php can't delete files on mounted samba share -permissions - apache

My hair is going gray (or grayer that usual) trying to solve this riddle.
running: ubuntu 12.04 LTS
I want a PHP script (executed by apache) to delete a directory with all it's containing files in a cifs mounted directory. But I get "Permission denied".
The file is created by another samba client.
I have tried and tried , all different kinds of settings, but now I need some fresh eyes
Any comment appreciated
B.R Lars
the file:
-rw-rw-rw- 1 countmaster countmaster 60897298 Sep 25 12:13 row_15.52.gz
the containing directory:
drwxrwxr-x 2 countmaster countmaster 4096 Sep 25 13:34 SYNFR1.14247NEVB.1405281044/
the server smb.conf (i've used the default with slight modifications):
[global]
server string = %h server (Samba, Ubuntu)
map to guest = Bad User
guest account = countmaster
obey pam restrictions = Yes
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
unix password sync = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
dns proxy = No
usershare allow guests = Yes
panic action = /usr/share/samba/panic-action %d
idmap config * : backend = tdb
[printers]
comment = All Printers
path = /var/spool/samba
create mask = 0700
printable = Yes
print ok = Yes
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
[share]
comment = Countmaster File Server Share
path = /nfs/countdata
read only = No
writeable =YES
create mask = 0777
force directory mode = 0755
guest ok = Yes
The client /etc/fstab:
//192.168.1.10/share /home/countserver/public_html/countdata cifs auto,users,noperm,rw,guest,exec,actimeo=0 0 0

Related

The "yarn-service" type of LLAP has stuck in accepted state

The application llap0 name with the type of "yarn-service" has stuck in the accepted state and won't running therefore the HiveServer2 Interactive could not start.
When I want to start the application by:
$ yarn app -start llap0
I got the following error:
ERROR client.ApiServiceClient: File does not exist: hdfs://NameNode-Host:8020/user/root/.yarn/services/llap0/llap0.json
how can I change the state of "yarn-service" to running?
my cluster (HDP 3.1.4) config is:
yarn.nodemanager.resource.memory-mb = 40960
yarn.scheduler.minimum.allocation-mb = 4096
yarn.scheduler.maximum.allocation-mb = 40960
hive.tez.container.size = 4096
num_llap_nodes_for_llap_daemons = 4
num_llap_nodes = 4 hive.llap.daemon.num.executors = 8
hive.server2.tez.sessions.per.default.queue = 1
hive.llap.daemon.yarn.container.mb = 36864
llap_headroom_space = 2048
llap_heap_size = 30720 hive.llap.io.memory.size = 0
tez.am.resource.memory.mb = 4096
hive.heapsize = 30720
Restrar the ResourceManager and NodeManager manually on hosts:
in Apache Ambari Go to Hosts on each Host in the Components section click on the menu for ResourceManager and NodeManager and Select Restart.

LDAP implementation

I want to implementation centralize auth using AWS Simple AD (samba). The client machine is linux based (ubuntu and amazon linux). Ony my ldap, i just creat one user (cn=test) under dc=ldap,dc=test,dc=io.
I am using sssd as the auth client from my linux machine. And here my /etc/sssd/sssd.conf :
[sssd]
config_file_version = 2
services = nss, pam
domains = LDAP
[nss]
[pam]
[domain/LDAP]
id_provider = ldap
auth_provider = ldap
ldap_schema = rfc2307
ldap_uri = ldap://ldap.test.io
ldap_default_bind_dn = dc=ldap,dc=test,dc=io
ldap_default_authtok = password01
ldap_default_authtok_type = password
ldap_search_base = dc=ldap,dc=test,dc=io
ldap_user_search_base = dc=ldap,dc=test,dc=io
ldap_group_search_base = odc=ldap,dc=test,dc=io
ldap_user_object_class = inetOrgPerson
ldap_user_gecos = cn
override_shell = /bin/bash
cache_credentials = true
enumerate = true
But, it looks like not working from the client, i didn't get the ldap user from my client (i execute this getent passwd).
And i got this error:
nss_ldap: reconnecting to LDAP server...
nss_ldap: reconnecting to LDAP server (sleeping 1 seconds)...
nss_ldap: could not search LDAP server - Server is unavailable
No passwd entry for user 'test'
Here is my reference to configure the sssd client enter link description here
Any suggestion for this case ?
Thanks
The error message you are getting is from nss_ldap, not from nss_sss. So I assume in /etc/nsswitch.conf, you configured the ldap module either on its own or before sss. If the user information is to be returned by sssd then use the sss nsswich module.
I would also recommend to not use enumerate=true unless your directory is quite small.
In /etc/nsswitch.conf be sure to have:
passwd: files sss
shadow: files sss
groups: files sss
And of course in the stack of the /etc/pam.d/system-auth-ac and /etc/pam.d/password-auth-ac you have to use the pam_sss.so library.

