Change Domain Name, possible bug

Hello Virtualmin Support!

We've run across an issue with 'Change Domain Name' -- I think we're blocked in correcting the issue by the fix you put in place for this one:
https://www.virtualmin.com/node/29866

The issue is that a site owner changed their domain name, which we can't allow in our implementation -- not a big issue there, they changed it back -- but they couldn't change the administration user name back to the original site account owner, because it already exists.

It appears that changing the 'administration user name' does not change anything about the actual administration user account on the system, in our case. Nor does it appear to create a new one, just changes the configuration of the domain in the panel to point to a user that doesn't exist. The site still works, is owned by the administration user and group properly, but Virtualmin backups don't work since it's trying to use credentials for a user which doesn't exist.

There are work-arounds that we've thought about -- such as changing the webmin user manually when the site's admin username is changed, or just updating the mappings in /etc/webmin/virtual-servers/user.dom and /etc/webmin/virtual-servers/domains/<domain UID>, but those didn't seem to be the best first idea in our production environment; didn't want to risk it on experimentation.

I'm not sure I've been very clear -- please let me know if not!

Thanks,
~james

Status: 
Active

Comments

Having the domain's expected username not match the actual Unix user seems like a big problem. Did you get into this state when you tried a domain name change, and it failed part way through?

Assigned: ยป Unassigned

Yep, there was an error reported -- one of the resellers logged in as the site account owner to change the domain name (and admin user, and whatnot). Webmin the webmin action log shows the error (which was Webmin login failed! : Failed to rename user : subtree rename not supported at /usr/libexec/webmin/web-lib-funcs.pl line 1397.):

--
In domain utw10462.utweb.utexas.edu
Changing domain name to danatheo.utweb.utexas.edu ..
Changing administration user to danatheo ..
Modifying administration user ..
.. done
Modifying administration group ..
.. done

Updating mailbox users ..
.. done

Changing username in website configuration ..
.. done

Changing hostname of virtual website ..
.. done

Changing username in SSL website configuration ..
.. done

Changing hostname of SSL virtual website ..
.. done

Re-generating self-signed SSL certificate ..
.. done

Updating log file path in Logrotate configuration ..
.. done

Updating user and group in Logrotate configuration ..
.. done

Renaming MySQL user ..
.. done

Changing administration group for MySQL database files ..
.. done

Renaming Webmin user ..
.. Webmin login failed! : Failed to rename user : subtree rename not supported at /usr/libexec/webmin/web-lib-funcs.pl line 1397.

Updating paths in script database ..
.. done

Updating Webmin user ..
.. done

Applying web server configuration ..
.. done

Re-loading Webmin ..
.. done

Saving server details ..
.. done

Ok, that subtree rename not supported error is probably the cause. Are you using MySQL or LDAP to store your Webmin logins?

all unix users are stored in a shared LDAP. I can tell that the username didn't change in LDAP, though it did in panel config files.

So it looks like the underlying issue is that renaming the Webmin user failed because your LDAP server doesn't support subtree renames. Which LDAP server and version do you have Webmin connected to?

Well, I think what happened was that the user who changed the site names did a couple in quick succession, didn't let one finish before changing another -- one of the sites he did this to did get the user name changed -- and the group names changed without issue, too.

We're using sssd and nscd to connect to an openldap server: sssd.x86_64 1.12.4-47.el6_7.4
nscd.x86_64 2.12-1.166.el6_7.3

openldap-servers.x86_64 2.4.40-7.el6_7 sssd-ldap.x86_64 1.12.4-47.el6_7.4

...I think that works pretty well, just something got out of sync due to...ah, eager user tricks.

The main problem at the moment is that we can't change the configured admin user back to the real-and-existing username via the interface, and would like advice on how to get the panel-configured admin user back to the actual unix user which owns the site.

Wait, so this does work as long as two renames aren't being done at the same time?

The fix to get Virtualmin back in sync with the actual username is to edit the file /etc/webmin/virtual-server/domains/XXX (where XXX is the domain's unique ID) and replace all occurrances of the wrong username with the right one.

Yep, indeed I think that's the case -- I'll fix that file, thank you!