Want to subscribe to topics you're interested in?
Become a Member

Nginx Domains Permission related doubt and issues

Discussion in 'Install & Upgrades or Pre-Install Questions' started by Saahib, Oct 8, 2017.

  1. Saahib

    Saahib New Member

    17
    2
    3
    Oct 8, 2017
    Ratings:
    +2
    Local Time:
    3:06 PM
    1.13
    10.2
    Please fill in any relevant information that applies to you:
    • CentOS Version: i.e. CentOS 6 64bit /
    • Centmin Mod Version Installed: 123.09beta01
    • Nginx Version Installed: i.e. 1.13.5
    • PHP Version Installed: i.e. 5.6.30
    • MariaDB MySQL Version Installed: 10.1.21
    • When was last time updated Centmin Mod code base ? : Today
    • Persistent Config:
      Code:
      LETSENCRYPT_DETECT='y'
      SECOND_IP=xxx.xxx.xxx.xxx
      

    I have actually few doubts, I plan to move some IP based vhosts from cpanel to this server.
    1. My first doubt / issue is : What should be owner / permission for public files ie.
    files residing at : /home/nginx/domains/mydomain.com/public

    I synced files from old server to this one, generally I use chown to fix permission issue but there I am not sure what should be permission as now I am receiving "Permission Denied" error although files are there.

    2. Second doubt / issue is again related to permission, I created ftp user during vhost created from Option #2 , however, after login, I get error if I try to get inside "public" directory, but can access rest ..

    Any insight ?
     
  2. eva2000

    eva2000 Administrator Staff Member

    30,196
    6,789
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,144
    Local Time:
    7:36 PM
    Nginx 1.13.x
    MariaDB 5.5
    Getting Started Guide step 2 outlines vhost setup and file permissions which are nginx/nginx user and group.

    When you log in via pure-ftpd virtual ftp user, files uploaded are already nginx user/group permission based. You do not want to change /public permissions as that might prevent access.

    what are you permissions from command below
    Code (Text):
    ls -lah /home/nginx/domains/mydomain.com
    

    for posting code you might want to use CODE tags for code How to use forum BBCODE code tags :)

    what were the exact chown/chmod commands you ran after syncing files ?

    You can read cpanel to centmin mod migration how to guide at How To Transfer cPanel/WHM Sites To Centmin Mod LEMP Servers
     
  3. Saahib

    Saahib New Member

    17
    2
    3
    Oct 8, 2017
    Ratings:
    +2
    Local Time:
    3:06 PM
    1.13
    10.2
    Thanks, I figured out that its nginx, then fixed the permissions and issue is resolved.
    Now problem I have related to db migration which I have not really mentioned earlier. I have around 15-16 db on cpanel server with 11 users for mysql, now things is that I want to keep old password, old username in order to avoid touching code.

    In past I have done several dump and restore but only for single database at a time, this time I did
    Code (Text):
    mysqldump -uroot --all-databases > dump.sql

    and then restored it to new centminmod server, my assumption is that it should also restore all users , privileges along with database.
    After restoration, I can see all users are created
    (SELECT user FROM mysql.user; )

    But on website, they are not able to connect. However, database restoration completed without error.

    Can you advice that my assumption about complete restoration along with users and permission is incorrect for mysql ?
     
  4. eva2000

    eva2000 Administrator Staff Member

    30,196
    6,789
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,144
    Local Time:
    7:36 PM
    Nginx 1.13.x
    MariaDB 5.5
    Was cpanel using MariaDB 10.1 MySQL too ? As different versions of MySQL would have different password methods. Especially MySQL 5.7 password method differs from MySQL 5.6 and MariaDB <10.2. The mysqldump with all-databases would include mysql system database and when you restore that on another system you can overwrite centmin mod installed and configured MariaDB 10.1 Mysql's mysql system database. If cpanel wasn't same MariaDB 10.1 MySQL that could complicate things further.

    4th post in guide at How To Transfer cPanel/WHM Sites To Centmin Mod LEMP Servers would outline how to restore individual databases and their user grant/privileges keeping mysql system database intact.

