No Permission! Error

BravoStore · Post by **BravoStore** » 12 Mar 2014, 06:30

Came into work today and suddenly older tickets in my system are producing a No Permission! error:

System Log:
Tue Mar 11 12:28:59 2014 notice OTRS-CGI-10 Permission denied (UserID: 2 'ro' on TicketID: 2000)!
Tue Mar 11 12:28:59 2014 error OTRS-CGI-10 Need QueueID!
Tue Mar 11 12:28:59 2014 error OTRS-CGI-10 No such TicketID (2000)!
Tue Mar 11 12:28:59 2014 error OTRS-CGI-10 No such TicketID (2000)!

Note that UserID: 2 is an admin. Part of the admin group. There aren't any front end group permissions that he doesn't have.

I've spent the entire day changing SetPermissions.pl script. I restarted apache and MySQL several times. MySQL shows that the database IS still there..and there are many tickets that we DO still have access to.

I cannot determine why we no longer have access to certain tickets. There do not appear to be any other threads which discuss this particular issue, and any others that have reported it do not give a step-by-step about how it was resolved.

Where should I check next? Please help.

Post by **crythias** » 12 Mar 2014, 06:38

> No such TicketID (2000)!
there is no such ticket ID that has a value of 2000

> Need QueueID!
Even if ticketID existed, which apparently it does not, it is also not presenting a QueueID

> Permission denied (UserID: 2 'ro' on TicketID: 2000)!
Probably the least of the issues mentioned above.

BravoStore · Post by **BravoStore** » 12 Mar 2014, 08:22

crythias wrote:> No such TicketID (2000)!
there is no such ticket ID that has a value of 2000

> Need QueueID!
Even if ticketID existed, which apparently it does not, it is also not presenting a QueueID

> Permission denied (UserID: 2 'ro' on TicketID: 2000)!
Probably the least of the issues mentioned above.

I am using ticket links which I am certain exist. Their links are present in previous emails which were sent by the system before the "No Permission!" error started presenting itself. I'm wondering if it is not a matter of existing, because I know they once did, but a matter of permissions or access to them.

What could be the cause of all current/open tickets being available, but all Closed tickets before today disappearing out of the database? UserID 'ro' - Do I need to give this user more access to the database somehow? Do I need to mess with the SetPermissions.pl script?

Where should I look next?

jojo · Post by **jojo** » 12 Mar 2014, 08:54

check and repair all mysql tables. just suddenly in IT never happens such a thing without a change or crash before!

Also you are using a very old OTRS version and you should upgrade to the latest one

Post by **crythias** » 12 Mar 2014, 08:58

Jojo's right. You're looking at database tables crashing. Maybe you were out of space ...

BravoStore · Post by **BravoStore** » 12 Mar 2014, 17:51

Here is a copy of the system log - to me it seems that someone created a Generic Agent, and used it to purge tickets from the system.. Is there any way that the system can do this on it's own? Could it do this if it was out of space? Or was this all manual?

I have placed in bold the relevant lines.

