DanPearson Absent Member.
Absent Member.
4391 views

iFolder 3.8 data store on NSS volume

I have an OES 2 SP2 linux server running iFolder 3.8. It is running fine but the current native root volume is running low on disk space and I have a large NSS volume available. I've searched but not found the details of how to configure the NSS volume as an iFolder data store. When I try to add the folder in the web admin, I get an error stating I have to set the owner and group to 'apacheuser' and 'apachegroup' but I can't set that on an NSS folder. I assume it's a permission issue but can someone please tell me exactly how to set it?

Thanks,
Dan
Labels (1)
Tags (1)
0 Likes
13 Replies
Knowledge Partner
Knowledge Partner

Re: iFolder 3.8 data store on NSS volume

The only thing I could find (quickly) was this in the NCS clustering section, but I would imagine it would basically apply to a NON-Clustered NSS setup as well:

Novell Documentation

Step 2c
0 Likes
DanPearson Absent Member.
Absent Member.

Re: iFolder 3.8 data store on NSS volume

Okay, I created a wwwrun user and a www group in eDir. I LUM enabled them and added the user to the group. I entered the rights command at the terminal prompt but I still get an error when trying to add the data store. Am I missing something?

Thanks,
Dan
0 Likes
aferris Absent Member.
Absent Member.

Re: iFolder 3.8 data store on NSS volume

Well what exactly is the error? If the permissions are still wrong then you'll see errors in /var/log/ifolder3/adminweb.log saying that it can't write to the path and nobody will be able to log in. But the rights command has it's own error messages. And I think if your OES server has LUM enabled then it will create unique wwwrun and the other objects in the same context as the server objects upon creation/LUM enabling. At least that's what happened when I recently built an OES iFolder server from scratch.

Andrew
0 Likes
aferris Absent Member.
Absent Member.

Re: iFolder 3.8 data store on NSS volume

Just to clarify the objects (wwwrun user and www group) get created by default when OES is installed with the pre-reqs for iFolder (or perhaps iManager as they're web accounts). Oh and the 3.8.4 Admin Guide has the rights command towards the bottom of section 6.2.1 (Installing and Configuring iFolder Services). The same was true for 3.7 docs.

Andrew
0 Likes
DanPearson Absent Member.
Absent Member.

Re: iFolder 3.8 data store on NSS volume

aferris;2061858 wrote:
Well what exactly is the error? If the permissions are still wrong then you'll see errors in /var/log/ifolder3/adminweb.log saying that it can't write to the path and nobody will be able to log in. But the rights command has it's own error messages. And I think if your OES server has LUM enabled then it will create unique wwwrun and the other objects in the same context as the server objects upon creation/LUM enabling. At least that's what happened when I recently built an OES iFolder server from scratch.

Andrew


When I click Add in the Data Store screen I get the following popup: "Important: The owner and group for the DataPath on the server must be set to apacheuser:apachegroup. This is mandatory to create or sync iFolders on this volume."

When I click Ok, I get this message at the top of the screen, "Error: Full Path specified is invalid, please check and re-enter."

I looked in the log file and it doesn't show any errors. When I entered the rights command I didn't get any errors. I think LUM is enabled; I can go into LUM settings in iManager but the wwwrun user wasn't there, I added it and LUM enabled it (although it doesn't have the LUM tab). How can I tell if LUM is running correctly?

Thanks,
Dan
0 Likes
aferris Absent Member.
Absent Member.

Re: iFolder 3.8 data store on NSS volume

The quick way is to try logging in as the account you want to test. For example:

[ifolder_server]:~ # su wwwrun
wwwrun@[ifolder_server]:/root>

is a success.

What are the permissions on the NSS volume (i.e. owner & group) from the CLI? Remember that eDirectory accounts (users & groups) should have unique names and not match any local accounts too.

Andrew
0 Likes
DanPearson Absent Member.
Absent Member.

Re: iFolder 3.8 data store on NSS volume

aferris;2062197 wrote:
The quick way is to try logging in as the account you want to test. For example:

[ifolder_server]:~ # su wwwrun
wwwrun@[ifolder_server]:/root>

is a success.

What are the permissions on the NSS volume (i.e. owner & group) from the CLI? Remember that eDirectory accounts (users & groups) should have unique names and not match any local accounts too.

Andrew


I'm really confused. I'm new to the whole Linux thing and don't understand all the interaction between linux and edirectory and LUM stuff. When I enter su wwwrun from the root command prompt nothing happens--it still shows the root prompt. If I switch to another user and do it, it asks for a password (which I don't know). I thought I was supposed to create a user with a matching name in edir. I don't understand how the linux user is connected to the edir user.

If I look at the permissions of the folder in linux it shows root. The edir user I created has permissions to the folder.

Thanks for your help,
Dan
0 Likes
DanPearson Absent Member.
Absent Member.

Re: iFolder 3.8 data store on NSS volume

aferris;2062197 wrote:
The quick way is to try logging in as the account you want to test. For example:

[ifolder_server]:~ # su wwwrun
wwwrun@[ifolder_server]:/root>

is a success.

What are the permissions on the NSS volume (i.e. owner & group) from the CLI? Remember that eDirectory accounts (users & groups) should have unique names and not match any local accounts too.

