Topic: Primary I-bay website no longer accessible from inside or outside internet.

[JRBATM20192021]

Hello,

I have come across a new problem that I have been unable to solve.... I went to create a new I-bay yesterday I went in to server manager and made an I-bay and a user to use it I set the chroot path so they can go right to there I-bay etc. I also made a group to put the Administrator and User in so they can use the same I bay. All goes well or so I think... Later that day I learn that all 3 of my websites that are on the same server are no longer accessible to outside/inside IP networks. All 3 display the following message

Forbidden

You don't have permission to access / on this server.

While all the main links don't work all of my auxiliary site.com/second don't work either. However site.com/webmail works just fine. My email and FTP sides of the server are 100% unaffected and working just fine. It seems like all I did was change the public viewing setting on the Primary and Auxiliary I Bay even though it is telling me it is set correctly at 755. Not sure what I am doing wrong here......

The only weird thing the server is telling me in the log is that I deleted admin from the group admin?? There's no way to do that I think so I am really confused as to why it said that....

Any help, advice, suggestions and even criticism is welcomed at this point.

Thank you

[Jean-Philippe Pialasse]

what gives
grep www /etc/group

[JRBATM20192021]

I wish I knew.....

Is that a command to try? I will try it

[Jean-Philippe Pialasse]

it is.
cue: it should show www in all your groups  associated to an ibay. including the group shared. 
of not you have encountered this bug https://bugs.koozali.org/show_bug.cgi?id=12146

[JRBATM20192021]

Okay so etc should be where I put the name of the I-bay like Primary right?

[JRBATM20192021]

I must not know how to enter it or I have encountered the bug I tried entering in the following combinations

grep www /etc/group

grep www /Ibayname/group

Nothing happened it acted like I had a blank space and hit enter

[JRBATM20192021]

Okay reading your bug report I am misunderstanding that the only way to fix the issue is to restore from backup?

[Jean-Philippe Pialasse]

you are misunderstanding.


I can only assume that something happened and reversed the order of apache and www in /etc/passwd.

what returns
egrep 'www|apache' /etc/passwd

no proof it is not already in this state in your backup.

[JRBATM20192021]

its returning no such file or directory

[Jean-Philippe Pialasse]

its returning no such file or directory

you are not typing it correctly then.

[ReetP]

Typically you should get this:

[root@esmith ~]# egrep 'www|apache' /etc/passwd

Code: [Select]

apache:x:102:102:Apache:/var/www:/sbin/nologin
www:x:102:102:SME Server web server:/home/e-smith:/bin/false

Or

[root@esmith ~]# grep www /etc/group

Code: [Select]

www:x:102:admin,apache
webstuff:x:5101:admin,user1,user2,www


[JRBATM20192021]

Okay let me try again

[JRBATM20192021]

here is what mine returns

[root@www ~]# egrep 'www|apache' /etc/passwd
apache:x:102:102:Apache:/var/www:/sbin/nologin
www:x:102:102:SME Server web server:/home/e-smith:/bin/false
[root@www ~]# grep www /etc/group
www:x:102:admin,apache
commercials28:x:5060:admin,www,tvcommercials
[root@www ~]#

[JRBATM20192021]

Tv commercials is the Ibay I made the other day

[Jean-Philippe Pialasse]

waiting the bug to be fixed:

Code: [Select]

usermod -a -G shared www
would workaround the missing www in shared group for your Primary ibay.

beware this is an uppercase G, not a lowercase g. 

then you will need to restart apache

Code: [Select]

systemctl restart httpd-e-smith

[JRBATM20192021]

That worked! Thank you! So that's a common bug I guess??? I thought I messed something up.....

[Jean-Philippe Pialasse]

not that common, because we were not able to find what is the original cause, but it is a bug.
the command is a workaround, it might reappear.  same command should get you out.

you might help by telling more about your server:
- servwr mode
- version
- fresh install or restored backup
- if from backup using what kind of backup
- what is the last change before you atart getting this issue ?

[JRBATM20192021]

Sorry for the delay.... Here is the information for you.

Server Mode: Server Only
Version-SME 10
Fresh install or Backup: Its the original install never been restored from a backup
Last change before issue: All I did was make a new I-bay and made a new user to use it and
set a group between the admin and the new user. The only thing I did that was unusual from an other time I made a new I-bay was I was going fast while making it because it was a last minute thing and it took several times to get all of the steps done correctly and I keep doing things incorrectly that were leading to errors which I would change to the correct way. For example I made the I-bay and the user the same name which caused an error. Then I tried to make the group with a name starting with a number which caused another error as well. So maybe that caused a problem?? It was a confusing experience so glad it wasn't totally my fault.....

[Jean-Philippe Pialasse]

Those are checks preventing things to go wrong, so i do not think it was the cause.
so not restored from a backup, this remove the main lead I had for this.

Any contrib installed? If yes what were the last installed ? This could help you list your contribs with also base packages.

Code: [Select]

rpm -qa| grep smeserver| sort

Any yum update just before it occured? You can check yum.log for that. 

[JRBATM20192021]

Sorry for the delay its been a busy week.....