lsyncd doesn't respect ssh user when deleting files

We have setup lsyncd to sync data between two hosts. The ssh connection is configured to use user tomcat with the matching id_rsa identity file. For some reason a append/create on the remote works fine, but deleting doesn't work. When rsync tries to delete a file, the root user is used to connect to the destination host and not the tomcat user (which is used for create/append).
In the logs (/var/log/lsyncd/lsyncd.log) we see:
Wed Feb 15 13:48:24 2017 Normal: Rsyncing list
/test.txt
Wed Feb 15 13:48:26 2017 Normal: Finished (list): 0
Wed Feb 15 13:48:34 2017 Normal: Deleting list
/myfolder//test.txt
Received disconnect from 10.29.146.78: 2: Too many authentication failures for root
Wed Feb 15 13:48:41 2017 Normal: Retrying (list): 255
We use the below configuration (/etc/lsyncd.conf):
settings{
pidfile = "/var/run/lsyncd.pid",
statusFile = "/var/tmp/lsyncd.status",
logfile = "/var/log/lsyncd/lsyncd.log",
statusInterval = 60,
logfacility = "user",
logident = "lsyncd",
inotifyMode = "CloseWrite",
maxProcesses = 10,
}
sync {
default.rsyncssh,
source = "/myfolder/",
delete = true,
host = "remote-host",
targetdir = "/myfolder/",
excludeFrom = "/etc/lsyncd/lsyncd.exclude",
delay = 5,
rsync = {
binary = "/usr/bin/rsync",
archive = true,
owner = true,
compress = true,
_extra = { "--bwlimit=50000", "--delete-after" },
rsh = "/usr/bin/ssh -l tomcat -i /usr/share/tomcat6/.ssh/id_rsa",
}
}
As a workaround we can use a /root/.ssh/config file with:
Host remote-host
Hostname remote-host
User tomcat
IdentityFile /usr/share/tomcat6/.ssh/id_rsa
Of course we would rather not have to use this since it should work with the lsyncd.conf configuration.
We're using lsyncd version 2.1.4
The following issue on GitHub helped to me solve the same problem:
https://github.com/axkibe/lsyncd/issues/369
What I did was quite simple, I just replaced default.rsyncssh with default.rsync in lysync.conf.lua file
When using rsyncssh, one has to be careful.
The "ssh {}" configuration parameter has its own "binary", "port", "_extra". See documentation for complete list of settings.
It is a little confusing because "rsync {}" also needs to be configured. Yes, both sections need to be done.
The "ssh" section is used for delete and move events. The "rsync" section is used for file transfer.
One might avoid the confusion by using rsync instead of rsyncssh. But, you would lose the bandwidth efficiency that rsyncssh provides when files get moved.

timezone incorrect in odoo log file

In my country timezone is GMT+5.30,so I changed the timezone accordingly in preferences menu but in odoo log file the timezone is still GMT.How to change this?
Config file,
[options]
; This is the password that allows database operations:
; admin_passwd = admin
db_host = localhost
db_port = 5432
db_maxconn = 64
db_name = False
db_user = openpg
db_password = openpgpwd
addons_path = C:\Users\odooGit\addons
pg_path = C:\Program Files (x86)\OpenERP 7.0-20150922\PostgreSQL\bin
xmlrpc = True
xmlrpc_port = 8069
xmlrpcs = True
xmlrpcs_port = 8071
syslog = True
This feature isn't available in Odoo at the moment even if you set timezone to something like Africa/Lagos Odoo will use UTC time for the logs, if you're on Linux a workaround to start the odoo server with --syslog, which would uses the machine's timezone just like it does for other system logs.
so start your Odoo server like this
./odoo.py --syslog
or you can just set it in the config file with
syslog = True
Note that specifying --syslog will redirect the logs to the redirect the logs to the system log files (usually var/log/syslog), if you want a separate file, you'll have to do some extra work yourself.
if you're on Ubuntu checkout /etc/rsyslog.d/50-default.conf (rsyslogd)
if you're on CentOS which uses syslogd checkout /etc/syslog.conf

mount samba make folder unaccessible

I have created a folder and 770 it; when I try to mount a samba share, permissions are changed to 670 and I cannot access folder data; but if I "su" I can access all the data.
My command is:
sudo smbmount //192.168.1.5/docs /home/my_user/docs -o user=my_user,domain=DOMAIN,uid=my_user,gid=domain_admins
smb.conf is:
[global]
workgroup = domain
netbios name = server
server string = File Server
enable privileges = yes
interfaces = lo,eth0
bind interfaces only = Yes
passdb backend = ldapsam:ldapi://%2fvar%2frun%2fslapd%2fldapi
ldap ssl = Off
log level = 1
syslog = 0
log file = /var/log/samba/%m
max log size = 50
vfs objects = full_audit
full_audit:success = connect opendir open disconnect unlink mkdir rmdir rename
full_audit:failure = none
smb ports = 137 138 139 445
name resolve order = wins bcast hosts
time server = Yes
printcap name = CUPS
wins support = Yes
dns proxy = Yes
ldap suffix = dc=aaa,dc=bbb
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap admin dn = cn=ccc,dc=aaa,dc=bbb
map acl inherit = Yes
printing = cups
encrypt passwords = Yes
obey pam restrictions = No
ldap passwd sync = Yes
mangling method = hash2
logon script = logon.bat
logon drive = Z:
logon home =
logon path = \\192.168.1.5\profiles\%U
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
add user script = /usr/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
hide unreadable = yes
[docs]
comment = documents
path = /home/samba/shares/docs
valid users = #"users"
read list =
write list = #"users"
admin users =
read only = No
browseable = Yes
force create mode = 0660
force directory mode = 0770
vfs objects = full_audit
I solved it some time ago and forgot to post here.
My problem was my shared folder permission, it was just rw, and it should be rwx