Hi Guys, I`m not sure if this is an bug, or is normal. After a fresh install, i make one user for ftp. The user was able to access his ftp and make directories by filezila on his /. Then for test i enable for same account an login to ssh (without quota on, i mean -1 on his limit), so his directory get new folders: bin cgi-bin dev etc... And now the user cant make directories using ftp or ssh, this is an bug? Normal Behavior? I need set something else? I`m on Debian 6 ISPConfig 3.0.4.6
While the user ssh exists, as root i cant change the / structure too Was trying install group-office which requires and folder on user /, and as user just get Permission Denied on ssh or ftp client. Then i logged on server as root and made the dir, but, the dir wasnt avaliable on user / So i removed the ssh login and like an magic the folder poped Note: I did the ssh login enabling Jailkit since manual sayed is more secure, this behavior is normal? I mean, for every user which i enable ssh, they gonna loose the permission to write on they / directory?
Yes. The folders in the jail are required by jailkit. Yes, otherwise jailkit would not work, the / of a jail has to be owned by root. But you should not put any files in / anyway, better make a new subdirecory in the web / like /private and put your private files there.
As private you mean set the the sub directories as 770? I noticed 2 softwares which requires one private directory inside of / moodle group-office My last question is about "rollback", on the situation of my description, ISPConfig should revert the jail right? Since i deleted the ssh access (deleted the login instead disable user) there no reason for keep the files/folders for ssh right? I`m still on tests of installations, in the end i will post my findings. Then i will focus on my sasl (from another post) problem, but one thing per time Thanks in advice.
No, I men to create a new directory with the name "private" That directory will be availabe in 3.0.5 by default. No, the jail shall not be reverted. The reason is that ispconfg can not detect if a application of thsi web still uses a file in one of these folders or if the user or admin has placed a file there.
Ah got it, there any special permission to set, or when an directory named "private" Apache make him hide from internet? By the way there any estimated date for the release of 3.0.5? Worrying if i would wait an little more for see if the new release dont gonna have the bug i got with sasl (http://www.howtoforge.com/forums/showthread.php?t=58390) after try both setups, multiple servers and one dedicated server
Example for permissions: Domain: example.tld Web user: web1 Client group: client1 The commands to create the directory for this example are: mkdir /var/www/domain.tld/private chown web1:client1 /var/www/domain.tld/private chmod 770 /var/www/domain.tld/private This ensures that the content in the private directory is only readable by user and group of the website (so the folder is readable by FTP, ssh and the php scripts to include content from there as required by the cms systems you mentioned above). This folder will be automatically created in the next ispconfig release and you can create it with the above commands in 3.0.4.6 manually. The above thread is about a config problem on your server and not a general bug in ISPConfig. I run all my servers on Debian 6, none of it has a problem with sasl and there are no reported bugs about deban 6 and sasl in the bugtracker while there are ten thousands of servers with this software combination installed, so the problem must be related to the server misconfiguration on that server if you see it from a statistical standpoint. The guide you followed as you tried to fix it is for Ubuntu Linux and not Debian and the Ubuntu problem was already solved some time ago, so does not apply to recent ispconfig versions anyway. Which perfects etup guide did you follow to install your server and did youfollow the guide to the letter? As a side note, I would recommend to use Dovecot and not courier for new servers. On deoveot servers, sasl is not even required, it is used only for courier.
