Diese Seite mit anderen teilen ...

Informationen zum Thema:
Forum:
WinDev Forum
Beiträge im Thema:
13
Erster Beitrag:
vor 2 Jahren, 7 Monaten
Letzter Beitrag:
vor 6 Monaten, 2 Wochen
Beteiligte Autoren:
Gus, Gus Sabina, Sascha77, Fabrice Harari, GuenterP, Mr Black, L Jack Wilson

Problem deploying a dynamic web site in Linux

Startbeitrag von Gus am 14.04.2015 16:15

Hello:
Now that I have the WebDev App.Server running on ubuntu 12.04, I would like to deploy a dynamic web site.

I checked ftp is up and running. In fact I can acces linux from a windows machine using an ftp client. So this is Ok.

In the Deployment parameters, after setting the server IP adress, Passive FTP mode, and the user accounts (both WebDev and FTP accounts) with the right passwords, I try
"Test the parameters", but it immediately finishes with this error:

INFValidating the password for WebDev account GUS with TEM57D2.tmp file
Failure opening the file/home/gus/ftp_webdev/TEM57D2.tmp Unable to open file.
System Error Details: Permission denied ERRFTP FINCGI


I can check the TEM57D2.tmp file exists in the ftp_webdev directory, but it seems it can't be read back (or something else).

It seems like it's a permission issue, but so far this is the configuration I have:

drwxr-x--- 2 gus webdevadmin 4096 Apr 14 07:55 ftp_webdev

however, the created file has a different permissions;

-rw------- 1 gus gus 34 Apr 14 07:55 TEM57D2.tmp

I tried running the command
sudo chmod g+s ftp_webdev , so created files inherit the directory permissions, but still doesn't work.

Any idea? Should the created temp files have same permissions than the directory?

The other think that comes to my attention is how WebDevAdministrator uses Capittal letters for usernames, which definitely is not allowed in Linux for user names (unless you force it).

Regardsl
Gus

Antworten:

Hi Gus

I cannot help you on the linux side at all... However this kind of error should come from the same thing in windows and linux, so I may be able to shed some light...

In the deployment process, there are several phases :
1. via ftp, upload the new installer
2. send a httprequest to the webdev server in order to tell it to take it from there and more specially
3. the webdev server TRIES to access the uploaded file, read it and basically execute it (as it is an installer)

As the test the parameters uses the same process with a very small file for validation, it seems that you have a problem on step 3, because the user running the webdev server does not have adequate permissions on the file in question.

Why and how is entirely up to you :-)

Best regards

von Fabrice Harari - am 14.04.2015 18:09
Hello Fabrice:
Thanks for the reply.

I agree. However, in my case, it seems the process gets stuck in the fist step, because it only uploads a temporary file and it stops there.

It seems the process is trying to determine if it has access to the ftp_webdev directory to upload the installation. I think it uses a temporary file to check the access. Indeed, the temporary file is there, but it seems the process can't access it or somehow it determines it has no access, and thus, the process finish with the Permission denied error.

I also tried to upload files from the FTP client from Windows, and all transferred files has the same permissions, so now I'm not sure what the Deployment process expect. I can also download the temporary files from the ftp client, so the files are indeed accessible.

Any other thoughts?
Thanks
Gus

von Gus - am 14.04.2015 18:43
Actually, after analyzing the TCP packets with wireshark, I can see that there is no issue with FTP.
The temporary file uploaded (apparently) contains the (encrypted) password for the WEBDEV account. So after this file is uploaded, the Deploy process sends the install request to the application server (step 2). This is;

GET /WD190AWP/WD190Awp.exe/INSTALL/PASSINST/TEMF2D0.tmp/GUS HTTP/1.1

and after that, the App Server replies with:

INFValidating the password for WebDev account GUS with TEMF2DO.tmp file...

And finally;

Failure opening the file /home/gus/ftp_webdev/TEMF2DO.tmp.
File system error details: Permission denied.


And after this, the Deploy process informs there is an error.

So I need to figure out why the App. Server can't open the file. I'm sure the passwords are correct, but...

Regards;
Gus

von Gus - am 14.04.2015 19:21
Gus,

In your

/home/gus

directory, try running:

chmod -R g+w ftp_webdev

so then your ls -l should give you:

drwxrwsr-x 3 gus webdevadmin 4096 Jan 10 11:13 ftp_webdev

Also, check your group membership in /etc/group, your gus account should be a member of webdevadmin group. For example, instead of "gus" I have an "ebusiness" user. The relevant lines from my /etc/group looks like:

ftpadmin:x:501:
webdevadmin:x:502:apache,ebusiness,ftpadmin
ebusiness:x:503:webdevadmin,ftpadmin

So make sure webdevadmin and your ftp user are members of your group (gus), and that apache, gus, and your ftp user are members of the webdevadmin group.