    If you did screw up and overwrite centmin mod's MariaDB 10.1 mysql system database, you could try nuking all mysql database to start again and re-import mysql database backups without mysql system database (do not use --all-database mysqldump option). To nuke and delete all mysql data on centmin mod server read guide at MariaDB - How to use mysql_install_db to reset your MySQL database directory

    If your cpanel had MariaDB 10.1 too, you can try resetting MySQL root password again as per MariaDB - How to reset MySQL root user password for CentOS 7 / MariaDB 10.1.19+. If you nuked and resetup mysql, you wouldn't need to do the resetting of root password again.
     
  5. eva2000

    eva2000 Administrator Staff Member

    30,196
    6,789
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,144
    Local Time:
    7:36 PM
    Nginx 1.13.x
    MariaDB 5.5
    if you ignore rsync stuff and look at mysqldump and restore in Centmin Mod to Centmin Mod migration guide, you can get ideas on how to mass migrate mysql databases on mass via ssh command line too Centmin Mod Site Data Migration Guide
     
  6. Saahib

    Saahib New Member

    17
    2
    3
    Oct 8, 2017
    Ratings:
    +2
    Local Time:
    3:06 PM
    1.13
    10.2
    Thanks for detailed answers. I did mess it up as I also copied mysql system data assuming it will create copy.
    In my cpanel it was mysql 5.5 while here its 10.1 mariadb.

    As you suggested, have nuked the database and did mysql_install_db --user=mysql to reinitialize data directory.

    So essentially there is on one liner to do the mysql transfer. I will keep posted as I try things out.
     
    • Like Like x 1
  7. Saahib

    Saahib New Member

    17
    2
    3
    Oct 8, 2017
    Ratings:
    +2
    Local Time:
    3:06 PM
    1.13
    10.2
    Well, I did fresh import without system database and then separate import for users and their privileges , now I am stuck with weird issue that I can access database from command line but not from PHP.

    ie. if I do this :
    Code (Text):
    mysql -usomeuser -p 

    After providing its password, I can enter, further
    show databases;show grants is also showing proper data.

    But from php I am receiving "permission denied : 2002" .

    Any advice ?
     
  8. eva2000

    eva2000 Administrator Staff Member

    30,196
    6,789
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,144
    Local Time:
    7:36 PM
    Nginx 1.13.x
    MariaDB 5.5
    after importing mysql grants did you do flush privileges ? try restarting mysql server.
     
  9. Saahib

    Saahib New Member

    17
    2
    3
    Oct 8, 2017
    Ratings:
    +2
    Local Time:
    3:06 PM
    1.13
    10.2
    Yes, I did.
    Code (Text):
    MariaDB [(none)]> FLUSH PRIVILEGES;
    Query OK, 0 rows affected (0.00 sec)
    

    And did restart
    Code (Text):
    # mysqlrestart
    Shutting down MySQL... SUCCESS!
    Starting MySQL.171008 22:23:15 mysqld_safe Logging to '/var/lib/mysql/mob-ugi-ds-da.r2itservices.com.err'.
    171008 22:23:15 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
     SUCCESS!
    



    I have verified almost all users manually, each can login with its password and has desired grant.

    This is now driving me nuts .

    From mysql docs , error 2002 means there is no mysql running or script is not able to find one. I checked through default socket, and I suppose its working as expected. Or is there any error in my.cnf (its default as of now).
    Code (Text):
    # mysqladmin --protocol=SOCKET --socket=/var/lib/mysql/mysql.sock version
    mysqladmin  Ver 9.1 Distrib 10.1.28-MariaDB, for Linux on x86_64
    Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.
    
    Server version          10.1.28-MariaDB
    Protocol version        10
    Connection              Localhost via UNIX socket
    UNIX socket             /var/lib/mysql/mysql.sock
    Uptime:                 7 min 55 sec
    
    Threads: 1  Questions: 981  Slow queries: 0  Opens: 652  Flush tables: 1  Open tables: 509  Queries per second avg: 2.065


    Any advice ?
     
