#1  
Old 29th November 2011, 20:07
stefanm stefanm is offline
Junior Member
 
Join Date: Oct 2009
Posts: 21
Thanks: 32
Thanked 5 Times in 4 Posts
Default Possible ISPConfig bug?

Hi Till, Hi Falko, Hi everyone,

I hope you can help me out with the following problem: We have cluster setup of ISPConfig 3.0.3 running on Debian 6 (setup follows your tutorial for Lenny).

So far we have about 30 domains configured on the system (all configured with fastcgi/suexec). With 4 or 5 of the web domains we had a strange effect: After creating the domains, the owner id in the filesystem is too low by exactly 2.

Example: We created a domain yxz.org, the ispconfig interface says:
Owner: web111 Group: client37
But the filesystem for the web domain is created with web109:client37
(and thus making suexec fail)

Do you have any idea why this is happening? The difference in numbers is exactly 2 in all cases and so far it happend with 4 or 5 sites, but these sites do not seem to be special somehow compared to all the other sites that were created correctly.

Where does ISPconfig get the information from which user:group to use when creating the filesystem?

Hope, you can help. I am a little bit lost here, since I have no idea where to start with searching the problem.

An additional note: All the ids that are generated on our system are uneven(web103,web105,web107,...), so it seems the use the id of the last web created before.

Thanks for your help!
Stefan

Update:
Just encountered the phenomenon. Here is what was configured and what happens on the filesystem (this time the difference is not 2 anymore). Really strange. Does perhaps the debug message not show the real command that is executed?




Debug output for creating the site:
Code:
9.11.2011 21:55 	s3.xxx.yyy 	Debug 	Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock 	
29.11.2011 21:55 	s3.xxx.yyy 	Debug 	Processed datalog_id 1109 	
29.11.2011 21:55 	s3.xxx.yyy 	Debug 	Apache online status after restart is: 1 	
29.11.2011 21:55 	s3.xxx.yyy 	Debug 	Calling function 'restartHttpd' from module 'web_module'. 	
29.11.2011 21:55 	s3.xxx.yyy 	Debug 	Apache status is: 1 	
29.11.2011 21:55 	s3.xxx.yyy 	Debug 	Writing the vhost file: /etc/apache2/sites-available/test.abc.vhost 	
29.11.2011 21:55 	s3.xxx.yyy 	Debug 	Creating fastcgi starter script: /var/www/php-fcgi-scripts/web117/.php-fcgi-starter 	
29.11.2011 21:55 	s3.xxx.yyy 	Debug 	Disable SSL for: 	
29.11.2011 21:55 	s3.xxx.yyy 	Debug 	exec: chown web117:client41 /var/www/clients/client41/web117/log/error.log 	
29.11.2011 21:55 	s3.xxx.yyy 	Debug 	exec: chown web117:client41 /var/www/clients/client41/web117 	
29.11.2011 21:55 	s3.xxx.yyy 	Debug 	exec: usermod --groups sshusers web117 	
29.11.2011 21:55 	s3.xxx.yyy 	Debug 	exec: chmod 755 /var/www/clients/client41/web117/log 	
29.11.2011 21:55 	s3.xxx.yyy 	Debug 	exec: chmod 777 /var/www/clients/client41/web117/tmp 	
29.11.2011 21:55 	s3.xxx.yyy 	Debug 	exec: chmod 710 /var/www/clients/client41/web117/web 	
29.11.2011 21:55 	s3.xxx.yyy 	Debug 	exec: chmod 751 /var/www/clients/client41/web117/*
29.11.2011 21:55 	s3.xxx.yyy 	Debug 	exec: chmod 777 /var/www/clients/client41/web117/tmp 	
29.11.2011 21:55 	s3.xxx.yyy 	Debug 	exec: chmod 710 /var/www/clients/client41/web117/web 	
29.11.2011 21:55 	s3.xxx.yyy 	Debug 	exec: chmod 751 /var/www/clients/client41/web117/* 	
29.11.2011 21:55 	s3.xxx.yyy 	Debug 	exec: chmod 751 /var/www/clients/client41/web117/ 	
29.11.2011 21:55 	s3.xxx.yyy 	Debug 	Creating Symlink: ln -s /var/www/clients/client41/web117/ /var/www/clients/client41/test.abc 	
29.11.2011 21:55 	s3.xxx.yyy 	Debug 	Creating Symlink: ln -s /var/www/clients/client41/web117/ /var/www/test.abc 	
29.11.2011 21:55 	s3.xxx.yyy 	Debug 	Moving site to new document root: mv /var/www/clients/client0/web117 /var/www/clients/client41 	
29.11.2011 21:55 	s3.xxx.yyy 	Debug 	Removed Symlink: rm -f /var/www/clients/client0/test.abc 	
29.11.2011 21:55 	s3.xxx.yyy 	Debug 	Calling function 'update' from plugin 'apache2_plugin' raised by event 'web_domain_update'. 	
29.11.2011 21:55 	s3.xxx.yyy 	Debug 	Calling function 'ssl' from plugin 'apache2_plugin' raised by event 'web_domain_update'. 	
29.11.2011 21:55 	s3.xxx.yyy 	Debug 	Found 1 changes, starting update process.
and this is how the filesystem for the domain looks like:
Code:
root@s3 /var/www/test.abc # ls -l
total 36K
drwxr-x--x 2 web111 client41 4.0K Nov 29 21:54 cgi-bin
lrwxrwxrwx 1 web111 client41   33 Nov 29 21:54 log -> /var/log/ispconfig/httpd/test.abc
drwxr-x--x 2 web111 client41 4.0K Nov 29 21:54 ssl
drwxrwxrwx 2 web111 client41 4.0K Nov 29 21:54 tmp
drwx--x--- 4 web111 client41 4.0K Nov 29 21:54 web
Update 2:
It seems that at some point there went something terribly wrong in ispconfig. I compared the master and the slave server and the user accounts are not in sync anymore. It seems that at some point when we deleted two unused shell accounts, these were correctly removed from the slave server, but not from the master server. So the passwd on the master has two additonal accounts which leads to different uid/gid for all accounts that were created after the failed delete. It seems that these two leftover accounts cause the above phenomenon, since they are not anywhere in ispconfig, but still exist in the passwd. On the slave, where the two accounts were correctly removed, the error explained above, does not occur and uid/gid are correct in the filesystem.
However that leaves me with quite a problem. On the master I have the mess with the wrong uids and the slave is also not usable, because it actually got the uid/gid that the master selected, but they do not match the uid/gid in the passwd.
Any suggestions how to get the servers back in sync and what might have caused the error with the two shell accounts?