Mar 10 19:37:58 OTRS OTRS-CGI-10[13392]: [Notice][Kernel::System::Auth::DB::Auth] User: cdickstein authentication with wrong Pw!!! (REMOTE_ADDR: 10.11.128.142)
Mar 10 19:37:58 OTRS kernel: type=1400 audit(1394505478.292:10592): avc: denied { getattr } for pid=13392 comm="httpd" key=44442310 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=shm
Mar 10 19:37:58 OTRS kernel: type=1400 audit(1394505478.292:10593): avc: denied { read } for pid=13392 comm="httpd" key=44442310 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=shm
Mar 10 19:37:58 OTRS kernel: type=1400 audit(1394505478.292:10594): avc: denied { read } for pid=13392 comm="httpd" path=2F535953563032613632326336202864656C6574656429 dev=tmpfs ino=131076 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:user_tmpfs_t:s0 tclass=file
Mar 10 19:37:58 OTRS kernel: type=1400 audit(1394505478.292:10595): avc: denied { write } for pid=13392 comm="httpd" key=44442310 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=shm
Mar 10 19:37:58 OTRS kernel: type=1400 audit(1394505478.292:10596): avc: denied { write } for pid=13392 comm="httpd" path=2F535953563032613632326336202864656C6574656429 dev=tmpfs ino=131076 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:user_tmpfs_t:s0 tclass=file
Mar 10 19:38:44 OTRS OTRS-CGI-10[13057]: [Notice][Kernel::System::Auth::DB::Auth] User: cdickstein authentication ok (REMOTE_ADDR: 10.11.128.142).
Mar 10 19:38:44 OTRS OTRS-CGI-10[13057]: [Notice][Kernel::System::AuthSession::DB::RemoveSessionID] Removed SessionID 104ba0d028a4e8e582574e26ae1fe532a4.
Mar 10 19:38:44 OTRS OTRS-CGI-10[13057]: [Notice][Kernel::System::AuthSession::DB::RemoveSessionID] Removed SessionID 105bae1de8b159a0307ab26adab91b2556.
Mar 10 19:38:44 OTRS OTRS-CGI-10[13057]: [Notice][Kernel::System::AuthSession::DB::RemoveSessionID] Removed SessionID 10af0c981b3282603a5d93433229d3cf2c.
Mar 10 19:39:48 OTRS OTRS-CGI-10[13056]: [Notice][Kernel::System::GenericAgent::JobAdd] New GenericAgent job 'Test' added (UserID=2).
Mar 10 19:40:01 OTRS OTRS-GenericAgent-10[14464]: [Notice][Kernel::System::GenericAgent::JobRun] Run GenericAgent Job 'MoveIntoCallCenter' from db.
Mar 10 19:40:01 OTRS OTRS-GenericAgent-10[14464]: [Notice][Kernel::System::GenericAgent::JobRun] Run GenericAgent Job 'PendingAutoClose' from db.
Mar 10 19:44:10 OTRS OTRS-CGI-10[13123]: [Notice][Kernel::System::GenericAgent::JobDelete] GenericAgent job 'Test' deleted (UserID=2).
Mar 10 19:44:10 OTRS OTRS-CGI-10[13123]: [Notice][Kernel::System::GenericAgent::JobAdd] New GenericAgent job 'Test' added (UserID=2).
Mar 10 19:44:39 OTRS OTRS-CGI-10[13056]: [Notice][Kernel::System::GenericAgent::JobRun] Run GenericAgent Job 'Test' from db.

the generic agent has parameters to purge almost the entire database, then it runs…The list goes on here for about 2000+ entries…

