June 28, 2021, 02:00:22 PM »
What is result of 
#  systemctl status httpd-e-smith.service

--
qui scribit bis legit

Offline waldviertler

  • ***
  • 107
  • +0/-0
Re: can't access the server-manager. refused access : refused to connect.
« Reply #18 on: June 28, 2021, 02:13:34 PM »
I have done a restart of httpd, but no reconfig and reboot.
I'll try these next.

This is the result of 
systemctl status httpd-e-smith.service

Code: [Select]
[root@www ~]# systemctl status httpd-e-smith.service
● httpd-e-smith.service - httpd-e-smith The Koozali SME Server Apache HTTP Service
   Loaded: loaded (/usr/lib/systemd/system/httpd-e-smith.service; enabled; vendor preset: enabled)
   Active: active (running) since Mon 2021-06-28 14:10:34 CEST; 12s ago
     Docs: man:httpd(8)
           man:apachectl(8)
  Process: 26798 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS)
  Process: 26828 ExecStartPre=/sbin/e-smith/systemd/httpd-e-smith-prepare (code=exited, status=0/SUCCESS)
  Process: 26824 ExecStartPre=/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf (code=exited, status=0/SUCCESS)
  Process: 26818 ExecStartPre=/sbin/e-smith/service-status httpd-e-smith (code=exited, status=0/SUCCESS)
 Main PID: 26833 (/usr/sbin/httpd)
   Status: "Total requests: 26; Current requests/sec: 2.89; Current traffic:  28KB/sec"
   Memory: 18.3M
   CGroup: /system.slice/httpd-e-smith.service
           ├─26833 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
           ├─26834 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
           ├─26835 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
           ├─26836 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
           ├─26837 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
           ├─26838 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
           ├─26839 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
           ├─26840 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
           ├─26841 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
           ├─26842 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
           ├─26843 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
           ├─26844 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
           ├─26845 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
           ├─26846 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
           ├─26847 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
           ├─26848 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
           ├─26849 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
           └─26850 /usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND

Jun 28 14:10:33 www.pdorf.at systemd[1]: Starting httpd-e-smith The Koozali SME Server Apache HTTP Service...
Jun 28 14:10:34 www.pdorf.at systemd[1]: Started httpd-e-smith The Koozali SME Server Apache HTTP Service.
[root@www ~]#

In the meantime I have done:
Code: [Select]
signal-event post-upgrade
signal-event reboot
But also no avail.
« Last Edit: June 28, 2021, 02:38:58 PM by waldviertler »

Offline TerryF

  • grumpy old man
  • *
  • 1,821
  • +6/-0
Re: can't access the server-manager. refused access : refused to connect.
« Reply #19 on: June 28, 2021, 03:31:52 PM »
stumped, reached my limit..need one of the samrt guys to chime in here
--
qui scribit bis legit

Offline Jean-Philippe Pialasse

  • *
  • 2,747
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: can't access the server-manager. refused access : refused to connect.
« Reply #20 on: June 28, 2021, 07:57:22 PM »
This is from my server:

Code: [Select]
[root@www Cal-neu]#  ls -l /etc/e-smith/templates/etc/httpd/admin-conf/httpd.conf
insgesamt 36
-rw-r--r--. 1 root root  667  2. Nov 2006  01localAccessString
-rw-r--r--. 1 root root 4022 19. Mär 04:33 20Manager
-rw-r--r--. 1 root root  250 19. Mär 04:33 20ManagerAuthTKT
-rw-r--r--. 1 root root  215  2. Nov 2006  85DefaultAccess
-rw-r--r--. 1 root root  212  2. Nov 2006  85ServerResourcesAccess
-rw-r--r--. 1 root root  349  2. Nov 2006  90e-smithAccess15brand
-rw-r--r--. 1 root root 1369 19. Mär 04:33 90e-smithAccess15common
-rw-r--r--. 1 root root 1536 19. Mär 04:33 90e-smithAccess20manager
-rw-r--r--. 1 root root  463 19. Mär 04:33 90e-smithAccess20password

[root@www Cal-neu]# ls -l /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf
insgesamt 12
-rw-r--r-- 1 root root  117 22. Jän 2020  75AddTypePlist
-rw-r--r-- 1 root root 2130  5. Dez 2019  92nutupscmon
-rw-r--r-- 1 root root  124  9. Jän 2017  VirtualHosts40ACME


you are not systematic here and are just looking at random place.
not being systematic increases risk or adding more problems and not seeing where is the original problem

on httpd-admin you check templates and on httpd-e-smith you check the templates-custom.

please just paste the result of

/sbin/e-smith/audittools/templates


and

systemctl status -l httpd-admin


also by unable to login with admin password, I start to understand there you are not even able to get the login page while you can access the ibays ?

Offline Jean-Philippe Pialasse

  • *
  • 2,747
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
please report

rpm -q pwauth

should be pwauth-2.3.10-10.el7.sme.x86_64 or else you got into trouble there. 

also how did you install SME 10 ? from 10.0 final iso? from previous iso? from a centos box using sme2centos?

is it fully updated with yum update ?

is there any extra repo configured ? what gives:

/sbin/e-smith/audittools/repositories

Offline waldviertler

  • ***
  • 107
  • +0/-0
Re: can't access the server-manager. refused access : refused to connect.
« Reply #22 on: June 28, 2021, 09:08:19 PM »
Thank you for your time.

