Hi, > We are using docker containers. At webui.log: > > 2023/05/19 08:34:20 ERR Error creating backend client Error while writing to > socket; __EVAL_ERROR__ => I18N_OPENXPKI_CLIENT_INIT_CONNECTION_FAILED; > __ERROR__ => Permission denied, __SOCKETFILE__ => > /var/openxpki/openxpki.socket [pid=82|sid=9975] > > srwxrwx--- 1 openxpki openxpki 0 May 19 08:35 /var/openxpki/openxpki.socket > > id www-data > uid=33(www-data) gid=33(www-data) groups=33(www-data) > > At working server v.3.20 www-data is in group openxpki: > id www-data > uid=33(www-data) gid=33(www-data) groups=33(www-data),102(openxpki) > > Adding www-data to group openxpki and restarting container fixes the issue. > > Is it a bug or is it configurable somehow? > > P.S. same issue with 3.22
This is expected behavior. You need to properly configure your system with respect to Unix user and group setup as well as setting access permissions properly. The relevant configuration is located in system/server.yaml e. g. ... # Daemon settings user: openxpki group: openxpki socket_file: /var/openxpki/openxpki.socket socket_owner: apache socket_group: apache ... socket_owner and socket_group are optional but can be used to fine tune ownership and permissions. You need to configure your system in a way that the web server can read/write the socket. Other processes and users not related to OpenXPKI should be excluded from accessing the socket. cheers Martin _______________________________________________ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
