Nominet Module stopped working...

[othellotech]

Hi,

 

Ok, I now have it signing the test file from the command line fine again...

 

Still getting the unsigned emails when using WHMCS!

 

then the httpd user and the user you're testing as are probably different

[DigitalEnigma]

Hi Rob,

 

Our httpd runs as nobody, I am logged into the server as root.

 

Having tried varying combinations of ownership of the files can you suggest what permissions I should have set?

[othellotech]

Our httpd runs as nobody, I am logged into the server as root.

 

then you'll need the config and keyrings in /home/nobody/.gnupg

nobody will need to be added to be able to access the gpg executables

then login as nobody and run the gpg commands from ssh

[DigitalEnigma]

Hi Rob,

 

Thats done the trick, strange that it was working under root before.

[othellotech]

Thats done the trick, strange that it was working under root before.

Then your webserver was running as root before

[DigitalEnigma]

Ok, not totally resolved...

 

When the daily cron runs and domain are sent for renewal the all come back as failed as they are not getting signed.

[othellotech]

When the daily cron runs and domain are sent for renewal the all come back as failed as they are not getting signed.

what user is running the cron jobs ?

[DigitalEnigma]

Hi Rob,

 

Lol, good point - think I really should take a break from looking at this.

 

The cron is currently running as the account user which would explain the problem, think I will just leave well alone and sort it tomorrow.

[CSNM-Carl]

Neil,

 

Have you managed to get your Nominet stuff working again?

[CSNM-Carl]

Seriously *something* on your setup has changed, the modules working fine.

 

*nothing* has changed with our setup/server, I really wish you would stop saying that.

 

20 years software development tells me that never does software just "stop" working without something to trigger it despite many many many attempts at users claiming otherwise. And I'm still using the module exactly as i have been since its development, if it stopped on monday, try finding every filemodifies Sunday and Monday ...

 

The problem you are seeing is permissions based, so something *has* changed...

 

can you share the output from...

find /bin/ -type f -mtime -7 -print

find /sbin/ -type f -mtime -7 -print

find /usr/bin/ -type f -mtime -7 -print

ps auxf | grep httpd

find /root/ -type f -mtime -7 -print

find /home/nobody/ -type f -mtime -7 -print

find /home/apache/ -type f -mtime -7 -print

Hi,

 

For the first 3 find commands, there is no output

 

find /bin/ -type f -mtime -7 -print

find /sbin/ -type f -mtime -7 -print

find /usr/bin/ -type f -mtime -7 -print

 

For the ps command, I believe the first 4 entries are enough to determine the user running apache:

 

[root@user /]# ps auxf | grep httpd | head -n 4

root 28178 0.0 0.9 69508 38660 ? Ss 09:36 0:16 /usr/sbin/httpd

root 3227 0.0 0.6 58852 28800 ? S 18:07 0:00 _ /usr/sbin/httpd

apache 3233 0.0 0.6 59168 29256 ? S 18:07 0:00 _ /usr/sbin/httpd

apache 6006 0.6 1.3 87364 55528 ? S 18:54 0:15 _ /usr/sbin/httpd

apache 28594 0.6 1.2 87104 53412 ? S 19:01 0:12 _ /usr/sbin/httpd

 

For find /root/ -type f -mtime -7 -print, files like .viminfo and bash_history were modified last week. I don't see the relevance of listing them.

 

For the last 2 find commands:

 

find /home/nobody/ -type f -mtime -7 -print find /home/apache/ -type f -mtime -7 -print

 

The output is that the 2 folders don't exist:

 

[root@user /]# find /home/nobody/ -type f -mtime -7 -print

find: /home/nobody/: No such file or directory [root@user /]# find /home/apache/ -type f -mtime -7 -print

find: /home/apache/: No such file or directory

 

Also we are running Plesk; not cPanel/WHM.

 

Thanks for your help.

 

C

[othellotech]

if /home/apache

doenst exist then your web user doesnt have access to gpg or the kefiles, so trying to sign as the apache user wont work

[CSNM-Carl]

if /home/apache

doenst exist then your web user doesnt have access to gpg or the kefiles, so trying to sign as the apache user wont work

 

My web user is apache, which has the home directory in /var/www, where the keys have been installed.

 

bash-3.00$ id

uid=48(apache) gid=48(apache) groups=48(apache),2523(psaserv)

 

bash-3.00$ gpg --list-key

/var/www/.gnupg/pubring.gpg

---------------------------

pub 1024D/0A6CFAF4 2007-08-23

uid TAGNAME

 

bash-3.00$ ls -la /var/www/.gnupg/

total 24

drwxr-xr-x 2 apache apache 4096 Oct 3 22:08 .

drwxr-xr-x 11 root root 4096 Aug 28 00:36 ..

-rw------- 1 apache apache 535 Aug 28 00:37 pubring.gpg

-rw------- 1 apache apache 0 Aug 28 00:37 pubring.gpg~

-rw------- 1 apache apache 600 Oct 2 18:45 random_seed

-rw------- 1 apache apache 598 Aug 28 00:37 secring.gpg

-rw------- 1 apache apache 1200 Aug 28 00:37 trustdb.gpg

 

As you can see, apache has access to the keyring and gpg.

[othellotech]

but no gpg.conf

[CSNM-Carl]

I've now got it working by copying the pg.conf into the /var/www/.gnupg/ folder.

 

Thanks for your help,

 

Carl

[othellotech]

always a pleasure

note *none* of these issues are a problem wth WHMCS or the Nominet module - i'm working on a more detailled set of instructions and debug methods anyway.

[CSNM-Carl]

Stopped working after upgrading to 3.4, not signing emails

 

Nominet/tmp folder has 777 permissions

 

All looks OK...

 

gpg.conf is there:

 

[root@server www]# ls -la .gnupg/

total 32

drwxr-xr-x 2 apache apache 4096 Oct 4 14:36 .

drwxr-xr-x 11 root root 4096 Aug 28 00:36 ..

-rw------- 1 apache apache 8075 Oct 4 08:25 gpg.conf

-rw------- 1 apache apache 535 Aug 28 00:37 pubring.gpg

-rw------- 1 apache apache 0 Aug 28 00:37 pubring.gpg~

-rw------- 1 apache apache 600 Oct 4 14:36 random_seed

-rw------- 1 apache apache 598 Aug 28 00:37 secring.gpg

-rw------- 1 apache apache 1200 Aug 28 00:37 trustdb.gpg

 

Any ideas at all?

 

Thanks,

Carl

[othellotech]

none, as not tred, or at the moment interested in a 3.4 upgrade