/sbin/e-smith/audittools/templates
Code: [Select]
/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/40DenyRiffRaff: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/sudoers/30nut: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/sudoers/10sudoers: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/ups/upssched.conf/01CONFIG: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/ups/upsmon.conf/NOTIFYCMD: MANUALLY_ADDED, OVERRIDE
/etc/e-smith/templates-custom/etc/dar/DailyBackup.dcf/41go-into: MANUALLY_ADDED, ADDITION

systemctl status -l httpd-admin :
Code: [Select]
● httpd-admin.service - httpd-admin The Koozali SME Server Server-Manager web service
   Loaded: loaded (/usr/lib/systemd/system/httpd-admin.service; enabled; vendor preset: enabled)
   Active: active (running) since Mon 2021-06-28 14:32:49 CEST; 6h ago
     Docs: man:httpd(8)
           man:apachectl(8)
 Main PID: 7769 (httpd)
   Status: "Total requests: 11; Current requests/sec: 0; Current traffic:   0 B/sec"
   Memory: 1.7M
   CGroup: /system.slice/httpd-admin.service
           ├─ 7769 /usr/sbin/httpd -f /etc/httpd/admin-conf/httpd.conf -DFOREGROUND
           ├─ 7809 /usr/sbin/httpd -f /etc/httpd/admin-conf/httpd.conf -DFOREGROUND
           ├─10204 /usr/sbin/httpd -f /etc/httpd/admin-conf/httpd.conf -DFOREGROUND
           └─10218 /usr/sbin/httpd -f /etc/httpd/admin-conf/httpd.conf -DFOREGROUND

Jun 28 14:32:48 www.pdorf.at systemd[1]: Starting httpd-admin The Koozali SME Server Server-Manager web service...
Jun 28 14:32:49 www.pdorf.at systemd[1]: Started httpd-admin The Koozali SME Server Server-Manager web service.
[root@www ~]#

I can get the login page, and I can also access the ibays.



Offline Jean-Philippe Pialasse

  • *
  • 2,747
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: can't access the server-manager. refused access : refused to connect.
« Reply #23 on: June 28, 2021, 09:36:13 PM »
please provide content of the following command while trying to login

Code: [Select]
tail -f /var/log/httpd/admin_error_log

Offline TerryF

  • grumpy old man
  • *
  • 1,821
  • +6/-0
Re: can't access the server-manager. refused access : refused to connect.
« Reply #24 on: June 28, 2021, 10:11:47 PM »
again, need to stick with my small area of activity, testing
--
qui scribit bis legit

Offline waldviertler

  • ***
  • 107
  • +0/-0
Re: can't access the server-manager. refused access : refused to connect.
« Reply #25 on: June 28, 2021, 10:39:56 PM »
This is the content of
Code: [Select]
tail -f /var/log/httpd/admin_error_log while trying to login:

Code: [Select]
[Mon Jun 28 22:38:26.439424 2021] [cgi:error] [pid 7809] [client 127.0.0.1:47002] AH01215: Can't exec "/usr/bin/pwauth": Permission denied at /etc/e-smith/web/common/cgi-bin/login line 56., referer: https://192.168.1.254/server-common/cgi-bin/login?redirect=1&back=https%3A%2F%2F192.168.1.254%2Fserver-manager
[Mon Jun 28 22:38:26.440051 2021] [cgi:error] [pid 7809] [client 127.0.0.1:47002] AH01215: Could not open pipe to pwauth: Permission denied at /etc/e-smith/web/common/cgi-bin/login line 58., referer: https://192.168.1.254/server-common/cgi-bin/login?redirect=1&back=https%3A%2F%2F192.168.1.254%2Fserver-manager
« Last Edit: June 28, 2021, 10:50:58 PM by waldviertler »

Offline waldviertler

  • ***
  • 107
  • +0/-0
rpm -q pwauth:

Code: [Select]
pwauth-2.3.10-10.el7.sme.x86_64
I installed SME10 with "smeserver-10.0-x86_64.iso" that I downloaded from: http://mirror.pialasse.com/releases/10/iso/x86_64/

I burned the iso on a DVD and installed it in text mode.

I have all available updates installed.

/sbin/e-smith/audittools/repositories gives:
Code: [Select]
base: enabled
centosplus: disabled
epel: disabled
extras: disabled
fasttrack: disabled
fws: disabled
remi-safe: enabled
smeaddons: enabled
smecontribs: disabled
smedev: disabled
smeextras: enabled
smeos: enabled
smetest: disabled
smeupdates: enabled
smeupdates-testing: disabled
stephdl: disabled
testing: disabled
updates: enabled

« Last Edit: June 28, 2021, 11:00:57 PM by waldviertler »

Offline waldviertler

  • ***
  • 107
  • +0/-0
I chownd
Code: [Select]
/usr/bin/pwauth
from root apache to root www - and now I can login to the server-manager!

Thank you for your time!

Offline Jean-Philippe Pialasse

  • *
  • 2,747
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
but we will never know why...  checked on 2 fresh install and pwauth is with correct permission. 

how did you restore ?

Offline waldviertler

  • ***
  • 107
  • +0/-0
After installing SME10 it asked if I wanted to restore....

But now after

Code: [Select]
signal-event post-upgrade
signal-event reboot

chown is back to root apache.

How can I change this to root www permanently?