Some problem with VM PRO

7 posts / 0 new
Last post
#1 Tue, 09/16/2008 - 04:04
alessice

Some problem with VM PRO

Hello,

I installed Virtualmin PRO on CentOS 5, but I found some problems, one small , but another serious.

The small is the in the template, when you log-in like a reseller, image for "Change Password" and "Bandwidth Graph" are not displayed. This is because in HTML image are named:

<div class='linkwithicon'><img src='images/pass.png' alt=''> <div class='aftericon'><a href='/virtual-server/edit_pass.cgi' target=right>Change Password</a></div></div> <div class='linkwithicon'><img src='images/bw.png' alt=''> <div class='aftericon'><a href='/virtual-server/bwgraph.cgi' target=right>Bandwidth Graph</a></div></div>

This is because the images are called differently on the server,
these few commands solve the problem

[root@virtualmin1 images]# pwd /usr/libexec/webmin/virtual-server-theme/images [root@virtualmin1 images]# cp -a pass.gif pass.png [root@virtualmin1 images]# cp -a bw.gif bw.png

The serious problem is this: if an users delete, accidentally or intentionally, the directory logs/ in his /home , during restarting httpd (for example by adding a new virtual-server) httpd is unable to restart.

How is it that has happened this problem? Thanks

Tue, 09/16/2008 - 04:13
alessice

An example:

