Reposting from https://www.virtualmin.com/node/54308 (feel free to remove the other thread as duplicate)
Hello,
I am experiencing the following behavior.
I renamed a virtual server and selected the options to automatically rename the admin user, home dir and group.
After changing the domain name, the group quotas for that domain weren't matching the actual usage so I searched the entire system for files owned by that group and found that the /var/lib/mysql directory and all of its subdirectories had the group changed to the new group name for that particular domain (I guess originally it should be "mysql").
As a test, I changed again the name for that domain and lo and behold, the /var/lib/mysql directory had again the group changed recursively to the virtual domain group.
Additional information:
1) The particular virtual server has no email enabled and when changing the name I saw the following message in the printout:
. Mail for domain failed! : mysql::execute_sql_logged failed : SQL set password for [...] failed : Can't find any matching row in the user table at ../web-lib-funcs.pl line 1433.
2) Operating system Debian Linux 8 Webmin version 1.860 Virtualmin version 6.01.gpl-3
Comments
Submitted by nobody on Mon, 11/13/2017 - 07:43 Comment #1
Additionally, it appears that new virtual domains also cause now the related directory in var/lib/mysql to inherit the new domain group (instead of having the mysql group as one would expect).
Submitted by JamieCameron on Mon, 11/13/2017 - 22:28 Comment #2
The sub-directories under /var/lib/mysql for the domain's databases actually should have the domain's group owner - this is so that disk space used is correctly accounted to the domain's quota.
Submitted by nobody on Tue, 11/14/2017 - 04:31 Comment #3
Hi Jamie,
thank you for your reply. It makes sense to have the domain groups associated to the individual mysql directories for quota computations (although I wonder if read-only permissions could be sufficient).
From looking at other older installations, it seems to me this feature is relatively new because in the older installations all subdirectories of /var/lib/mysql appear to still have the "mysql" group. Was this feature introduced within the last 6 months or so?
The main issue mentioned above of changing a domain name and incorrectly associating recursively the group of the changed domain to /var/lib/mysql is then hopefully a bug introduced with this new feature (I was worried the server had been compromised, hence the "hopefully").
Thanks again.
Submitted by Kintaro on Sat, 01/20/2018 - 11:09 Comment #4
Debian 8 Virtualmin 6 (upgraded from 5.x)
I noticed this today.
I got a mysql error and when I
ls -lhmy /var/lib/mysql I noticed that the groups where set as a "renamed" virtualserver username.I also noticed that the only one db directory with the right group ownership is related to a virtualserver configured to connect to the DB by SOCKET (fcgid).
I don't know when the ownership of those files was set and if before renaming the virtualserver they had the previous virtualserver username as a group owner.
p.s. I don't think that the problem I got was related to this, but I confirm that the behavior is real. :D
Submitted by JamieCameron on Sat, 01/20/2018 - 13:34 Comment #5
So, files for domain databases under /var/lib/mysql should be owned by the group for the domain.
Kintaro - are you saying that then renaming that files are still owned by the old group?
Submitted by Kintaro on Mon, 01/22/2018 - 03:00 Comment #6
That user/group was deleted some days ago and during the delete, it gave me the error published here: https://github.com/virtualmin/virtualmin-gpl/issues/40
but I don't know when the group permission was set
Group permission to that group was set to ALL the file inside
/var/lib/mysql/, like:-rw-rw---- 1 mysql oldgroup 16K gen 20 18:44 aria_log.00000001-rw-rw---- 1 mysql oldgroup 52 gen 20 18:44 aria_log_control
-rw-r--r-- 1 mysql oldgroup 0 apr 23 2016 debian-10.0.flag
-rw-r--r-- 1 mysql oldgroup 0 gen 11 12:27 debian-10.1.flag
-rw-rw---- 1 mysql oldgroup 82M gen 20 19:16 ibdata1
-rw-rw---- 1 mysql oldgroup 48M gen 20 19:16 ib_logfile0
-rw-rw---- 1 mysql oldgroup 48M gen 20 17:04 ib_logfile1
-rw-rw---- 1 mysql oldgroup 0 apr 23 2016 multi-master.info
drwx------ 2 mysql oldgroup 4,0K lug 2 2016 mysql
-rw------- 1 mysql oldgroup 15 lug 2 2016 mysql_upgrade_info
drwx------ 2 mysql oldgroup 4,0K lug 2 2016 performance_schema
drwx------ 2 mysql oldgroup 4,0K apr 23 2016 phpmyadmin
-rw-rw---- 1 mysql oldgroup 343M gen 20 19:11 vps271622-slow.log
Submitted by JamieCameron on Tue, 01/23/2018 - 00:39 Comment #7
So this domain that was deleted - did it have any MySQL databases to start with?
