Which user is Nginx running as?
Which user is fastcgi-mono-server running as? Somehow, it thinks that $HOME for the running user is /root On 13/11/17 12:20, nikhil sehgal wrote:
Hi all, Now I have different scenario I have mono running as a custom user XYZ...however I am getting exception that mono can't write keypairs to follow in path /root/.config/.mono/keypairs Why it's trying to write key's to Root's path...... I am using nginx+fastcgimono ... And this issue is very random I got 3/10 times... Please help urgent On Oct 5, 2017 13:03, "nikhil sehgal" <nikhil.j...@gmail.com> wrote: HI All , While calling ProtectedData.Protect(Encoding.Unicode.GetBytes("XXXXXXXXXXXXXXX"), null, DataProtectionScope.LocalMachine); I am getting following error ....i am running my application under fast_cgi_mono+nginx and running as non root user.. And following error is coming randomly not always. I don't want to run my application as root user for Security reasons .please advice System.Security.Cryptography.CryptographicException: Data protection failed. ---> System.UnauthorizedAccessException: Access to the path "/usr/share/.mono/keypairs/[1][98f3a7e3-0d6e-f432-8a18-e1144b53633f][-1].xml" is denied. at System.IO.FileStream..ctor (System.String path, System.IO.FileMode mode, System.IO.FileAccess access, System.IO.FileShare share, System.Int32 bufferSize, System.Boolean anonymous, System.IO.FileOptions options) [0x001d8] in <77c9551943624fd18301ba6f78a841e5>:0 at System.IO.FileStream..ctor (System.String path, System.IO.FileMode mode, System.IO.FileAccess access, System.IO.FileShare share) [0x00000] in < 77c9551943624fd18301ba6f78a841e5>:0 at (wrapper remoting-invoke-with-check) System.IO.FileStream:.ctor (string,System.IO.FileMode,System.IO.FileAccess,System.IO.FileShare) at System.IO.File.Open (System.String path, System.IO.FileMode mode) [0x00000] in <77c9551943624fd18301ba6f78a841e5>:0 at Mono.Security.Cryptography.KeyPairPersistence.Save () [0x00006] in < 77c9551943624fd18301ba6f78a841e5>:0 at System.Security.Cryptography.RSACryptoServiceProvider.OnKeyGenerated (System.Object sender, System.EventArgs e) [0x0002f] in < 77c9551943624fd18301ba6f78a841e5>:0 at Mono.Security.Cryptography.RSAManaged.GenerateKeyPair () [0x00151] in < 77c9551943624fd18301ba6f78a841e5>:0 at Mono.Security.Cryptography.RSAManaged.EncryptValue (System.Byte[] rgb) [0x0001b] in <77c9551943624fd18301ba6f78a841e5>:0 at Mono.Security.Cryptography.PKCS1.RSAEP (System.Security.Cryptography.RSA rsa, System.Byte[] m) [0x00000] in <77c9551943624fd18301ba6f78a841e5>:0 at Mono.Security.Cryptography.PKCS1.Encrypt_OAEP (System.Security.Cryptography.RSA rsa, System.Security.Cryptography.HashAlgorithm hash, System.Security.Cryptography.RandomNumberGenerator rng, System.Byte[] M) [0x000f6] in <77c9551943624fd18301ba6f78a841e5>:0 at System.Security.Cryptography.Utils.RsaOaepEncrypt (System.Security.Cryptography.RSA rsa, System.Security.Cryptography.HashAlgorithm hash, System.Security.Cryptography.PKCS1MaskGenerationMethod mgf, System.Security.Cryptography.RandomNumberGenerator rng, System.Byte[] data) [0x00000] in <77c9551943624fd18301ba6f78a841e5>:0 at System.Security.Cryptography.RSAOAEPKeyExchangeFormatter.CreateKeyExchange (System.Byte[] rgbData) [0x00047] in <77c9551943624fd18301ba6f78a841e5>:0 at System.Security.Cryptography.RSACryptoServiceProvider.Encrypt (System.Byte[] rgb, System.Boolean fOAEP) [0x0001f] in < 77c9551943624fd18301ba6f78a841e5>:0 at System.Security.Cryptography.RSACryptoServiceProvider.Encrypt (System.Byte[] data, System.Security.Cryptography.RSAEncryptionPadding padding) [0x00045] in <77c9551943624fd18301ba6f78a841e5>:0 at System.Security.Cryptography.RSAOAEPKeyExchangeFormatter.CreateKeyExchange (System.Byte[] rgbData) [0x0002c] in <77c9551943624fd18301ba6f78a841e5>:0 at Mono.Security.Cryptography.ManagedProtection.Protect (System.Byte[] userData, System.Byte[] optionalEntropy, System.Security.Cryptography.DataProtectionScope scope) [0x0013e] in <2c890ca2f2c3434ca04011ecd5d57165>:0 at System.Security.Cryptography.ProtectedData.Protect (System.Byte[] userData, System.Byte[] optionalEntropy, System.Security.Cryptography.DataProtectionScope scope) [0x00023] in <2c890ca2f2c3434ca04011ecd5d57165>:0 --- End of inner exception stack