Symptoms
Log Files Access service displays empty page on attmept to get access to log files from
CCPv1 > Websites > <website_name> > Log Manager > Show FTP Director
.Following error appears in
/var/log/h2e-ftp/errors
on NG Web server:Mar 23 12:55:37 web1.ng.domain.tld proftpd[953429] 0.0.0.0 (::ffff:203.0.1.2[::ffff:203.0.1.2]): FTP session opened. Mar 23 12:55:37 web1.ng.domain.tld proftpd[953429] 0.0.0.0 (::ffff:203.0.1.2[::ffff:203.0.1.2]): h2e: _h2e_getpwnam(lfao115584,::ffff:203.0.113.2) Mar 23 12:55:37 web1.ng.domain.tld proftpd[953429] 0.0.0.0 Mar 23 12:55:37 web1.ng.domain.tld proftpd[953429] 0.0.0.0 (::ffff:203.0.1.2[::ffff:203.0.1.2]): h2e: find_ftp_info(lfao115584,::ffff:203.0.113.2) found HOMEDIR: /var/www/vhosts/25/115584/log Mar 23 12:55:37 web1.ng.domain.tld proftpd[953429] 0.0.0.0 (::ffff:203.0.1.2[::ffff:203.0.1.2]): Preparing to chroot to directory '/var/www/vhosts/25/115584/log' Mar 23 12:55:37 web1.ng.domain.tld proftpd[953429] 0.0.0.0 (::ffff:203.0.1.2[::ffff:203.0.1.2]): lfao115584 chdir("/"): Permission denied Mar 23 12:55:37 web1.ng.domain.tld proftpd[953429] 0.0.0.0 (::ffff:203.0.1.2[::ffff:203.0.1.2]): FTP session closed. Where `203.0.113.2` - IP address of website and `203.0.1.2` - IP address of ftp Client.
Permissions on webspace directory are correct and requested home directory exists:
[root@web1 ~]# ls -lahtd /var/www/vhosts/1/115584/log drwxr-x--- 2 root pemsrv 4.0K Mar 18 08:54 /var/www/vhosts/1/115584/log [root@web1 ~]# ls -lahtd /var/www/vhosts/1/115584/ drwxr-xr-x 6 root root 4.0K Mar 18 03:39 /var/www/vhosts/1/115584/
redis
service is up and running on NG Web server:[root@web1 ~]# service redis status redis-server (pid 1493) is running...
Information about LogFileAccess user exists in redis database:
[root@web1 ~]# redis-cli -s /var/lib/redis/redis.sock get "ftp-by-name-and-ip:lfao115584,::ffff:203.0.113.2" | redis-decode-obj --type ftp_info_t m_user_id: 115584 m_homedir: "/var/www/vhosts/1/115584/log" m_passwd: "<encrypted_password>" m_logfile: "/var/www/vhosts/1/115584log/xferlog" m_group_id: 10003 m_sec_group_id: 10002
Cause
m_sec_group_id
value stored for LogFileAccess system user does not match with pemsrv
group id in local /etc/group
file. For example:
[root@web1 ~]# grep pemsrv /etc/group
pemsrv:x:1001:apache
As result, lfao115584
cannot get access to home directory /var/www/vhosts/1/115584/log
due lack of permissions
Resolution
Odin Operations Automation uses some reserved ID's for Web Server groups on NG hosts. To fix the issue:
Check
/etc/nsswitch.conf
to identify which services are used for getting information about group and users, for example:[root@web1 ~]# grep -v '#' /etc/nsswitch.conf | grep -v '^$' | egrep 'passwd|group' passwd: files sss ng group: files sss ng netgroup: files sss
Make sure that
10002
GID is not used by any group as:[root@web1 ~]# getent group 10002 [root@web1 ~]# [root@web1 ~]# getent -s sss group 10002 [root@web1 ~]#
Change
pemsrv
GID to10002
as:[root@web1 ~]# groupmod -g 10002 pemsrv