Yes i have some contribs installed here is a list

smeserver-audittools-1.6.0-4.el7.sme.noarch
smeserver-clamav-2.7.0-16.el7.sme.noarch
smeserver-dovecot-1.6.0-19.el7.sme.noarch
smeserver-extrarepositories-atomic-0.1-40.noarch
smeserver-extrarepositories-centos-sclo-0.1-40.noarch
smeserver-extrarepositories-egroupware-0.1-40.noarch
smeserver-extrarepositories-elastic-0.1-40.noarch
smeserver-extrarepositories-elrepo-0.1-40.noarch
smeserver-extrarepositories-epel-0.1-40.noarch
smeserver-extrarepositories-erlang-0.1-40.noarch
smeserver-extrarepositories-freeswitch-0.1-40.noarch
smeserver-extrarepositories-fws-0.1-40.noarch
smeserver-extrarepositories-libreswan-0.1-40.noarch
smeserver-extrarepositories-node-0.1-40.noarch
smeserver-extrarepositories-okay-0.1-40.noarch
smeserver-extrarepositories-openfusion-0.1-40.noarch
smeserver-extrarepositories-pgsql-0.1-40.noarch
smeserver-extrarepositories-reetp-0.1-40.noarch
smeserver-extrarepositories-remi-ocsinventory-0.1-40.noarch
smeserver-extrarepositories-remi-roundcube-0.1-40.noarch
smeserver-extrarepositories-remi-unsafe-0.1-40.noarch
smeserver-extrarepositories-rpmfusion-0.1-40.noarch
smeserver-extrarepositories-sogo-0.1-40.noarch
smeserver-extrarepositories-spectrum2-0.1-40.noarch
smeserver-extrarepositories-springdale-0.1-40.noarch
smeserver-extrarepositories-stephdl-0.1-40.noarch
smeserver-extrarepositories-virtualbox-0.1-40.noarch
smeserver-extrarepositories-webtatic-0.1-40.noarch
smeserver-extrarepositories-xymon-0.1-40.noarch
smeserver-extrarepositories-zabbix-0.1-40.noarch
smeserver-extrarepositories-zmrepo-0.1-40.noarch
smeserver-fail2ban-0.1.18-30.el7.sme.noarch
smeserver-geoip-1.2-18.el7.sme.noarch
smeserver-horde-1.0.0-33.el7.sme.noarch
smeserver-letsencrypt-0.5-24.noarch
smeserver-locale-bg-2.6.0-17.el7.sme.noarch
smeserver-locale-da-2.6.0-17.el7.sme.noarch
smeserver-locale-de-2.6.0-17.el7.sme.noarch
smeserver-locale-el-2.6.0-17.el7.sme.noarch
smeserver-locale-es-2.6.0-17.el7.sme.noarch
smeserver-locale-et-2.6.0-17.el7.sme.noarch
smeserver-locale-fr-2.6.0-17.el7.sme.noarch
smeserver-locale-he-2.6.0-17.el7.sme.noarch
smeserver-locale-hu-2.6.0-17.el7.sme.noarch
smeserver-locale-id-2.6.0-17.el7.sme.noarch
smeserver-locale-it-2.6.0-17.el7.sme.noarch
smeserver-locale-ja-2.6.0-17.el7.sme.noarch
smeserver-locale-nb-2.6.0-17.el7.sme.noarch
smeserver-locale-nl-2.6.0-17.el7.sme.noarch
smeserver-locale-pl-2.6.0-17.el7.sme.noarch
smeserver-locale-pt-2.6.0-17.el7.sme.noarch
smeserver-locale-pt_BR-2.6.0-17.el7.sme.noarch
smeserver-locale-ro-2.6.0-17.el7.sme.noarch
smeserver-locale-ru-2.6.0-17.el7.sme.noarch
smeserver-locale-sl-2.6.0-17.el7.sme.noarch
smeserver-locale-sv-2.6.0-17.el7.sme.noarch
smeserver-locale-th-2.6.0-17.el7.sme.noarch
smeserver-locale-tr-2.6.0-17.el7.sme.noarch
smeserver-locale-zh_CN-2.6.0-17.el7.sme.noarch
smeserver-locale-zh_TW-2.6.0-17.el7.sme.noarch
smeserver-mysql-2.7.0-17.el7.sme.noarch
smeserver-php-3.0.0-44.el7.sme.x86_64
smeserver-qpsmtpd-2.7.0-11.el7.sme.noarch
smeserver-release-10.1-1.el7.sme.noarch
smeserver-remoteuseraccess-1.3-6.el7.sme.noarch
smeserver-spamassassin-2.7.0-10.el7.sme.noarch
smeserver-support-2.8.0-20.el7.sme.noarch
smeserver-yum-2.6.2-2.el7.sme.noarch

Yes a Little much 2 years ago I decided to install a mass update once when I thought I need too.

On Yum I'll check the log for sure but unless it updated on its own which it isn't suppose to it should not be updated but I'll check for sure.

[JRBATM20192021]

Okay yum.log that's the log in Server Manager Correct?

[ReetP]

Okay yum.log that's the log in Server Manager Correct?

Either via server-manager or in /var/log/yum

[JRBATM20192021]

Okay just checked again and no yum update before the issue occurred.