CloudBlue Technical Support

Symptoms

1. Log Files Access service displays empty page on attmept to get access to log files from CCPv1 > Websites > <website_name> > Log Manager > Show FTP Director.

2. Following error appears in /var/log/h2e-ftp/errors on NG Web server:

   Mar 23 12:55:37 web1.ng.domain.tld proftpd[953429] 0.0.0.0 (::ffff:203.0.1.2[::ffff:203.0.1.2]): FTP session opened.
   Mar 23 12:55:37 web1.ng.domain.tld proftpd[953429] 0.0.0.0 (::ffff:203.0.1.2[::ffff:203.0.1.2]): h2e: _h2e_getpwnam(lfao115584,::ffff:203.0.113.2)
   Mar 23 12:55:37 web1.ng.domain.tld proftpd[953429] 0.0.0.0 
   Mar 23 12:55:37 web1.ng.domain.tld proftpd[953429] 0.0.0.0 (::ffff:203.0.1.2[::ffff:203.0.1.2]): h2e: find_ftp_info(lfao115584,::ffff:203.0.113.2) found HOMEDIR: /var/www/vhosts/25/115584/log
   Mar 23 12:55:37 web1.ng.domain.tld proftpd[953429] 0.0.0.0 (::ffff:203.0.1.2[::ffff:203.0.1.2]): Preparing to chroot to directory '/var/www/vhosts/25/115584/log'
   Mar 23 12:55:37 web1.ng.domain.tld proftpd[953429] 0.0.0.0 (::ffff:203.0.1.2[::ffff:203.0.1.2]): lfao115584 chdir("/"): Permission denied
   Mar 23 12:55:37 web1.ng.domain.tld proftpd[953429] 0.0.0.0 (::ffff:203.0.1.2[::ffff:203.0.1.2]): FTP session closed.
   
   Where `203.0.113.2` - IP address of website and `203.0.1.2` - IP address of ftp Client.
   

3. Permissions on webspace directory are correct and requested home directory exists:

   [root@web1 ~]# ls -lahtd /var/www/vhosts/1/115584/log
   drwxr-x--- 2 root pemsrv 4.0K Mar 18 08:54 /var/www/vhosts/1/115584/log
   
   [root@web1 ~]# ls -lahtd /var/www/vhosts/1/115584/
   drwxr-xr-x 6 root root 4.0K Mar 18 03:39 /var/www/vhosts/1/115584/
   

4. redis service is up and running on NG Web server:

   [root@web1 ~]# service redis status
   redis-server (pid  1493) is running...
   

5. Information about LogFileAccess user exists in redis database:

   [root@web1 ~]# redis-cli -s /var/lib/redis/redis.sock get "ftp-by-name-and-ip:lfao115584,::ffff:203.0.113.2" | redis-decode-obj --type ftp_info_t           m_user_id: 115584
   m_homedir: "/var/www/vhosts/1/115584/log"
   m_passwd: "<encrypted_password>"
   m_logfile: "/var/www/vhosts/1/115584log/xferlog"
   m_group_id: 10003
   m_sec_group_id: 10002
   

Cause

m_sec_group_id value stored for LogFileAccess system user does not match with pemsrv group id in local /etc/group file. For example:

[root@web1 ~]# grep pemsrv /etc/group
pemsrv:x:1001:apache

As result, lfao115584 cannot get access to home directory /var/www/vhosts/1/115584/log due lack of permissions

Resolution

Odin Operations Automation uses some reserved ID's for Web Server groups on NG hosts. To fix the issue:

1. Check /etc/nsswitch.conf to identify which services are used for getting information about group and users, for example:

   [root@web1 ~]# grep -v '#' /etc/nsswitch.conf | grep -v '^$' | egrep 'passwd|group'
   passwd:     files sss ng
   group:      files sss ng
   netgroup:   files sss
   

2. Make sure that 10002 GID is not used by any group as:

   [root@web1 ~]# getent group 10002
   [root@web1 ~]#
   [root@web1 ~]# getent -s sss group 10002
   [root@web1 ~]#
   

3. Change pemsrv GID to 10002 as:

   [root@web1 ~]# groupmod -g 10002 pemsrv
   

Internal content