Bug #2965
Permission denied when creating VPN users
Status: | CLOSED | Start date: | ||
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | - | % Done: | 100% | |
Category: | nethserver-lib | |||
Target version: | v6.5 | |||
Security class: | Resolution: | |||
Affected version: | v6.5 | NEEDINFO: | No |
Description
Installed the VPN package. Loading the VPN configuration page gives this error below the content on all VPN tab pages:
[2] file(/var/lib/nethserver/certs/certindex): failed to open stream: Permission denied See the system log for details.
/var/log/messages
offers this:
Nov 25 20:29:50 neth httpd-admin: [ERROR] Can't access certificate index file: /var/lib/nethserver/certs/certindex Nov 25 20:29:50 neth httpd-admin: [2] file(/var/lib/nethserver/certs/certindex): failed to open stream: Permission denied - File /usr/share/nethesis/NethServer/Module/VPN/Accounts.php, line 105
It appears the ipsec service is started, but when I try to add a user, I again get the unable to open stream error:
[2] file(/var/lib/nethserver/certs/certindex): failed to open stream: Permission denied See the system log for details.
Associated revisions
Fix certindex file permissions. Refs #2965
Keep umask value unaltered. Refs #2965
Refactored, using a symbolic dir name. Refs #2965
Added license header.
Accounts UI module: wrap PHP file() call. Refs #2965
Failures will be reported to the log file only.
Merge branch 'b2965'. Refs #2965
History
#1 Updated by Filippo Carletti over 6 years ago
Temporary workaround:
chmod o+r /var/lib/nethserver/certs/certindex
#2 Updated by Davide Principi over 6 years ago
- Subject changed from Impossible to create vpn users, permission problems to Permission denied when creating VPN users
- Category set to nethserver-lib
- Status changed from NEW to TRIAGED
- Target version set to v6.5
- % Done changed from 0 to 20
- Affected version set to v6.5
I cannot reproduce the bug if nethserver-vpn
is installed from the command line, proving that wrong permissions on /var/lib/nethserver/certs/certindex
originate elsewhere.
In nethserver-lib-2.1.2-1.ns6.noarch
, for instance the new umask
settings of ptrack
are probably not compatible.
I propose to fix the umask
in nethserver-lib
and apply the proposed workaround automatically.
#3 Updated by Davide Principi over 6 years ago
- File bug2965_nethserver-lib.patch added
- File bug2965_nethserver-vpn.patch added
Proposed patches for nethserver-lib
and nethserver-vpn
#4 Updated by Davide Principi over 6 years ago
- Status changed from TRIAGED to ON_DEV
- Assignee set to Davide Principi
- % Done changed from 20 to 30
#5 Updated by Davide Principi over 6 years ago
- Description updated (diff)
- Status changed from ON_DEV to MODIFIED
- Assignee deleted (
Davide Principi) - % Done changed from 30 to 60
MODIFIED
The bug affects nethserver-lib
package. The ptrack
command must not alter the calling process umask
value.
The modification of nethsever-vpn
fixes existing permission problems for the affected installation, while nethserver-lib
has the real bugfix.
#6 Updated by Davide Principi over 6 years ago
- Status changed from MODIFIED to ON_QA
- % Done changed from 60 to 70
In nethserver-testing
nethserver-lib-2.1.2-1.0git04ab7be3.ns6.noarch.rpmnethserver-vpn-1.1.2-3.0gitd9066df4.ns6.noarch.rpm
nethserver-vpn-1.1.2-4.0gitbc784340.ns6.noarch.rpm
#7 Updated by Filippo Carletti over 6 years ago
- Status changed from ON_QA to VERIFIED
- % Done changed from 70 to 90
Affected system:
# ls -l /var/lib/nethserver/certs/certindex -rw-r-----. 1 root root 0 Nov 27 17:41 /var/lib/nethserver/certs/certindex # yum --enablerepo=nethserver-testing update nethserver-vpn # ls -l /var/lib/nethserver/certs/certindex -rw-r--r--. 1 root root 0 Nov 27 17:41 /var/lib/nethserver/certs/certindex
New system:
# yum --enablerepo=nethserver-testing update nethserver-lib
Install vpn from package manager:
# ls -l /var/lib/nethserver/certs/certindex -rw-r--r--. 1 root root 0 Nov 27 17:41 /var/lib/nethserver/certs/certindex
#8 Updated by Davide Principi over 6 years ago
- Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
In nethserver-updates:
nethserver-lib-2.1.3-1.ns6.noarch.rpm
nethserver-vpn-1.1.3-1.ns6.noarch.rpm
- Davide Marini
- Jeff Folk
- Filippo Carletti