SetPermissions Issue.....

[jeffbourassa]

I am working on upgrading an old 3.2.6 OTRS installation.

Moving to a new server, testing the upgrade process.

I have duplicated the 3.2.6 setup on the new target server, and going through the upgrade process to test updating to 3.3.9 (and 3.3.14) before going to 4.x.

We are running on a Ubuntu server setup, with /opt/otrs being the otrs home folder. When I run SetPermissions as root during the upgrade process I am unable to access the /opt/otrs folder following running the script:

Here is the CLI sequence:

Code: Select all

administrator@pgc-eadmin:/opt/otrs$ ls
ARCHIVE     COPYING              INSTALL.md          README.webserver.md  var
AUTHORS.md  COPYING-Third-Party  Kernel              RELEASE
bin         Custom               README.database.md  scripts
CHANGES.md  doc                  README.md           UPGRADING.md

OK here, can run ls, ready have copied the Config.pm, etc to the new otrs folder, old folder archived, etc.

Code: Select all

administrator@pgc-eadmin:/opt/otrs$ sudo bin/otrs.SetPermissions.pl --otrs-user=otrs --web-user=www-data --otrs-group=www-data --web-group=www-data /opt/otrs
bin/otrs.SetPermissions.pl - set OTRS file permissions
Copyright (C) 2001-2014 xxx, http://otrs.com/
Setting permissions on /opt/otrs
Setting permissions on /opt/otrs/var
Setting permissions on /opt/otrs/bin/*
Setting permissions on /opt/otrs/scripts/
Setting permissions on /opt/otrs/Kernel/Config.pm

OK, looks good, SetPermissions.pl ran, then.....

Code: Select all

administrator@pgc-eadmin:/opt/otrs$ ls
ls: cannot open directory .: Permission denied
administrator@pgc-eadmin:/opt/otrs$

Now I cannot access the /opt/otrs folder


Am stumped, I have tried with 3.3.14 as well, same result, also as 3.2.6 I can run the SetPermissions.pl script no issues.


Any ideas?


Thanks

Jeff

[jojo]

administrator is not root, so why should this user have access? (Basic Linux knowledge issue...)

[jeffbourassa]

Thanks, we are running:

sudo bin/otrs.SetPermissions.pl --otrs-user=otrs --web-user=www-data --otrs-group=www-data --web-group=www-data /opt/otrs

sudo runs the command as root...



Jeff

[jojo]

your

Code: Select all

ls

was not using sudo

[jeffbourassa]

Thanks for responding. I don't think you are following my issue though:

Code: Select all

administrator@pgc-eadmin:/opt$ sudo /opt/otrs/bin/otrs.SetPermissions.pl --otrs-user=otrs --web-user=www-data --otrs-group=www-data --web-group=www-data /opt/otrs
bin/otrs.SetPermissions.pl - set OTRS file permissions
Copyright (C) 2001-2014 xxx, http://otrs.com/
Setting permissions on /opt/otrs
Setting permissions on /opt/otrs/var
Setting permissions on /opt/otrs/bin/*
Setting permissions on /opt/otrs/scripts/
Setting permissions on /opt/otrs/Kernel/Config.pm
administrator@pgc-eadmin:/opt$ cd otrs
-bash: cd: otrs: Permission denied
administrator@pgc-eadmin:/opt$

Following running the setPermissions for 339, the /opt/otrs folder permissions are no longer valid - on 326 this runs fine and does not lock me out, only running the SetPermissions in my test 3.3.9 or 3.3.14 do I get the messed up permissions.

After running I get:

Code: Select all

administrator@pgc-eadmin:/opt$ ls -l
total 28
drwxrwsr-x 5 otrs www-data 4096 Jan  1  2015 article.326
drwxr-x--- 8 otrs www-data 4096 Sep  2 11:30 otrs
drwxrwxr-x 8 1002 www-data 4096 Nov 13  2014 otrs_326
drwxr-xr-x 7 root root     4096 Sep  2 10:32 otrs_326_noarticle
drwxr-xr-x 8 root root     4096 Sep  2 09:43 otrs_339
drwxr-xr-x 2 root root     4096 Nov 23  2014 otrs_tmp
drwxr-xr-x 6 root root     4096 Nov 12  2014 teamviewer9
administrator@pgc-eadmin:/opt$

from this, clearly the otrs folder permission are messed up, after running the SetPermission.pl script. The otrs_326 folder is my backup copy of a working 3.2.6 build.

[jojo]

the permissions are correct. Owner is otrs. group is www-data, Other is not allowed to acces the folder. As your administrator user is not member of the www-data group he has no access.

Everything as designed

[jeffbourassa]

Thanks, I will do some further testing. I suspect that the SetPermission.pl in 3.3.9 and higher is more restricted and locks the installation down much tighther than 3.2.6.

If I elevate to root, using "sudo -i" I can view the otrs folder as expected.

Thanks



Jeff

[jojo]

yes, there where some security improvements