  10. eva2000

    eva2000 Administrator Staff Member

    30,196
    6,789
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,144
    Local Time:
    7:36 PM
    Nginx 1.13.x
    MariaDB 5.5
    what php/mysql web apps are these ? what about restarting both nginx + php-fpm services ?
    Code (Text):
    nprestart
    

    are the web apps connecting to localhost, ip or hostname ?
     
  11. Saahib

    Saahib New Member

    17
    2
    3
    Oct 8, 2017
    Ratings:
    +2
    Local Time:
    3:06 PM
    1.13
    10.2
    These are custom php app, running fine on other cpanel server with same code.
    I also did "mysql_upgrade" but no effect.

    Have also tried restart, even had rebooted the server. Further, since zend_opcache is enabled, after each code change, have to restart php-fpm.

    App is connecting to localhost.

    Here is grant for one such user :
    Code (Text):
    Grants for bud_cu@localhost
    GRANT USAGE ON *.* TO 'bud_cu'@'localhost' IDENTIFIED BY PASSWORD '*C40C784HHH4E7946TYR27DCE7A1948E1053935'
    GRANT SELECT, INSERT, UPDATE, DELETE, CREATE ON `bud_db3`.* TO 'bud_cu'@'localhost'


    I am looking forward to see how centminmod performs as compared to cpanel stack but this sql user stuff has already eaten 2 days, pretty annoying. I have gut feeling that is something rather small which is being overlooked.. ..
     
    Last edited: Oct 9, 2017
  12. eva2000

    eva2000 Administrator Staff Member

    30,196
    6,789
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,144
    Local Time:
    7:36 PM
    Nginx 1.13.x
    MariaDB 5.5
    wonder if it's to do with cpanel MySQL 5.5 vs MariaDB 10.1 ? You can try create a new mysql user to access existing mysql database using these 5 commands, first 3 assign desired mysql username, password and db name and last 2 create's mysql user and grants privileges.
    Code (Text):
    dbuser=mUser
    dbpass=mPass
    dbname=bud_db3
    mysql -e "CREATE USER '$dbuser'@'localhost' IDENTIFIED BY '$dbpass';"
    echo "GRANT index, select, insert, delete, update, create, drop, alter, create temporary tables, execute, lock tables ON \`$dbname\`.* TO '$dbuser'@'localhost'; flush privileges; show grants for '$dbuser'@'localhost';" | mysql
    
     
  13. Saahib

    Saahib New Member

    17
    2
    3
    Oct 8, 2017
    Ratings:
    +2
    Local Time:
    3:06 PM
    1.13
    10.2
    I doubt it because if there was such database related issue then would have not been able to access from the CLI.

    Do you think there is some library missing in my install because cli essentially means that I am using mysql-client to make interaction but can't do same using php .

    And as per your suggestion, created new user, given it grant over existing db, but same error.

    I am out of ideas ..
     
  14. eva2000

    eva2000 Administrator Staff Member

    30,196
    6,789
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,144
    Local Time:
    7:36 PM
    Nginx 1.13.x
    MariaDB 5.5
    what version of php ? 5.6.31 or 7.x ? php 7 deprecated the old php mysql extension so that could be it. php 7 uses mysqlnd, mysqli and pdo_mysql extensions while php 5.x has additional mysql

    If you recompile php 7 via centmin.sh menu option 5 and answer yes to installing legacy mysql extension, that might help

    what php extensions have you got loaded

    output for command
    Code (Text):
    php -m
    
     
  15. Saahib

    Saahib New Member

    17
    2
    3
    Oct 8, 2017
    Ratings:
    +2
    Local Time:
    3:06 PM
    1.13
    10.2
    php 5.6.31,
    There is no error related to php besides error_reporting(E_ALL);

