Results 1 to 10 of 10

Thread: Upgrade from 4.5.10 to 5.0.0b3 broke permissions

  1. #1
    toolcaserp is offline Active Member
    Join Date
    Nov 2007
    Posts
    30
    Rep Power
    7

    Exclamation Upgrade from 4.5.10 to 5.0.0 RC2 broke permissions

    I have upgraded from 4.5.10 to 5.0.0 RC2.

    I love the beta!

    The Installer though.... Not so much.

    What I am seeing is a whole lot of files are now owned by root instead of zimbra.
    This was first noticed because our SSL stuff quit working.
    This is the long directory listing for the /opt/zimbra/ssl/ssl directory before:

    [zimbra@zimbox ssl]$ ls -l zimbra/ssl/ssl/
    total 56
    -rw-r----- 1 zimbra zimbra 1731 Oct 29 17:37 MAIL1.TOOLCASE.COM.crt
    -rw-r----- 1 zimbra zimbra 1239 Oct 29 17:58 MAIL1.TOOLCASE.COM.der
    drwx------ 2 zimbra zimbra 4096 Sep 27 23:55 ca
    drwx------ 2 zimbra zimbra 4096 Sep 27 23:55 cert
    -rw-r----- 1 zimbra zimbra 694 Oct 29 10:37 commercial.csr
    -rw-r----- 1 zimbra zimbra 5592 Oct 29 21:31 commercial.keystore
    -rw-r----- 1 zimbra zimbra 1257 Oct 29 17:49 keystore
    drwx------ 3 zimbra zimbra 4096 Sep 27 23:55 newCA
    -rw-r----- 1 zimbra zimbra 2706 Oct 10 15:06 original_zimbra_ssl_configuration_files.tgz
    drwx------ 2 zimbra zimbra 4096 Sep 27 23:55 server
    -rw-r----- 1 zimbra zimbra 2706 Oct 24 12:02 server.tgz
    -rw-r----- 1 zimbra zimbra 7645 Sep 27 23:55 zmssl.cnf
    [zimbra@zimbox ssl]$


    And After:

    [zimbra@zimbox ssl]$ ls -l /opt/zimbra/ssl/ssl
    total 60
    -rw-r----- 1 root root 1731 Oct 29 17:37 MAIL1.TOOLCASE.COM.crt
    -rw-r----- 1 root root 1239 Oct 29 17:58 MAIL1.TOOLCASE.COM.der
    drwx------ 2 zimbra zimbra 4096 Sep 27 23:55 ca
    drwx------ 2 zimbra zimbra 4096 Sep 27 23:55 cert
    -rw-r----- 1 root root 694 Oct 29 10:37 commercial.csr
    -rw-r----- 1 root root 5592 Oct 29 21:31 commercial.keystore
    -rw-r----- 1 root root 1257 Oct 29 17:49 keystore
    drwx------ 3 zimbra zimbra 4096 Sep 27 23:55 newCA
    -rw-r----- 1 root root 2706 Oct 10 15:06 original_zimbra_ssl_configuration_files.tgz
    drwx------ 2 zimbra zimbra 4096 Sep 27 23:55 server
    -rw-r----- 1 root root 2706 Oct 24 12:02 server.tgz
    -rw-r----- 1 root root 7645 Sep 27 23:55 zmssl.cnf
    [zimbra@zimbox ssl]$


    Is there a quick fix (script, etc...) for restoring the ownership of the files that should be owned by zimbra?
    (My question is in regards to the entire /opt/zimbra directory structure, not just this one directory...
    I can fix this, but what else is broken.... that's the real issue...)

    Thanks!!!
    Last edited by toolcaserp; 12-11-2007 at 01:28 PM. Reason: fixed the beta revision from beta 3 to RC2

  2. #2
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,569
    Rep Power
    57

    Default

    The answer is the zmfixperms script. You are installing an old beta instead of the current RC2 release, why? I do hope you're not upgrading a production server?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    toolcaserp is offline Active Member
    Join Date
    Nov 2007
    Posts
    30
    Rep Power
    7

    Default

    Quote Originally Posted by phoenix View Post
    The answer is the zmfixperms script. You are installing an old beta instead of the current RC2 release, why? I do hope you're not upgrading a production server?
    Thanks Bill, I referred to the package incorrectly.
    This was downloaded last week.... The actual package is:
    zcs-NETWORK-5.0.0_RC2_1745.RHEL4_64.20071120125046

    I will find the zmfixperms script. Thanks!!!!!

  4. #4
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,569
    Rep Power
    57

    Default

    You'll find that in ~/libexec, sorry I forgot that.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    mcesari is offline Special Member
    Join Date
    Aug 2007
    Posts
    103
    Rep Power
    8

    Default

    the installer didnt run the zmfixperms script?
    In the 4.5 upgrades I have done I found it annoying/unneeded how many times that script ran

  6. #6
    toolcaserp is offline Active Member
    Join Date
    Nov 2007
    Posts
    30
    Rep Power
    7

    Default

    The script explicitly changes everything in the ssl directory to be owned by root (the cause of my original problem....):
    if [ -d ${zimbra_home}/ssl ]; then
    printMsg "Fixing ownership and permisions on ${zimbra_home}/ssl"
    find ${zimbra_home}/ssl -type f -exec chown ${root_user}:${root_group} {} \;
    find ${zimbra_home}/ssl -type f -exec chmod 640 {} \;
    fi


    Why? Why? Why? The zimbra user account cannot access the keystore if the keystore isn't readable so SSL quits working when the Zimbra software is restarted...

  7. #7
    toolcaserp is offline Active Member
    Join Date
    Nov 2007
    Posts
    30
    Rep Power
    7

    Default

    Quote Originally Posted by mcesari View Post
    the installer didnt run the zmfixperms script?
    In the 4.5 upgrades I have done I found it annoying/unneeded how many times that script ran
    It appears it did and caused my problems.

    Perhaps the solution is to add the zimbra user to a privileged group like "root"...

  8. #8
    jholder's Avatar
    jholder is offline Former Zimbran
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    20

    Default

    Quote Originally Posted by toolcaserp View Post
    Why? Why? Why? The zimbra user account cannot access the keystore if the keystore isn't readable so SSL quits working when the Zimbra software is restarted...
    Dude, chill.
    It's a beta. It has bugs. Welcome to software testing.

  9. #9
    toolcaserp is offline Active Member
    Join Date
    Nov 2007
    Posts
    30
    Rep Power
    7

    Default

    Quote Originally Posted by jholder View Post
    Dude, chill.
    It's a beta. It has bugs. Welcome to software testing.
    I do realize it's a beta....

    So the short term solution is to add the zimbra user to the root group.

  10. #10
    jholder's Avatar
    jholder is offline Former Zimbran
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    20

    Default

    I think it's likely because where enhancing security of the directories, etc. So it's likely that it got messed up somehow.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 5
    Last Post: 12-27-2007, 07:52 AM
  2. Replies: 5
    Last Post: 12-04-2007, 05:40 PM
  3. Replies: 7
    Last Post: 11-28-2007, 01:49 PM
  4. Zimlet disappear after upgrade to 4.5.10
    By Chadsel Chen in forum Installation
    Replies: 1
    Last Post: 11-26-2007, 07:42 PM
  5. MTA is Dying after yum update
    By tonyawbrey in forum Administrators
    Replies: 27
    Last Post: 04-02-2006, 06:11 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •