Reseller backup

[MtK]

Hey,
I had a client/user which I converted into reseller using:
now every time the reseller makes a backup he gets a lot of errors:

User reseller_user has been backed up.
Unable to write /home/reseller_user/user_backups/tester1/backup/test1.com/email/passwd : Unable to get Lock on file


Error reading /home/reseller_user/user_backups/tester1/backup/test1.com/domain.conf to insert local_domain & private_html_is_link: Unable to open /home/reseller_user/user_backups/tester1/backup/test1.com/domain.conf for reading.

Error writing /home/reseller_user/user_backups/tester1/backup/apache_owned_files.list : Unable to open file for writing

Error Compressing the backup file /home/reseller_user/user_backups/tester1/backup/home.tar.gz : /bin/tar: /home/reseller_user/user_backups/tester1/backup/home.tar.gz: Cannot open: Permission denied
/bin/tar: Error is not recoverable: exiting now
/bin/tar: Child returned status 2

gzip: stdout: Broken pipe
/bin/tar: Error exit delayed from previous errors



Unable to write /home/reseller_user/user_backups/test_user2/backup/test2.com/email/passwd : Unable to get Lock on file


Error reading /home/reseller_user/user_backups/test_user2/backup/test2.com/domain.conf to insert local_domain & private_html_is_link: Unable to open /home/reseller_user/user_backups/test_user2/backup/test2.com/domain.conf for reading.

Error writing /home/reseller_user/user_backups/test_user2/backup/apache_owned_files.list : Unable to open file for writing

Error Compressing the backup file /home/reseller_user/user_backups/test_user2/backup/home.tar.gz : /bin/tar: /home/reseller_user/user_backups/test_user2/backup/home.tar.gz: Cannot open: Permission denied
/bin/tar: Error is not recoverable: exiting now
/bin/tar: Child returned status 2
/bin/tar: Error exit delayed from previous errors

gzip: stdout: Broken pipe

(user names and domain names were replaced)


IMPORTANT: the admin backup works just fine...

 

[DirectAdmin Support]

Hello,

Make sure that /home/reseller_user/user_backups is chowned to reseller_user, eg:

chown reseller_user:reseller_user /home/reseller_user/user_backups

John

 

[MtK]

it is chowned to reseller_user, and it also has some tar.gz's of it's child users...

 

[MtK]

it is chowned to reseller_user, and it also has some tar.gz's of it's child users...

other ideas?

 

[ben29]

you can run set permission script by directadmin

cd /usr/local/directadmin/scripts/
./set_permission.sh all

or you can do chown -R for this dir:

chown -R reseller_user:reseller_user /home/reseller_user
chmod 777 /home/reseller_user

 

[MtK]

you can run set permission script by directadmin

or you can do chown -R for this dir:

I've already mentioned the owner and permissions of this reseller are correctly set.

 

[MtK]

I've already mentioned the owner and permissions of this reseller are correctly set.

This continues to happen on more than one server, for more than one reseller.

the common between those resellers they were all users "upgraded" to be resellers with the (built-in) script user_to_reseller.sh (!).

this is clearly a bug, but any ideas how to solve this before I recreate those users/resellers and start moving data...?

 

[DirectAdmin Support]

Hello,

Thanks for the updated information.
That sounds like it's the permissions from the secure_access_group.
The script is not making the required changes to respect the requirements of the secure_access_group settings.
On Resellers, it should be:
/home/reseller reseller:reseller 711
/home/reseller/domains reseller:access 750
/home/reseller/user_backups reseller:reseller 711

I'll update the script with these values.

John

 

[DirectAdmin Support]

FYI, for anyone who needs this now, I inserted the following code into the user_to_reseller.sh script:

SAG=`/usr/local/directadmin/directadmin c | grep secure_access_group | cut -d= -f2`
if [ "$SAG" != "" ]; then
        if [ "$SAG" != '(null)' ]; then
                #must be set to something, and not null, thus on.
                chown /home/$1 $1:$1
                chmod /home/$1 711
                chown /home/$1/domains $1:${SAG}
                chmod 750 /home/$1/domains
        fi
fi

just before the line:

echo "Re-configuring DirectAdmin files."

John

 

[MtK]

Hello,

Thanks for the updated information.
That sounds like it's the permissions from the secure_access_group.
The script is not making the required changes to respect the requirements of the secure_access_group settings.
On Resellers, it should be:
/home/reseller reseller:reseller 711
/home/reseller/domains reseller:access 750
/home/reseller/user_backups reseller:reseller 711

I'll update the script with these values.

John

Thanks!

I'm just curios, why should this be different from the 'regular' user...?

FYI, for anyone who needs this now, I inserted the following code into the user_to_reseller.sh script:

SAG=`/usr/local/directadmin/directadmin c | grep secure_access_group | cut -d= -f2`
if [ "$SAG" != "" ]; then
        if [ "$SAG" != '(null)' ]; then
                #must be set to something, and not null, thus on.
                chown /home/$1 $1:$1
                chmod /home/$1 711
                chown /home/$1/domains $1:${SAG}
                chmod 750 /home/$1/domains
        fi
fi

just before the line:

echo "Re-configuring DirectAdmin files."

John

it'd be nice to have a 'fixing script' for all those users that were already converted to resellers...

 

[DirectAdmin Support]

Hello,

It's different for Admins/Resellers because of the backup folders.
Users do actually have read access on their backup files, within their creator's home folder.
But they don't have access on other Users (tar.gz files are 640, I believe, and chown creator:user)

Another quick way to trigger the reset of all secure_access_group permissions is to run:

echo "action=rewrite&value=secure_access_group" >> /usr/local/directadmin/data/task.queue

but isn't a per-User setting. It will set it correctly for all accounts, which is sometimes not desired if there are customizations done on the home directories for some Users (perhaps a custom permission/ownership was done). If no such customization was done, then you'll be safe to run it. The above script changes were done so that it's more surgical, instead of the "fix everyone" method that the task.queue version does.

John

 

[SeLLeRoNe]

John does we need to manually edit that script or will be updated on next release automatically?

Regards

 

[DirectAdmin Support]

It will be in the next release automatically. The above is just for anyone who wants it now.

John

 

[MtK]

It will be in the next release automatically. The above is just for anyone who wants it now.

John

Great, thanks!
this reminds me, to try and push the "user_to_reseller" button on the UI...
(you've added a feature request for this)

 

[MtK]

                chown /home/$1 $1:$1
                chmod /home/$1 711
                chown /home/$1/domains $1:${SAG}
                chmod 750 /home/$1/domains

shouldn't this be:

                chown $1:$1 /home/$1
                chmod 711 /home/$1
                chown $1:${SAG} /home/$1/domains
                chmod 750 /home/$1/domains

?

 

[DirectAdmin Support]

Yes, thanks. That was backwards. Script updated.

John

 

[MtK]

Yes, thanks. That was backwards. Script updated.

John

you're welcome.

btw, running these commands manually does solve the problem for me (without having to recreate the reseller or move domains/user between resellers)...