    I have tried using mysql_ as well mysqli_ , both same issue.
    Here is output you asked :
    Code (Text):
    # php -m
    [PHP Modules]
    bcmath
    bz2
    calendar
    Core
    ctype
    curl
    date
    dom
    enchant
    ereg
    exif
    filter
    ftp
    gd
    geoip
    gettext
    gmp
    hash
    iconv
    igbinary
    imagick
    imap
    intl
    json
    ldap
    libxml
    mailparse
    mbstring
    mcrypt
    memcache
    memcached
    mhash
    mysql
    mysqli
    mysqlnd
    openssl
    pcntl
    pcre
    PDO
    pdo_mysql
    pdo_sqlite
    Phar
    posix
    pspell
    readline
    redis
    Reflection
    session
    shmop
    SimpleXML
    snmp
    soap
    sockets
    SPL
    sqlite3
    standard
    sysvmsg
    sysvsem
    sysvshm
    tidy
    tokenizer
    xml
    xmlreader
    xmlrpc
    xmlwriter
    xsl
    Zend OPcache
    zip
    zlib
    
    [Zend Modules]
    Zend OPcache
    


    Also, I created a new database, populated some test data, added a new user with full privileges but same issue. With my limited knowledge, my conclusion is that php extension is not able to find connection to mysql server / mariadb server at all. In other words, it can not see mysql server running .
     
  16. eva2000

    eva2000 Administrator Staff Member

    30,196
    6,789
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,144
    Local Time:
    7:36 PM
    Nginx 1.13.x
    MariaDB 5.5
    so no php/mysql using app on the server can connect or just some web apps ?
     
  17. eva2000

    eva2000 Administrator Staff Member

    30,196
    6,789
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,144
    Local Time:
    7:36 PM
    Nginx 1.13.x
    MariaDB 5.5
  18. Saahib

    Saahib New Member

    17
    2
    3
    Oct 8, 2017
    Ratings:
    +2
    Local Time:
    3:06 PM
    1.13
    10.2
    No, no PHP/WEB app is working.
    Just permission denied, even in log files

    Also, just to rule out :
    Code (Text):
    # sestatus
    SELinux status:                 disabled


    Further, I installed phpmyadmin using your installer, Addon phpmyadmin.sh - CentminMod.com LEMP Nginx web stack for CentOS

    Even its not able to connect with errors:
    Code (Text):
    #2002 - Permission denied &mdash; The server is not responding (or the local server's socket is not correctly configured).
    
     mysqli_real_connect(): (HY000/2002): Permission denied
    
    
     
  19. eva2000

    eva2000 Administrator Staff Member

    30,196
    6,789
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,144
    Local Time:
    7:36 PM
    Nginx 1.13.x
    MariaDB 5.5
    hmm did you edit /etc/my.cnf in any way ? or left it as is ?

    what's contents of /etc/my.cnf
     
  20. Saahib

    Saahib New Member

    17
    2
    3
    Oct 8, 2017
    Ratings:
    +2
    Local Time:
    3:06 PM
    1.13
    10.2
    As said, left it as it is .

    Its content:
    Code (Text):
    # cat /etc/my.cnf
    [client]
    socket=/var/lib/mysql/mysql.sock
    
    [mysql]
    max_allowed_packet = 128M
    
    [mysqld]
    ignore_db_dirs=cmsetiofiotest
    local-infile=0
    ignore_db_dirs=lost+found
    character-set-server=utf8
    datadir=/var/lib/mysql
    socket=/var/lib/mysql/mysql.sock
    
    #bind-address=127.0.0.1
    # optimized my.cnf for MariaDB 5.5.x
    # by eva2000
    # vbtechsupport.com
    
