pure-ftp won't load db users: problem accessing MariaDB

Discussion in 'ISPConfig 3 Priority Support' started by StefanoBertoli, May 17, 2017.

  1. ISP 3.1.3: seems ftp won't connect to db allowing noone user to access ftp
    In the upgrading procedure from 3.1.2 to 3.1.3 I've choosed to reconfigure services but I'm not completely sure this issues started contestually to the upgrade.
    The ISPConfig 3 work inside a openvz container and was installed about one months ago accordling to HowToForge Guide Perfect Server, before the issue alla working fine.
    Enabled verbosing in log seems a problem in the hostname of accessing MariaDB

    [ERROR] The SQL server seems to be down [Host 'myHost.myDomail.tld' is not allowed to connect to this MariaDB server]

    Any idea how to check this? seems mysql bind is getting my hostname out
  2. A step forward: here the list of maria privileges. I' looking to know which is the correct step to resolve this. (ie the default situation just after ispconfig installation).
    Adding the privilege for the host is the correct way?

    MariaDB [(none)]> select user,host from mysql.user;
    | user | host |
    | root | |
    | root | ::1 |
    | c4aps1 | localhost |
    | debian-sys-maint | localhost |
    | ispconfig | localhost |
    | phpmyadmin | localhost |
    | root | localhost |
    | roundcube | localhost |
    8 rows in set (0.00 sec)

    MariaDB [(none)]> SELECT CONCAT(QUOTE(user),'@',QUOTE(host)) UserAccount FROM mysql.user;
    | UserAccount |
    | 'root'@'' |
    | 'root'@'::1' |
    | 'c4aps1'@'localhost' |
    | 'debian-sys-maint'@'localhost' |
    | 'ispconfig'@'localhost' |
    | 'phpmyadmin'@'localhost' |
    | 'root'@'localhost' |
    | 'roundcube'@'localhost' |
    8 rows in set (0.00 sec)
  3. As I made a backup and I also have another VM in production using ISPConfig i checked Mysql permissions and other stuff:
    In the other machine the only difference for mysql privileges is that it also have a [email protected] record
    Is this record necessary? I must replicate it also in the machine haven't it?

    I noted another important difference in /etc/pure-ftpd/db/mysql.conf file

    in the working machine is set like:
    # Optional : MySQL server name or IP. Don't define this for unix sockets.

    In the NOT WORKING machine is set like:
    # Optional : MySQL server name or IP. Don't define this for unix sockets.
    MYSQLServer 192.xxx.xxx.xxx (the internal IP of the machine)

    Trying to change this value to and restarting pure-ftpd daemon all start to work like a charm.

    According to this my question is:

    Why this setting have been changed? It's an upgrade issue, a cron job, some other daemon or what else changing it?
    The correct way to solve it is to change the settings in mysql.conf file or the privileges in mysql allowing the host? I think both solution will work but which is the configuration that follow the ISPConfig guideline?
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    No, this is not required.

    pure-ftpd connects to mysql with the ispconfig user and connects to localhost.

    Maybe you changed something in /etc/hosts so that localhost is not anymore on your server.
  5. This is /etc/hosts in the machine

    ff02::1 ip6-allnodes
    ff02::2 ip6-allrouters

    # Auto-generated hostname. Please do not remove this comment. host154.hwsservice.it localhost host154 localhost.localdomain
    ::1 localhost ip6-localhost ip6-loopback​

    Seems something auto-generate the hosts file.. I've not made any custom tuning on this installation. Someone know if new debian have some sort of daemon that autogenerate hosts file? (there something similar for grub2 or dns/resolv) Is this behaviour correct?
    I will re-apply the modification according to Perfect Server Guide in https://www.howtoforge.com/tutorial/perfect-server-debian-jessie-nginx-bind-dovecot-ispconfig-3.1/

    So just to be sure: in any case the mysql privilege 'root'@'host.domain.tld' isn't required for any service? It is possible it's on my old vm for a past ISPConfig configuration? I don't remember I never set that privilege.

Share This Page