[root@virtualmin1 test.com]# pwd
/home/test.com
[root@virtualmin1 test.com]# ls -la
total 68
drwxr-x--- 11 test.com test.com 4096 Sep 16 17:08 .
drwxr-xr-x 33 root root 4096 Sep 15 18:28 ..
drwxr-xr-x 2 test.com test.com 4096 Sep 3 19:57 awstats
-rw-r--r-- 1 test.com test.com 26 Sep 3 19:57 .awstats-htpasswd
-rw------- 1 test.com test.com 64 Sep 16 17:10 .bash_history
-rw-r--r-- 1 test.com test.com 33 Sep 3 19:57 .bash_logout
-rw-r--r-- 1 test.com test.com 176 Sep 3 19:57 .bash_profile
-rw-r--r-- 1 test.com test.com 124 Sep 3 19:57 .bashrc
drwxr-x--- 2 test.com test.com 4096 Sep 3 19:57 cgi-bin
drwxr-xr-x 4 test.com test.com 4096 Sep 3 19:57 etc
drwxr-xr-x 2 test.com test.com 4096 Sep 3 19:57 fcgi-bin
drwxr-xr-x 2 test.com test.com 4096 Sep 3 19:57 homes
drwxr-x--- 2 test.com test.com 4096 Sep 14 04:02 logs
drwx------ 5 test.com test.com 4096 Sep 3 19:57 Maildir
drwxr-x--- 2 test.com test.com 4096 Sep 3 19:57 public_html
drwxr-x--- 2 test.com test.com 4096 Sep 3 19:57 tmp
[root@virtualmin1 test.com]# ls -la logs/
total 24
drwxr-x--- 2 test.com test.com 4096 Sep 14 04:02 .
drwxr-x--- 11 test.com test.com 4096 Sep 16 17:08 ..
-rw-r--r-- 1 apache apache 0 Sep 14 04:02 access_log
-rw-r--r-- 1 apache apache 20 Sep 14 04:02 access_log.1.gz
-rw-r--r-- 1 apache apache 20 Sep 7 04:02 access_log.2.gz
-rw-r--r-- 1 apache apache 0 Sep 14 04:02 error_log
-rw-r--r-- 1 apache apache 20 Sep 14 04:02 error_log.1.gz
-rw-r--r-- 1 apache apache 20 Sep 7 04:02 error_log.2.gz
-rwx------ 1 root root 0 Sep 3 19:57 .nodelete
[root@virtualmin1 test.com]# cp -a logs/ logs-TEST
[root@virtualmin1 test.com]# su test.com
sh-3.2$ id
uid=513(test.com) gid=514(test.com) groups=514(test.com)
sh-3.2$ pwd
/home/test.com
sh-3.2$ ls -la
total 72
drwxr-x--- 12 test.com test.com 4096 Sep 16 17:12 .
drwxr-xr-x 33 root root 4096 Sep 15 18:28 ..
drwxr-xr-x 2 test.com test.com 4096 Sep 3 19:57 awstats
-rw-r--r-- 1 test.com test.com 26 Sep 3 19:57 .awstats-htpasswd
-rw------- 1 test.com test.com 64 Sep 16 17:10 .bash_history
-rw-r--r-- 1 test.com test.com 33 Sep 3 19:57 .bash_logout
-rw-r--r-- 1 test.com test.com 176 Sep 3 19:57 .bash_profile
-rw-r--r-- 1 test.com test.com 124 Sep 3 19:57 .bashrc
drwxr-x--- 2 test.com test.com 4096 Sep 3 19:57 cgi-bin
drwxr-xr-x 4 test.com test.com 4096 Sep 3 19:57 etc
drwxr-xr-x 2 test.com test.com 4096 Sep 3 19:57 fcgi-bin
drwxr-xr-x 2 test.com test.com 4096 Sep 3 19:57 homes
drwxr-x--- 2 test.com test.com 4096 Sep 14 04:02 logs
drwxr-x--- 2 test.com test.com 4096 Sep 14 04:02 logs-TEST
drwx------ 5 test.com test.com 4096 Sep 3 19:57 Maildir
drwxr-x--- 2 test.com test.com 4096 Sep 3 19:57 public_html
drwxr-x--- 2 test.com test.com 4096 Sep 3 19:57 tmp
sh-3.2$ ls -la logs
total 24
drwxr-x--- 2 test.com test.com 4096 Sep 14 04:02 .
drwxr-x--- 12 test.com test.com 4096 Sep 16 17:12 ..
-rw-r--r-- 1 apache apache 0 Sep 14 04:02 access_log
-rw-r--r-- 1 apache apache 20 Sep 14 04:02 access_log.1.gz
-rw-r--r-- 1 apache apache 20 Sep 7 04:02 access_log.2.gz
-rw-r--r-- 1 apache apache 0 Sep 14 04:02 error_log
-rw-r--r-- 1 apache apache 20 Sep 14 04:02 error_log.1.gz
-rw-r--r-- 1 apache apache 20 Sep 7 04:02 error_log.2.gz
-rwx------ 1 root root 0 Sep 3 19:57 .nodelete
sh-3.2$ rm -fr logs/
sh-3.2$ ls -la
total 68
drwxr-x--- 11 test.com test.com 4096 Sep 16 17:12 .
drwxr-xr-x 33 root root 4096 Sep 15 18:28 ..
drwxr-xr-x 2 test.com test.com 4096 Sep 3 19:57 awstats
-rw-r--r-- 1 test.com test.com 26 Sep 3 19:57 .awstats-htpasswd
-rw------- 1 test.com test.com 64 Sep 16 17:10 .bash_history
-rw-r--r-- 1 test.com test.com 33 Sep 3 19:57 .bash_logout
-rw-r--r-- 1 test.com test.com 176 Sep 3 19:57 .bash_profile
-rw-r--r-- 1 test.com test.com 124 Sep 3 19:57 .bashrc
drwxr-x--- 2 test.com test.com 4096 Sep 3 19:57 cgi-bin
drwxr-xr-x 4 test.com test.com 4096 Sep 3 19:57 etc
drwxr-xr-x 2 test.com test.com 4096 Sep 3 19:57 fcgi-bin
drwxr-xr-x 2 test.com test.com 4096 Sep 3 19:57 homes
drwxr-x--- 2 test.com test.com 4096 Sep 14 04:02 logs-TEST
drwx------ 5 test.com test.com 4096 Sep 3 19:57 Maildir
drwxr-x--- 2 test.com test.com 4096 Sep 3 19:57 public_html
drwxr-x--- 2 test.com test.com 4096 Sep 3 19:57 tmp
sh-3.2$ exit
[root@virtualmin1 test.com]# /etc/init.d/httpd restart
Stopping httpd: [ OK ]
Starting httpd: [FAILED]
[root@virtualmin1 test.com]# tail /var/log/httpd/error_log
[...]
(2)No such file or directory: httpd: could not open error log file /home/test.com/logs/error_log.
Unable to open logs
[root@virtualmin1 test.com]# mv logs-TEST/ logs
[root@virtualmin1 test.com]# /etc/init.d/httpd restart
Stopping httpd: [FAILED]
Starting httpd: [ OK ]
[root@virtualmin1 test.com]#