Mar 10 19:44:39 OTRS OTRS-CGI-10[13056]: [Notice][Kernel::System::GenericAgent::_JobRunTicket] Delete Ticket (1010001/1).
Mar 10 19:44:39 OTRS OTRS-CGI-10[13056]: [Notice][Kernel::System::GenericAgent::_JobRunTicket] Delete Ticket (2013082710000026/100).
Mar 10 19:44:40 OTRS OTRS-CGI-10[13056]: [Notice][Kernel::System::GenericAgent::_JobRunTicket] Delete Ticket (2013112610000138/1000).
Mar 10 19:44:40 OTRS OTRS-CGI-10[13056]: [Notice][Kernel::System::GenericAgent::_JobRunTicket] Delete Ticket (2013112610000147/1001).
Mar 10 19:44:40 OTRS OTRS-CGI-10[13056]: [Notice][Kernel::System::GenericAgent::_JobRunTicket] Delete Ticket (2013112610000156/1002).
Mar 10 19:44:40 OTRS OTRS-CGI-10[13056]: [Notice][Kernel::System::GenericAgent::_JobRunTicket] Delete Ticket (2013112610000165/1003).
Mar 10 19:44:40 OTRS OTRS-CGI-10[13056]: [Notice][Kernel::System::GenericAgent::_JobRunTicket] Delete Ticket (2013112710000011/1004).
Mar 10 19:44:40 OTRS OTRS-CGI-10[13056]: [Notice][Kernel::System::GenericAgent::_JobRunTicket] Delete Ticket (2013112710000029/1005).
Mar 10 19:44:40 OTRS OTRS-CGI-10[13056]: [Notice][Kernel::System::GenericAgent::_JobRunTicket] Delete Ticket (2013112710000038/1006).
Mar 10 19:44:40 OTRS OTRS-CGI-10[13056]: [Notice][Kernel::System::GenericAgent::_JobRunTicket] Delete Ticket (2013112710000047/1007).
Mar 10 19:46:00 OTRS OTRS-CGI-10[13056]: [Notice][Kernel::System::GenericAgent::_JobRunTicket] Delete Ticket (2013112610000129/999).
Mar 10 19:47:17 OTRS kernel: type=1400 audit(1394506037.477:10597): avc: denied { unlink } for pid=12993 comm="httpd" name="5b71bc880281b1775a98e3ffa2461d7b" dev=dm-0 ino=3146026 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:usr_t:s0 tclass=file
Mar 10 19:47:17 OTRS kernel: type=1400 audit(1394506037.489:10598): avc: denied { create } for pid=12993 comm="httpd" name="2bfc377a6e46aa01b9f74fd7e47ca9fb" scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:usr_t:s0 tclass=file
Mar 10 19:47:17 OTRS kernel: type=1400 audit(1394506037.489:10599): avc: denied { write } for pid=12993 comm="httpd" name="2bfc377a6e46aa01b9f74fd7e47ca9fb" dev=dm-0 ino=3146025 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:usr_t:s0 tclass=file
Mar 10 19:47:17 OTRS kernel: type=1400 audit(1394506037.489:10600): avc: denied { setattr } for pid=12993 comm="httpd" name="2bfc377a6e46aa01b9f74fd7e47ca9fb" dev=dm-0 ino=3146025 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:usr_t:s0 tclass=file
Mar 10 19:50:01 OTRS OTRS-GenericAgent-10[14517]: [Notice][Kernel::System::GenericAgent::JobRun] Run GenericAgent Job 'MoveIntoCallCenter' from db.
Mar 10 19:50:01 OTRS OTRS-GenericAgent-10[14517]: [Notice][Kernel::System::GenericAgent::JobRun] Run GenericAgent Job 'PendingAutoClose' from db.
Mar 10 19:50:11 OTRS OTRS-CGI-10[13122]: [Notice][Kernel::System::GenericAgent::JobDelete] GenericAgent job 'Test' deleted (UserID=2).
Mar 10 19:50:46 OTRS OTRS-CGI-10[13031]: [Notice][Kernel::System::AuthSession::DB::RemoveSessionID] Removed SessionID 10fa79148aeaedb3a70beea0ac9029ea16.
Mar 10 20:00:01 OTRS OTRS-GenericAgent-10[14555]: [Notice][Kernel::System::GenericAgent::JobRun] Run GenericAgent Job 'MoveIntoCallCenter' from db.
Mar 10 20:00:01 OTRS OTRS-GenericAgent-10[14555]: [Notice][Kernel::System::GenericAgent::JobRun] Run GenericAgent Job 'PendingAutoClose' from db.

Post by **crythias** » 12 Mar 2014, 18:21

A job was created to delete tickets.

jojo · Post by **jojo** » 12 Mar 2014, 23:04

by the user with id 2

Znuny Open Source Ticketsystem

No Permission! Error

No Permission! Error

Re: No Permission! Error

Re: No Permission! Error

Re: No Permission! Error

Re: No Permission! Error

Re: No Permission! Error

Re: No Permission! Error

Re: No Permission! Error