Last edited by stefanm; 30th November 2011 at 11:10.
Reply With Quote
Sponsored Links
  #2  
Old 30th November 2011, 22:04
stefanm stefanm is offline
Junior Member
 
Join Date: Oct 2009
Posts: 21
Thanks: 32
Thanked 5 Times in 4 Posts
Default

Hi Till, Hi Falko,

do you perhaps have any suggestions how to cope with the above problem?
It seems that my only choice might be to delete all web domains and shell users that were created since the first false shell account, remove the two orphaned accounts manually from passwd, create all the accounts and hope, that this will help ispconfig to recover. A horrible lot of work

And do you perhaps have an idea what causes the error? Recreating all the accounts might help to recover for now, but how long will it take until the next undeleted shell account.
Sigh, ispconfig is really a great panel and I am using it since several years now, but this is really a downfall.
Any suggestions or help is greatly appreciated!

Stefan
Reply With Quote
  #3  
Old 1st December 2011, 09:21
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,981
Thanks: 825
Thanked 5,371 Times in 4,218 Posts
Default

I have several miultiserver systems and test systems here but I never had it yet that a shell account was not deleted when you delete it in ispconfig.

What you can do is that you change the uids of the ispconfig users that were different in the passwd file on one server so that both files match again and then chown -R the affected website directories manually to this user and group.

We have a bugreport about this issue here:

http://bugtracker.ispconfig.org/inde...s&task_id=1518

The issue can happen if you add a shell user manually on one system without adding it on the second server as well. The only solution for that is to use a fixed uid range that ispconfig enforces on both servers, thats a feature which is on our todo list already but it requires some bigger changes.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #4  
Old 3rd December 2011, 10:35
stefanm stefanm is offline
Junior Member
 
Join Date: Oct 2009
Posts: 21
Thanks: 32
Thanked 5 Times in 4 Posts
 
Default

Hi Till,

had a quick look at your sources and noticed that normal shell users are deleted with "userdel -f", while chrooted users are only deleted with "userdel" though the jailkit-Plugin. Do you have a specific reason for omitting the -f flag?
Might the bug simply arise, when a chrooted user that is deleted still has an open shell to the system? Might also explain, why the users get correctly deleted from the slave, since it is only used for failover purposes and normally has no actives shell accesses.
If I found the right parts in the source (apache2_plugin), the web-domain accounts (webXX) are deleted without the -f flag, too. I am not quite sure, but I think userdel without the -f might fail, if the account has still a process running, so together with suxec, it might be that there simply was access to the website while it was deleted ? (Would explain the behaviour described in the bug report, you pointed me to)

Stefan

Last edited by stefanm; 3rd December 2011 at 11:40.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Upgrade 3.0.3 -> 3.0.4.1 (bug fix release) failed Snowman Installation/Configuration 7 13th December 2011 16:55
PHP warnings after upgrade to ISP config 3.03 stevegjacobs Installation/Configuration 5 30th October 2010 14:31
ISPConfig installation into multiple OpenVZ containers letezo Installation/Configuration 11 3rd March 2009 22:47
ISPConfig 2.2.24 | mailuser app bug? Hans General 19 4th August 2008 15:18
ISPConfig 3.0.0.5 Beta Released till General 77 23rd July 2008 12:14


All times are GMT +2. The time now is 15:35.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.