Tue, 09/16/2008 - 21:41 (Reply to #2)
alessice

Is not more simple set &quot;root&quot; as the owner of logs/ like this:

[root@virtualmin1 test.com]# ls -lh
total 76K
drwxr-xr-x 2 test.com test.com 4.0K Sep 17 10:01 awstats
drwxr-x--- 2 test.com test.com 4.0K Sep 3 19:12 cgi-bin
drwxr-xr-x 4 test.com test.com 4.0K Sep 3 19:12 etc
drwxr-xr-x 2 test.com test.com 4.0K Sep 3 19:12 fcgi-bin
drwxr-xr-x 2 test.com test.com 4.0K Sep 3 19:12 homes
drwxr-x--- 2 root test.com 4.0K Sep 14 04:02 logs
drwx------ 5 test.com test.com 4.0K Sep 3 19:12 Maildir
drwxr-x--- 19 test.com test.com 4.0K Sep 11 13:07 public_html
drwxr-x--- 2 test.com test.com 44K Sep 17 10:32 tmp

Ok, we can enable &quot;Enable logging via program&quot; but why not make virtualmin more secure by default?

With the configuration I proposed there may be problems?

Thanks

Wed, 09/17/2008 - 03:32 (Reply to #3)
andreychek

Howdy,

The problem in your example above is that while the user who owns &quot;test.com&quot; can't delete the logs directory, then can rename it.

If you log in as test.com, you can do:

mv logs logs.old

That will cause Apache to break, without the logs program.

You'll have to ask Joe or Jamie about the reason it doesn't default to that :-)
-Eric

Thu, 09/18/2008 - 09:42 (Reply to #4)
Joe
Joe's picture

Users cannot remove logs directories regardless of ownership or use of &quot;logging via program&quot;. There is a root-owned hidden file contained within the directory.

The only threat is users that move the directory, which is not something we can prevent without putting logs into a location outside of the users home (or logging via a program). We don't really want to put logs outside of the users home, as we think usability is just better having everything in one place (which is why homes and domains are in subdirectories of the users home, as well--it'd be possible to do it differently, but I think it'd be slightly more confusing).

--

Check out the forum guidelines!

Wed, 09/17/2008 - 23:02 (Reply to #5)
alessice

andreychek, you are absolutely right.

The only way is to enable &quot;Enable logging via program&quot;.

Thanks.

Tue, 09/16/2008 - 04:20
andreychek

Howdy,

That's an odd issue you're seeing with the images. I'd file a bug report regarding that (the link is at the bottom of this page, named &quot;Bugs and Issues&quot;).

Regarding the logs directory, you're completely correct. I had run into that on my system at one point too.

The way to handle that is to enable handling the logs via a program (which tests on the directory first, and won't cause Apache to fail).

If you log into Virtualmin, click System Settings -&gt; Server Templates -&gt; Default -&gt; Apache website -- you'll see &quot;Write logs via program?
(Handles missing log directory)&quot;.

That of course only enables it for new domains, so you can use enable-writelogs.pl for changing existing domains:

http://www.virtualmin.com/documentation/id,virtualmin_api_enable_writelogs/

To change all of them, I believe you'd use:

enable-writelogs.pl --all-domains

Topic locked