Bug 11146

Summary: upon fresh Guardian install, configuration files not created
Product: IPFire Reporter: Rod Rodolico <rodo>
Component: ---Assignee: Stefan Schantl <stefan.schantl>
Status: CLOSED FIXED QA Contact:
Severity: Major Usability    
Priority: - Unknown - CC: michael.tremer
Version: 2   
Hardware: other   
OS: Unspecified   
Attachments: grep of http error log for this problem
Perl Script to generate a series of Unix commands to sync permissions on affected machine
bash script which does a partial recovery from the installation

Description Rod Rodolico 2016-07-16 05:38:39 UTC 
Created attachment 454 [details]
grep of http error log for this problem

Previously had stock Guardian installed from 103

unpacked as per instructions at http://planet.ipfire.org/post/introducing-guardian-2-0-for-ipfire (guardian-2.0-002.i586.tar.gz)

Attempted to go https://router:444/cgi-bin/guardian.cgi, result is blank screen

grep of /var/log/http/error.log attached as ipfire_guardian2_fail.log. Basically shows it could neither touch (create) nor edit the files. Noticed that 

[root@dd-router guardian]# ls /var/ipfire/guardian/
guardian.conf  guardian.ignore
[root@dd-router guardian]# ls -ablph
total 12K
drwxr-xr-x  2 samba  samba  4.0K Jun 29 06:23 ./
drwxr-xr-x 53 samba  samba  4.0K Jul  5 01:47 ../
-rw-r--r--  1 nobody nobody  229 Jul 15 20:01 guardian.conf
-rw-r--r--  1 nobody nobody    0 Jul 15 20:01 guardian.ignore

FIXED

[root@dd-router guardian]# touch /var/ipfire/guardian/settings
[root@dd-router guardian]# touch /var/ipfire/guardian/ignored
[root@dd-router guardian]# chown nobody:nobody /var/ipfire/guardian/ignored
[root@dd-router guardian]# chown nobody:nobody /var/ipfire/guardian/settings

NOTE:

The problem likely arises from the fact the directory was owned by samba? Is this an issue on my router, or something else. It appears the cgi is attempting to create the file if it not there (correct behavior). I'm assuming the directory was created during the previous installation of Guardian from the repository.
Comment 1 Rod Rodolico 2016-07-17 02:26:12 UTC 
Created attachment 455 [details]
Perl Script to generate a series of Unix commands to sync permissions on affected machine
Comment 2 Rod Rodolico 2016-07-17 02:29:23 UTC 
Created attachment 456 [details]
bash script which does a partial recovery from the installation

Ok, it is definitely a permissions issue, as researched by Matthias and probably others. The "installation" sets ownership of everything to user 1000, group 1000, which on my system is samba:samba.

The attached perl script, when run on another firewall, will determine the correct permissions and generate command useful for a bash script (or copy/paste) to return the system to its correct setup. The bash script is an output of the same, but one which did not have Guardian installed, so it does not fix the permissions on those directories.
Comment 3 Stefan Schantl 2016-07-18 12:32:53 UTC 
Hello Rod,

thanks for pointing this out.

The problem was an permission issue during creating the test package.

I've repacked the latest test version with correct ownership and permissions and uploaded the packages.

Just download the package again and install it the usual way.

-Stefan