This is from a Centos 6 Linux server, but should be similar for ubuntu.

...jack

von L Jack Wilson - am 14.04.2015 20:43
Hi Gus

as I was saying, you have a problem in step 3 and it is a common permission problem when setting up a webdev server, even on windows

Best regards

von Fabrice Harari - am 14.04.2015 20:44
Hi Jack:

I have everything the same, but it still doesn't work.

Only difference is I'm running Ubuntu in a VirtualBox with Windows as a host, but it shouldn't make any difference.

Hi Fabrice:

I setup the App. Server for Windows many times, and I don't remember of having such issues...

I will continue investigating this issue.
Thank
Gus

von Gus - am 15.04.2015 03:19
Hi Gus,

i am having the same problem installing WAS on an Centos VPS. Did you ever fix that issue?`

Thanks
Sascha

von Sascha77 - am 23.04.2017 08:42
All,

just found another "how to" document posted in the google + community which helped me solving that problem. As Fabrice already suggested it´s an permission issue.

for me "chmod 775 /home/user/*" did fix my problem.

https://drive.google.com/file/d/0B3pl1w4VnPvbV21ValZ2VXBIUGM/view

cheers,
Sascha

von Sascha77 - am 23.04.2017 09:44
That document, while well intentioned, inappropriately opens up accounts and security. I wouldn't suggest those setting on any production system.

Under Centos 6.9, I find WAS goes in quite easy. Here are some key points that I use when setting up a Centos WAS server... I hope it helps others...

1. Installing a ftp server such as VSFTP is not required. WB21 has the option to use sftp, which on the Centos side, is part of OpenSSH, and will already be there on a minimal install. Sftp is more secure than FTP, and does not open up the servers to the inherent vulnerabilities associated with FTP. You may need to change one line in /etc/ssh/sshd_config and add a -u 0022 to the subsystem for sftp.

2. When copying the WAS installation to the server, just use winscp. It's more secure and can be configured with key authentication instead of passwords.

3. Make sure your Linux server host name is resolvable. Depending on how you configure your host name, and how your DNS environment works, you may need to add a entry to your local hosts. so the server can resolve it's name to itself. Best practice for Apache is to also add PTR records. If you are using Rackspace, OVH, Azure, AWS, PTR setup can be done on their services. If you are using your own servers, you will need to take care of this based on how you have DNS setup.

4. After the installation of WAS you may need to do a "usermod -a -G webdevadmin apache" to add the webdevadmin account to the apache group.. Otherwise, permissions will not be correct. chmod commands are not needed, and could potentially open up permissions inappropriately, especially on a server exposed to the internet.

5. There is a bug in the install of WAS on Centos that needs the webdevadmin added to apache group prior to installing WAS, but WAS creates the webdevadmin account. So just run the WAS install again after adding the account to the apache group so it can set up the webdevadmin account correctly.

6. Best practice is to create webdev and Linux deployment accounts for each project, rather than one account used by all projects on the server.

7. When creating the Linux deployment accounts, do a "usermod -a -G [dep.account] apache" where [dep.account] is the name you have given to your deployment account. By doing this, you never need any chmod or chown any files.. Under Centos, apache will be the default account httpd runs under. If you are using a different distribution, set to the account apache is running under..

This is some of the stuff I do on Centos. I don't suggest WAS on Centos 7 yet.. That's probably best left for WB22 and docker image support.

von Mr Black - am 07.05.2017 12:59
Hello Sascha:

Sorry I didn't see the post before...
Actually I gave up so I didn't continue on this topic as I already had the Windows version running.

Thanks for the document. I will try it again.

Regards;
Gus

von Gus Sabina - am 08.05.2017 15:24
Sascha:

Looking at the document, you say this procedure could apply any Linux distribution, even Raspberry... Are you sure the Webdev Application Server would run on ARM-based Linux?

I don't think so, but I hope I'm wrong...

Regards;
Gus

von Gus Sabina - am 08.05.2017 15:28
Hi, it runs on most (not all!) Linux distributions for x86 processors. And of course not on ARM.

von GuenterP - am 08.05.2017 15:57
Zur Information:
MySnip.de hat keinen Einfluss auf die Inhalte der Beiträge. Bitte kontaktieren Sie den Administrator des Forums bei Problemen oder Löschforderungen über die Kontaktseite.
Falls die Kontaktaufnahme mit dem Administrator des Forums fehlschlägt, kontaktieren Sie uns bitte über die in unserem Impressum angegebenen Daten.