[tech] git.ucc.asn.au - was Re: Samba/LDAP migration

Mark Tearle mtearle at ucc.asn.au
Thu Aug 16 02:17:14 AWST 2018 

Hi folks

Found another service that has experienced issues with this transition.

mussel:/etc/apache2/sites-enabled# groups git
git : sogo

mussel:/etc/apache2/sites-enabled# ls -l ~git/public-html/
total 540
-rw-r--r-- 1 git  sogo    246 Nov  7  2015 footer.html
-rwxr-xr-x 1 git  sogo 252173 Apr  2 22:27 gitweb.cgi
....

In /etc/apache2/sites-available/members.conf which is simlink to /home/other/www/members.conf

I tweaked the virtualhost entry to change the group for suExec from other (non-existant) to sogo, and it sprung back into life 

<VirtualHost *:443>
        Include ssl-ucc.conf
        SSLEngine On
         SSLCertificateKeyFile /var/lib/acme/live/git.ucc.asn.au/privkey
         SSLCertificateFile /var/lib/acme/live/git.ucc.asn.au/cert
         SSLCertificateChainFile /var/lib/acme/live/git.ucc.asn.au/chain

        ServerName git.ucc.asn.au
        DocumentRoot /home/other/git/public-html
        #SuexecUserGroup git other
        SuexecUserGroup git sogo
        ServerAdmin git at ucc.asn.au
        <directory /home/other/git/public-html>
                allowoverride all
                Options +SymLinksIfOwnerMatch +Indexes +ExecCGI -FollowSymLinks
        </directory>
</VirtualHost>


So what changes do we need to make to fix it permanently?   My memory of the horror that is UCC's web config is failing


Mark
--
Mark Tearle <mtearle at ucc.asn.au>

On Mon, 13 Aug 2018, at 3:47 PM, David Adam wrote:
> There are still some loose ends from the LDAP to Samba migration needing 
> to be tidied up. LDAP is still in NSS on Mussel and Mooneye until these 
> can all be fixed.
> 
> * flame - the flame user (UID 10026) did not get migrated into Active 
>   Directory. As flame runs only on Mooneye and out of local storage, I've 
>   created a local user instead. There's some stuff in /services/flame but 
>   it's all Very Old.
> 
> * Users with UID < 1000 don't work properly on systems using Winbind, 
>   which is all of them except Motsugo. These accounts should ideally be 
>   renumbered to sensible UIDs.
> 
> I've also upgraded the DC to 4.8.2 and removed and rejoined Maaxen from 
> the domain. The rejoin failed every time I tried last night and then 
> worked today?!
> 
> David Adam
> zanchey at ucc.gu.uwa.edu.au
> Ask Me About Our SLA!
> _______________________________________________
> List Archives: http://lists.ucc.gu.uwa.edu.au/pipermail/tech
> 
> Unsubscribe here: 
> http://lists.ucc.gu.uwa.edu.au/mailman/options/tech/mtearle%40ucc.gu.uwa.edu.au

More information about the tech mailing list