Andrew


OK, I've researched this some more. I read the following TID:
Troubleshooting Linux User Management - Step by step
Everything goes okay to the point where I do an ID XXXX which comes back no such user. I restarted the services and checked the message log and have the following:

Jan 6 16:21:00 foilinux /usr/sbin/namcd[7620]: Starting namcd..
Jan 6 16:21:00 foilinux /usr/sbin/namcd[7620]: namcd populating the user hash tables
Jan 6 16:21:00 foilinux /usr/sbin/namcd[7620]: User profile file cannot be opened/does not exist
Jan 6 16:21:00 foilinux /usr/sbin/namcd[7620]: Failed to populate user hash tables from file, namcd populating the hash tables from eDir
Jan 6 16:21:00 foilinux /usr/sbin/namcd[7620]: populate_userHash_fromNDS:insertGidListintHash not success
Jan 6 16:21:00 foilinux /usr/sbin/namcd[7620]: No user entries in e-Dir
Jan 6 16:21:00 foilinux /usr/sbin/namcd[7620]: namcd populating group hash tables
Jan 6 16:21:00 foilinux /usr/sbin/namcd[7620]: Group profile file cannot be opened/does not exist
Jan 6 16:21:00 foilinux /usr/sbin/namcd[7620]: Populating group hash from file failed, namcd populating group hash tables from eDir
Jan 6 16:21:00 foilinux /usr/sbin/namcd[7620]: addOutOfBaseContextUsersToList: insertGidListintHash not success
Jan 6 16:21:00 foilinux /usr/sbin/namcd[7620]: addOutOfBaseContextUsersToList: insertGidListintHash not success
Jan 6 16:21:00 foilinux /usr/sbin/namcd[7620]: namcd Populated hash tables
Jan 6 16:21:00 foilinux /usr/sbin/namcd[7620]: Created all the threads
Jan 6 16:21:14 foilinux /usr/sbin/namcd[7620]: getPwdbyName: gid = -1

There seem to be some issues, but I'm not sure where to go from here to get them resolved.

Thanks,
Dan
0 Likes
aferris Absent Member.
Absent Member.

Re: iFolder 3.8 data store on NSS volume

Well iFolder runs under Apache so it runs as what Apache runs as. This isn't root - for security reasons - but your datastore folder is owned by root and you can't login with your eDir account so that's certainly not helping. The reason you need to make sure there aren't matching local and eDir account names is that if there's a local matching one then the eDir one will never be used. My iFolder file storage directory (actually all of ifFlder since I'm only using NSS) has the following local permissions: wwwrun:root.

LUM (an iFolder on OES pre-req) sorts out the use of eDir accounts so that's what you'll have to verify is set up correctly to use the NSS volume. I can't claim to be a LUM expert so please look at the documentation. The basics are make sure your eDir user is in either the Unlix/Linux context or the UNIX workastation (server) context so that it's LUM-enabled. Also make sure your LDAP admin account is correct to read your tree. My iFolder server's LUM config is nothing fancy as that's all it is doing so it it just has basic values as wwwrun doesn't need ftp or ssh access for example. I hope that helps and if you can't get this to work then bear in mind a reiser or ext3 volume doesn't require an eDir trustee.

Andrew
0 Likes
DanPearson Absent Member.
Absent Member.

Re: iFolder 3.8 data store on NSS volume

Thanks for the info. I have a couple things going on. First, LUM doesn't seem to be working. I went through all the Troubleshooting LUM steps to 15 and everything was okay til I tried the id username and that failed (see other post). Assuming I get that working I'm still confused about the users. Apache uses wwwrun right? Does it matter what edir user is given rights to the folder? How does it know what edir user to use? If it's using wwwrun, how does that user get access to the nss folder?

Dan
0 Likes
aferris Absent Member.
Absent Member.

Re: iFolder 3.8 data store on NSS volume

"ps aux | grep httpd" will tell you what Apache is running as. It might not matter which eDir user but you'll have use the rights command to grant that user the right it will need. wwwrun can be given local system rights if LUM is working and LUM handles the eDir to POSIX(local) part.

Andrew
0 Likes
Knowledge Partner
Knowledge Partner

Re: iFolder 3.8 data store on NSS volume

aferris;2062308 wrote:
"ps aux | grep httpd" will tell you what Apache is running as. It might not matter which eDir user but you'll have use the rights command to grant that user the right it will need. wwwrun can be given local system rights if LUM is working and LUM handles the eDir to POSIX(local) part.

Andrew


Apache on OES2 runs as wwwrun, yes.

What I find odd/puzzling is that the docs state one thing, but it seems when the OP used the GUI he got a pop-up listing a DIFFERENT userid/group (that conflicts with what the online docs state to use).

So I find that to be one problem (which is right/correct? The docs or the pop-up?)

Although in this case I think the bigger problem is that LUM isn't working properly.
0 Likes
Knowledge Partner
Knowledge Partner

Re: iFolder 3.8 data store on NSS volume

"error stating I have to set the owner and group to 'apacheuser' and 'apachegroup' but I can't set that on an NSS folder. I assume it's a permission issue but can someone please tell me exactly how to set it?"

At bit late, but for the lurkers... set them to www and wwwrun. It seems to be a typo in the UI and it has been reported.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.