Thank you for the step by step!!! I see now why my tests was doing the things get messed, i was chown www-data:www-data thinking this is default command, now i see my syntax was wrong No doubt you know how setup things better then me, so for you is almost impossible have any problem on your servers, but, i`m noob learning about linux, and how the things wok on this side. If you ask me something about MSSQL i can help, since i work with MSSQL, but out of MSSQL world i`m noob. I followed this guide: http://www.howtoforge.com/perfect-server-debian-squeeze-with-bind-and-dovecot-ispconfig-3 Tried the manual also. On multiple server i added spamav / jailkit on all other servers too, the only differ. I tried mix some parts too, example: fresh install with ssh, fresh install without ssh, and dindt worked also. But on this part: I think you discovered the problem source, i checked on ISPConfig pannel and is using Dovecot, so my guess is somehow the setup let courier enabled. Then the service is runing looking for something and making the error about sasl There an guide for i change this? Thanks
The setup you used uses dovecot which is fine and ispconfig recognized it correctly as well, so sasl is not required and should not be in use. Maybe the base linux system that you used had courier or another sasl based setup installed. Please post the content of the postfix main.cf file and the output of: netstat -tap | grep pop
this is the output: tcp 0 0 *op3 *:* LISTEN 2454/pop3-login tcp 0 0 *op3s *:* LISTEN 2454/pop3-login Should have the program runing? and the file: The log from ISPConfig:
There must be a wrong pop3 dameon riúnning on your server, on a debian system with dovecot you should see a output similar to this one: Code: tcp 0 0 *:pop3s *:* LISTEN 15256/dovecot tcp 0 0 *:pop3 *:* LISTEN 15256/dovecot What kind of image did you use as basis for your install? Was it a debian minimal image or was it a lamp image or similar install from your provider which had a controlpanel or mailserver installed? The main.cf looks fine, but maybe postfux is not even running as you have a wrong pop server too. Please post the output of the commands: netstat -tap | grep smtp and the output of: ls /etc/init.d/
the output: I downloaded this one, found the link grayed: http://cdimage.debian.org/debian-cd/6.0.5/amd64/bt-dvd/debian-6.0.5-amd64-DVD-1.iso.torrent Should i download again? There any special version for i get? On setup i followed the guide Only basic tools when asked
The debian install cd is fine, no need to download it again. Postfix is also running. Please run: /etc/init.d/postfix restart /etc/init.d/dovecot restart cat /dev/null > /var/lig/mail.log and then try to send a email with your mail client again and afterwards post the mail.log file.
here the log: If i understand right, my ip now is blocked and yahoo dont gonna accept mails from my ip? On this line: Isnt to be something like TLS or any encryption method?
I see some curious after check the file list on this link: http://cdimage.debian.org/debian-cd/6.0.5/amd64/list-dvd/debian-6.0.5-amd64-DVD-1.list.gz There this package: libsasl2-2_2.1.23.dfsg1-7_amd64.deb BUT, dont have any cyrus package... Neither dovecot On this link with an update version: http://cdimage.debian.org/debian-cd/6.0.5/amd64/list-dvd/debian-update-6.0.5-amd64-DVD-1.list.gz There this packages: dovecot-common_1.2.15-7_amd64.deb dovecot-dbg_1.2.15-7_amd64.deb dovecot-dev_1.2.15-7_amd64.deb dovecot-imapd_1.2.15-7_amd64.deb dovecot-pop3d_1.2.15-7_amd64.deb cyrus-admin-2.2_2.2.13-19+squeeze3_all.deb cyrus-clients-2.2_2.2.13-19+squeeze3_amd64.deb cyrus-common-2.2_2.2.13-19+squeeze3_amd64.deb cyrus-dev-2.2_2.2.13-19+squeeze3_amd64.deb cyrus-doc-2.2_2.2.13-19+squeeze3_all.deb cyrus-imapd-2.2_2.2.13-19+squeeze3_amd64.deb cyrus-murder-2.2_2.2.13-19+squeeze3_amd64.deb cyrus-nntpd-2.2_2.2.13-19+squeeze3_amd64.deb cyrus-pop3d-2.2_2.2.13-19+squeeze3_amd64.deb libcyrus-imap-perl22_2.2.13-19+squeeze3_amd64.deb I`m downloading the update version now for test if this would be the problem Since you asked about the version and now after notice this differ, i`m guessing should be some issue with pre-compiled packages. One question, i will start install everything from scratch again, when shared softwares (like horde mail) ask for domain mail admin, what i should use? I need make an mail account inside ISCPConfig like [email protected]? And use this account fot authenticate pop and smtp as owner of the server? I mean for example, in the paramenters to be setted on horde groupware. When people using they own domains log inside of horde, they mail will be sended by they domain like [email protected] or you be with my domain [email protected]? For clients installing like wordpress, they need set an account for admin too so?
All packages get downloaded from debian servers during install over the network, they dont hace to be on the dvd. REgarrding your question about horde, I dont use this software, so I cant tell you if this has to be a special email address. I guess it should be enough that the email address exists.