In the output from https://github.com/virtualmin/virtualmin-gpl/issues/40 , I don't see any MySQL deletion listed.
Submitted by Kintaro on Tue, 01/23/2018 - 11:38 Comment #8
Yes, but if I remember correctly I disassociate it before deleting it. (sorry for the poor domain name choice!)
I just created provaprovaprova.it, then I renamed it to provaprovaprovaold.it:
Changing domain name to provaprovaprovaold.it ..
Changing administration user to provaprovaprovaold ..
Changing home directory to auto ..
Modifying administration user ..
.. done
Modifying administration group ..
.. done
Moving home directory ..
.. done
Updating users ..
.. done
Changing domain name in Nginx configuration ..
.. done
Changing home directory in Nginx configuration ..
.. done
Renaming Nginx log files ..
.. done
Renaming Nginx configuration file ..
.. done
Changing user PHP server runs as ..
.. done
Updating log file path in Webalizer configuration ..
.. done
Updating home directory in Webalizer configuration ..
.. done
Updating domain name in Webalizer configuration ..
.. done
Updating username in Webalizer configuration ..
.. done
Updating log file path in Logrotate configuration ..
.. done
Updating home directory in Logrotate configuration ..
.. done
Updating user and group in Logrotate configuration ..
.. done
Renaming MySQL user ..
.. done
Changing administration group for MySQL database files ..
.. done
Updating protected web directories ..
.. done
Renaming Webmin user ..
.. done
Updating paths in script database ..
.. done
Updating Webmin user ..
.. done
Applying Nginx configuration ..
.. done
Restarting PHP-FPM server ..
.. failed : Starting php5-fpm (via systemctl): php5-fpm.serviceJob for php5-fpm.service failed. See 'systemctl status php5-fpm.service' and 'journalctl -xn' for details. failed!
Re-loading Webmin ..
.. done
Saving server details ..
.. done
After that
/var/lib/mysqlit self and all its subdirectories and files got usergroup permission to provaprovaprovaold.godlo@vps271622:~$ sudo ls -lh /var/lib/mysql/totale 522M
drws--S--- 2 mysql provaprovaprovaold 4,0K set 28 13:10 eeeee
-rw-rw---- 1 mysql provaprovaprovaold 16K gen 20 18:44 aria_log.00000001
-rw-rw---- 1 mysql provaprovaprovaold 52 gen 20 18:44 aria_log_control
-rw-r--r-- 1 mysql provaprovaprovaold 0 apr 23 2016 debian-10.0.flag
-rw-r--r-- 1 mysql provaprovaprovaold 0 gen 11 12:27 debian-10.1.flag
drws--S--- 2 mysql provaprovaprovaold 4,0K ott 30 12:49 vvvvv
drws--S--- 2 mysql provaprovaprovaold 4,0K dic 19 18:12 vvvvv_invoiceplane
drws--S--- 2 mysql provaprovaprovaold 36K lug 25 10:03 uuuuuuuu
drws--S--- 2 mysql provaprovaprovaold 4,0K apr 23 2016 rrrrrr
drws--S--- 2 mysql provaprovaprovaold 24K apr 27 2016 rrrrrr_infiera_xenforo
drws--S--- 2 mysql provaprovaprovaold 4,0K dic 18 12:26 rrrrrr_invoiceninja
drws--S--- 2 mysql provaprovaprovaold 4,0K ott 5 19:03 rrrrrr_invoiceplane