trace --- at System.Security.Cryptography.ProtectedData.Protect (System.Byte[] userData, System.Byte[] optionalEntropy, System.Security.Cryptography.DataProtectionScope scope) [0x0003f] in <2c890ca2f2c3434ca04011ecd5d57165>:0 at Writelog.Program.Main (System.String[] args) [0x00010] in < e4a1cce0275a48f29c577f83bf71131e>:0 [ERROR] FATAL UNHANDLED EXCEPTION: System.Security.Cryptography.CryptographicException: Data protection failed. ---> System.UnauthorizedAccessException: Access to the path "/usr/share/.mono/keypairs/[1][98f3a7e3-0d6e-f432-8a18-e1144b53633f][-1].xml" is denied. at System.IO.FileStream..ctor (System.String path, System.IO.FileMode mode, System.IO.FileAccess access, System.IO.FileShare share, System.Int32 bufferSize, System.Boolean anonymous, System.IO.FileOptions options) [0x001d8] in <77c9551943624fd18301ba6f78a841e5>:0 at System.IO.FileStream..ctor (System.String path, System.IO.FileMode mode, System.IO.FileAccess access, System.IO.FileShare share) [0x00000] in < 77c9551943624fd18301ba6f78a841e5>:0 at (wrapper remoting-invoke-with-check) System.IO.FileStream:.ctor (string,System.IO.FileMode,System.IO.FileAccess,System.IO.FileShare) at System.IO.File.Open (System.String path, System.IO.FileMode mode) [0x00000] in <77c9551943624fd18301ba6f78a841e5>:0 at Mono.Security.Cryptography.KeyPairPersistence.Save () [0x00006] in < 77c9551943624fd18301ba6f78a841e5>:0 at System.Security.Cryptography.RSACryptoServiceProvider.OnKeyGenerated (System.Object sender, System.EventArgs e) [0x0002f] in < 77c9551943624fd18301ba6f78a841e5>:0 at Mono.Security.Cryptography.RSAManaged.GenerateKeyPair () [0x00151] in < 77c9551943624fd18301ba6f78a841e5>:0 at Mono.Security.Cryptography.RSAManaged.EncryptValue (System.Byte[] rgb) [0x0001b] in <77c9551943624fd18301ba6f78a841e5>:0 at Mono.Security.Cryptography.PKCS1.RSAEP (System.Security.Cryptography.RSA rsa, System.Byte[] m) [0x00000] in <77c9551943624fd18301ba6f78a841e5>:0 at Mono.Security.Cryptography.PKCS1.Encrypt_OAEP (System.Security.Cryptography.RSA rsa, System.Security.Cryptography.HashAlgorithm hash, System.Security.Cryptography.RandomNumberGenerator rng, System.Byte[] M) [0x000f6] in <77c9551943624fd18301ba6f78a841e5>:0 at System.Security.Cryptography.Utils.RsaOaepEncrypt (System.Security.Cryptography.RSA rsa, System.Security.Cryptography.HashAlgorithm hash, System.Security.Cryptography.PKCS1MaskGenerationMethod mgf, System.Security.Cryptography.RandomNumberGenerator rng, System.Byte[] data) [0x00000] in <77c9551943624fd18301ba6f78a841e5>:0 at System.Security.Cryptography.RSAOAEPKeyExchangeFormatter.CreateKeyExchange (System.Byte[] rgbData) [0x00047] in <77c9551943624fd18301ba6f78a841e5>:0 at System.Security.Cryptography.RSACryptoServiceProvider.Encrypt (System.Byte[] rgb, System.Boolean fOAEP) [0x0001f] in < 77c9551943624fd18301ba6f78a841e5>:0 at System.Security.Cryptography.RSACryptoServiceProvider.Encrypt (System.Byte[] data, System.Security.Cryptography.RSAEncryptionPadding padding) [0x00045] in <77c9551943624fd18301ba6f78a841e5>:0 at System.Security.Cryptography.RSAOAEPKeyExchangeFormatter.CreateKeyExchange (System.Byte[] rgbData) [0x0002c] in <77c9551943624fd18301ba6f78a841e5>:0 at Mono.Security.Cryptography.ManagedProtection.Protect (System.Byte[] userData, System.Byte[] optionalEntropy, System.Security.Cryptography.DataProtectionScope scope) [0x0013e] in <2c890ca2f2c3434ca04011ecd5d57165>:0 at System.Security.Cryptography.ProtectedData.Protect (System.Byte[] userData, System.Byte[] optionalEntropy, System.Security.Cryptography.DataProtectionScope scope) [0x00023] in <2c890ca2f2c3434ca04011ecd5d57165>:0 --- End of inner exception stack trace --- at System.Security.Cryptography.ProtectedData.Protect (System.Byte[] userData, System.Byte[] optionalEntropy, System.Security.Cryptography.DataProtectionScope scope) [0x0003f] in <2c890ca2f2c3434ca04011ecd5d57165>:0 at Writelog.Program.Main (System.String[] args) [0x00010] in < e4a1cce0275a48f29c577f83bf71131e>:0 -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.dot.net/pipermail/mono-devel-list/attachments/20171113/7c971554/attachment.html>
_______________________________________________ Mono-devel-list mailing list Mono-devel-list@lists.dot.net http://lists.dot.net/mailman/listinfo/mono-devel-list