On Tue, April 30, 2024 09:58, Stefan Goeman wrote:
> Hi
>
> I was not able to look into this issue any sooner.
>
> I checked the log files from apache and I indeed see some errors.
> I include the here below.
> I found something similar in the mail archive. But, I would need a more
> detailed explanation on how to solve the issue.
Having recently gone through this myself I am almost certain that you have a
set of permission/ownership problems.
This is what /var/log/openxpki/ should look like (assuming that www is the web
server user/group and openxpki is the openxpki user/group):
# tree -gpu /var/log/openxpki
[drwxrwxr-x openxpki openxpki] /var/log/openxpki
├── [-rw-rw---- openxpki openxpki] audit.log
├── [-rw-rw---- openxpki openxpki] catchall.log
├── [-rw-rw---- openxpki openxpki] deprecated.log
├── [-rw-rw---- www www ] est.log
├── [-rw-rw---- openxpki openxpki] openxpki.log
├── [-rw-rw---- www www ] rpc.log
├── [-rw-rw---- www www ] scep.log
├── [-rw-rw---- www www ] soap.log
├── [-rw-rw---- openxpki openxpki] stderr.log
├── [-rw-rw---- www www ] webui.log
└── [-rw-rw---- openxpki openxpki] workflows.log
This is what /etc/openxpki/ should look like:
ls -ld /usr/local/etc/openxpki/
drwxr-xr-x 14 openxpki openxpki 56 Apr 26 10:03 /usr/local/etc/openxpki/
This is what /etc/openxpki/webui/ should look like:
tree -gpu . . . /etc/openxpki/webui
[drwxr-xr-- openxpki www ] /usr/local/etc/openxpki/webui
└── [-rwxr----- openxpki www ] default.conf
/usr/local/etc/openxpki/webui/default.conf should not be world readable
because it can contain database credentials.
You also need to be aware that if you have cloned /etc/openxpki/ using git and
checked out a working branch as suggested then the user and group of all the
files are those of the user that performed the git clone and git checkout -b.
They also change after each subsequent checkout. Thus you need to manually
chown these to openxpki:openxpki after each checkout.
Also, be aware that git does not preserve permissions other than the execute
bit. That means that you need to chmod those files that require read/write
permissions other than the default. This became, for me, a constant source of
frustration as I checked out the community branch to verify default settings
and then switched back to the working branch, forgetting that all the
permissions and ownerships had changed again.
HTH
Regards,
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
Unencrypted messages have no legal claim to privacy
Do NOT open attachments nor follow links sent by e-Mail
James B. Byrne mailto:byrn...@harte-lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users
