Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Captive Portal unable to create (1) /var/log/nginx/portal.log - Permission Denied (2) /opt/iiab/captiveportal/users.sqlite #2168

Closed
holta opened this issue Jan 18, 2020 · 2 comments
Closed

Captive Portal unable to create (1) /var/log/nginx/portal.log - Permission Denied (2) /opt/iiab/captiveportal/users.sqlite #2168

holta opened this issue Jan 18, 2020 · 2 comments
Labels
bug question
Milestone
7.1

Comments

@holta
Copy link
Member

holta commented Jan 18, 2020
edited

@georgejhunt

1A) I've seen this on 2 different RPi 4's now, where Captive Portal appears to install (on the surface) but in fact doesn't work.

Is /opt/iiab/captiveportal/users.sqlite missing for a different (but somewhat related) reason possibly?

1B) If not exactly the same reason as Permission denied: '/var/log/nginx/portal.log' here? Likely unrelated to #2170?

root@box:~# systemctl status uwsgi-captiveportal.service
● uwsgi-captiveportal.service - uWSGI Service
   Loaded: loaded (/etc/systemd/system/uwsgi-captiveportal.service; enabled; vendor preset: enabled)
   Active: active (running) since Sat 2020-01-18 00:32:55 EST; 11min ago
 Main PID: 6398 (uwsgi)
   Status: "uWSGI is ready"
    Tasks: 3 (limit: 4035)
   Memory: 11.0M
   CGroup: /system.slice/uwsgi-captiveportal.service
           ├─6398 /usr/bin/uwsgi --ini /opt/iiab/captiveportal/captiveportal.ini
           └─6399 /usr/bin/uwsgi --ini /opt/iiab/captiveportal/captiveportal.ini

Jan 18 00:32:55 box.lan uwsgi[6398]:   File "/usr/lib/python3.7/logging/__init__.py", line 1121, in _open
Jan 18 00:32:55 box.lan uwsgi[6398]:     return open(self.baseFilename, self.mode, encoding=self.encoding)
Jan 18 00:32:55 box.lan uwsgi[6398]: PermissionError: [Errno 13] Permission denied: '/var/log/nginx/portal.log'
Jan 18 00:32:55 box.lan uwsgi[6398]: unable to load app 0 (mountpoint='') (callable not found or import error)
Jan 18 00:32:55 box.lan uwsgi[6398]: *** no app loaded. going in full dynamic mode ***
Jan 18 00:32:55 box.lan uwsgi[6398]: *** uWSGI is running in multiple interpreter mode ***
Jan 18 00:32:55 box.lan uwsgi[6398]: spawned uWSGI master process (pid: 6398)
Jan 18 00:32:55 box.lan systemd[1]: Started uWSGI Service.
Jan 18 00:32:55 box.lan uwsgi[6398]: spawned uWSGI worker 1 (pid: 6399, cores: 1)
Jan 18 00:32:55 box.lan uwsgi[6398]: Python auto-reloader enabled

  1. ./runrole captiveportal doesn't work to install /opt/iiab/captiveportal/users.sqlite even when captiveportal_installed: True is removed from /etc/iiab/iiab_state.yml and systemctl daemon-reload is run, etc.

    BUT ./iiab-install --reinstall does seem to work to install & enable Captive Portal...on a 2nd pass anyway? Any ideas why? Originally reported @ Cleanup of NGINX/Apache log file PRs #2155, #2156 & begin streamlining Munin playbook (WIP) #2158 (comment)

  2. Even though these 2 log file directories had their initial owner:group set "correctly" to www-data:www-data (& initial permissions set "correctly" to '0770') within 2-common/tasks/fl.yml#L41-L50 — these have since changed to:

    root@box:~# ls -ld /var/log/apache2/ /var/log/nginx/
drwxr-x--- 2 www-data www-data 4096 Jan 17 17:16 /var/log/apache2/
drwxr-xr-x 2 root     adm      4096 Jan 17 17:28 /var/log/nginx/

    (Presumably these ownership/permissions settings changed automatically during 3-base-server's actual install of Apache & NGINX?)

    Earlier discussions on much these same topics: logrotate daily disables captive portal after first day #2121 Separate Apache & NGINX logs... /var/log/apache2 vs /var/log/nginx ? [and AWStats followup] #2124 Cleanup of NGINX/Apache log file PRs #2155, #2156 & begin streamlining Munin playbook (WIP) #2158 (comment)
@holta holta added the bug label Jan 18, 2020
@holta holta added this to the 7.1 milestone Jan 18, 2020
@holta holta added the question label Jan 18, 2020
@holta holta changed the title Captive Portal unable to create /var/log/nginx/portal.log (Permission Denied) Captive Portal unable to create (1) /var/log/nginx/portal.log - Permission Denied (2) /opt/iiab/captiveportal/users.sqlite Jan 18, 2020
@holta holta mentioned this issue Jan 18, 2020
Merged
@jvonau
Copy link
Contributor

jvonau commented Jan 18, 2020
edited by holta

Chat excerpt:

Jerry: why does a non-nginx (standalone) program log to a nginx owned directory? Think a better place for CP [Captive Portal] to store its logs would be /opt/iiab/captiveportal being the easiest or /var/log/captiveportal requiring creation of the directory.
Tim: never said should go to nginx. only that ownership can be changed to solve permissions
would prefer var/logs

related #2121
This logging worked under apache as CP was called by apache as a cgi-bin. Today CP is started via a systemd file as a standalone program.

Chat excerpt:

Jerry: The issue I see with CP logging to nginx is logrotate knows nothing about CP being active and should be restarted/reloaded after the logs are moved by logrotate, have a look at other stock files in /etc/logrotate.d/. I see that httpd-prerotate looks to be the place to add CP restart but correcting the log location and adding a correct logrotate file for CP would be preferred.

This was referenced Jan 18, 2020
Closed
Closed
@jvonau jvonau mentioned this issue Jan 19, 2020
Merged
@holta holta mentioned this issue Jan 19, 2020
Open
@holta
Copy link
Member Author

holta commented Jan 23, 2020
edited

Related to #2070

Solved by PRs #2171 #2185

@holta holta closed this as completed Jan 23, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug question
Projects
None yet
Milestone
7.1
Development

No branches or pull requests
2 participants
@holta @jvonau