Re: [OpenXPKI-users] openxpki-client socket permission denied at after upgrade from 3.20 to 3.24
Actually initially I took the config from here https://github.com/openxpki/openxpki-config/blob/community/config.d/system/server.yaml I was unchanged at our system since v. 3.14 ___ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
Re: [OpenXPKI-users] openxpki-client socket permission denied at after upgrade from 3.20 to 3.24
Hi, > Thank you very much for the reply, I was wondering because the config did not > change and everything worked smooth before the upgrade. The semantics I posted have been in place and unchanged for a very long time, and we did not change the relevant code portions recently, so the cause might be something in your runtime environment. Cheers Martin ___ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
Re: [OpenXPKI-users] openxpki-client socket permission denied at after upgrade from 3.20 to 3.24
Thank you very much for the reply, I was wondering because the config did not change and everything worked smooth before the upgrade. I'll try the proposed configuration. ___ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
Re: [OpenXPKI-users] openxpki-client socket permission denied at after upgrade from 3.20 to 3.24
Hi, > We are using docker containers. At webui.log: > > 2023/05/19 08:34:20 ERR Error creating backend client Error while writing to > socket; __EVAL_ERROR__ => I18N_OPENXPKI_CLIENT_INIT_CONNECTION_FAILED; > __ERROR__ => Permission denied, __SOCKETFILE__ => > /var/openxpki/openxpki.socket [pid=82|sid=9975] > > srwxrwx--- 1 openxpki openxpki 0 May 19 08:35 /var/openxpki/openxpki.socket > > id www-data > uid=33(www-data) gid=33(www-data) groups=33(www-data) > > At working server v.3.20 www-data is in group openxpki: > id www-data > uid=33(www-data) gid=33(www-data) groups=33(www-data),102(openxpki) > > Adding www-data to group openxpki and restarting container fixes the issue. > > Is it a bug or is it configurable somehow? > > P.S. same issue with 3.22 This is expected behavior. You need to properly configure your system with respect to Unix user and group setup as well as setting access permissions properly. The relevant configuration is located in system/server.yaml e. g. ... # Daemon settings user: openxpki group:openxpki socket_file: /var/openxpki/openxpki.socket socket_owner: apache socket_group: apache ... socket_owner and socket_group are optional but can be used to fine tune ownership and permissions. You need to configure your system in a way that the web server can read/write the socket. Other processes and users not related to OpenXPKI should be excluded from accessing the socket. cheers Martin ___ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
[OpenXPKI-users] openxpki-client socket permission denied at after upgrade from 3.20 to 3.24
Hello! We are using docker containers. At webui.log: 2023/05/19 08:34:20 ERR Error creating backend client Error while writing to socket; __EVAL_ERROR__ => I18N_OPENXPKI_CLIENT_INIT_CONNECTION_FAILED; __ERROR__ => Permission denied, __SOCKETFILE__ => /var/openxpki/openxpki.socket [pid=82|sid=9975] srwxrwx--- 1 openxpki openxpki 0 May 19 08:35 /var/openxpki/openxpki.socket id www-data uid=33(www-data) gid=33(www-data) groups=33(www-data) At working server v.3.20 www-data is in group openxpki: id www-data uid=33(www-data) gid=33(www-data) groups=33(www-data),102(openxpki) Adding www-data to group openxpki and restarting container fixes the issue. Is it a bug or is it configurable somehow? P.S. same issue with 3.22 ___ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