drws--S--- 2 mysql provaprovaprovaold 4,0K mag 24 2016 rrrrrr_vanilla
-rw-rw---- 1 mysql provaprovaprovaold 82M gen 23 17:54 ibdata1
-rw-rw---- 1 mysql provaprovaprovaold 48M gen 23 17:54 ib_logfile0
-rw-rw---- 1 mysql provaprovaprovaold 48M gen 23 17:54 ib_logfile1
drws--S--- 2 mysql provaprovaprovaold 36K dic 13 2016 wwww
drws--S--- 2 mysql provaprovaprovaold 28K gen 23 17:13 wwww_test
-rw-rw---- 1 mysql provaprovaprovaold 0 apr 23 2016 multi-master.info
drwx------ 2 mysql provaprovaprovaold 4,0K lug 2 2016 mysql
-rw------- 1 mysql provaprovaprovaold 15 lug 2 2016 mysql_upgrade_info
drwx------ 2 mysql provaprovaprovaold 4,0K lug 2 2016 performance_schema
drwx------ 2 mysql provaprovaprovaold 4,0K apr 23 2016 phpmyadmin
drws--S--- 2 mysql provaprovaprovaold 4,0K apr 27 2016 yyyyyyy
drws--S--- 2 mysql provaprovaprovaold 20K gen 20 16:59 yyyyyyy_test
-rw-rw---- 1 mysql provaprovaprovaold 24K gen 20 18:44 tc.log
drws--S--- 2 mysql provaprovaprovaold 4,0K mag 2 2016 xxxxx
drws--S--- 2 mysql provaprovaprovaold 36K gen 20 18:41 xxxxx_xenforo
drws--S--- 2 mysql provaprovaprovaold 36K ago 10 17:41 xxxxx_xf15test
drws--S--- 2 mysql provaprovaprovaold 36K gen 22 14:38 bbbbbb
-rw-rw---- 1 mysql provaprovaprovaold 343M gen 23 17:50 vps271622-slow.log
Then I deleted provaprovaprovaold.it:
Deleting mail aliases ..
.. done
Deleting Webmin login ..
.. done
Deleting MySQL database provaprovaprova ..
.. done
Deleting MySQL login ..
.. done
Disabling log file rotation ..
.. done
Deleting scheduled Webalizer reporting ..
.. done
Removing Nginx virtual host ..
.. done
Deleting Nginx webserver log files ..
.. done
Deleting home directory ..
.. done
Deleting administration user ..
.. Administration user failed! : Failed to open /home/chroot/151672602729085/etc/passwd for writing : No such file or directory at /usr/share/webmin/web-lib-funcs.pl line 1445.
Deleting server details for provaprovaprovaold.it ..
.. done
Restarting PHP-FPM server ..
.. done
Re-loading Webmin ..
.. done
Applying Nginx configuration ..
.. done
and the provaprovaprovaold is still available as a group in the groups list (provaprovaprovaold user it's been deleted).
Submitted by JamieCameron on Tue, 01/23/2018 - 23:42 Comment #9
Can you confirm that if you fix the ownership of files under
/var/lib/mysql, that they only get set wrong when the rename happens?Submitted by Kintaro on Wed, 01/24/2018 - 05:02 Comment #10
Yes, I confirm that.
I fixed the ownership of
/var/lib/mysqland its sub-directories some days ago and nothing changed until I tested the rename (yesterday) to provide more info to you.Submitted by JamieCameron on Thu, 01/25/2018 - 00:49 Comment #11
OK, well in the next Virtualmin release I have added some additional protection to the code to prevent this from happening.
Submitted by IssueBot on Thu, 10/11/2018 - 20:07 Comment #12
Automatically closed - issue fixed for 2 weeks with no activity.