    tmpdir=/home/mysqltmp
    
    innodb=ON
    #skip-federated
    ##skip-pbxt
    ##skip-pbxt_statistics
    #skip-archive
    #skip-name-resolve
    #old_passwords
    back_log = 512
    max_connections = 750
    key_buffer_size = 384M
    myisam_sort_buffer_size = 256M
    myisam_max_sort_file_size = 2048M
    join_buffer_size = 256K
    read_buffer_size = 256K
    sort_buffer_size = 512K
    table_definition_cache = 8192
    table_open_cache = 8192
    thread_cache_size = 256
    wait_timeout = 1800
    connect_timeout = 10
    tmp_table_size = 512M
    max_heap_table_size = 512M
    max_allowed_packet = 128M
    #max_seeks_for_key = 4294967295
    #group_concat_max_len = 1024
    max_length_for_sort_data = 1024
    net_buffer_length = 16384
    max_connect_errors = 100000
    concurrent_insert = 2
    read_rnd_buffer_size = 512K
    bulk_insert_buffer_size = 8M
    # query_cache boost for MariaDB >10.1.2+
    # https://community.centminmod.com/posts/30811/
    query_cache_limit = 1024K
    query_cache_size = 128M
    query_cache_type = 1
    query_cache_min_res_unit = 2K
    query_prealloc_size = 262144
    query_alloc_block_size = 65536
    transaction_alloc_block_size = 8192
    transaction_prealloc_size = 4096
    default-storage-engine = InnoDB
    
    log_warnings=1
    slow_query_log=0
    long_query_time=1
    slow_query_log_file=/var/lib/mysql/slowq.log
    #log-error=/var/log/mysqld.log
    
    # innodb settings
    innodb_large_prefix=1
    innodb_purge_threads = 4
    innodb_file_format = Barracuda
    innodb_file_per_table = 1
    innodb_open_files = 1000
    innodb_data_file_path= ibdata1:10M:autoextend
    innodb_buffer_pool_size = 1024M
    
    ## https://mariadb.com/kb/en/mariadb/xtradbinnodb-server-system-variables/#innodb_buffer_pool_instances
    innodb_buffer_pool_instances=1
    
    innodb_log_files_in_group = 2
    innodb_log_file_size = 384M
    innodb_log_buffer_size = 8M
    innodb_flush_log_at_trx_commit = 2
    #innodb_thread_concurrency = 20
    innodb_lock_wait_timeout=50
    innodb_flush_method = O_DIRECT
    innodb_support_xa=1
    
    # 200 * # DISKS
    innodb_io_capacity = 2900
    innodb_io_capacity_max = 5800
    innodb_read_io_threads = 4
    innodb_write_io_threads = 4
    innodb_flush_neighbors = 0
    
    # mariadb settings
    [mariadb]
    #thread-handling = pool-of-threads
    #thread-pool-size= 20
    #mysql --port=3307 --protocol=tcp
    #extra-port=3307
    #extra-max-connections=1
    
    userstat = 0
    key_cache_segments = 1
    aria_group_commit = none
    aria_group_commit_interval = 0
    aria_log_file_size = 768M
    aria_log_purge_type = immediate
    aria_pagecache_buffer_size = 768M
    aria_sort_buffer_size = 192M
    
    [mariadb-5.5]
    innodb_file_format = Barracuda
    innodb_file_per_table = 1
    
    #ignore_db_dirs=
    query_cache_strip_comments=0
    
    innodb_read_ahead = linear
    innodb_adaptive_flushing_method = estimate
    innodb_flush_neighbor_pages = 1
    innodb_stats_update_need_lock = 0
    innodb_log_block_size = 512
    
    log_slow_filter =admin,filesort,filesort_on_disk,full_join,full_scan,query_cache,query_cache_miss,tmp_table,tmp_table_on_disk
    
    [mysqld_safe]
    socket=/var/lib/mysql/mysql.sock
    #log-error=/var/log/mysqld.log
    #nice = -5
    open-files-limit = 8192
    
    [mysqldump]
    quick
    max_allowed_packet = 128M
    
    [myisamchk]
    tmpdir=/home/mysqltmp
    key_buffer = 384M
    sort_buffer = 64M
    read_buffer = 64M
    write_buffer = 64M
    
    [mysqlhotcopy]
    interactive-timeout
    
    [mariadb-10.0]
    innodb_file_format = Barracuda
    innodb_file_per_table = 1
    
    # 2 variables needed to switch from XtraDB to InnoDB plugins
    #plugin-load=ha_innodb
    #ignore_builtin_innodb
    
    ## MariaDB 10 only save and restore buffer pool pages
    ## warm up InnoDB buffer pool on server restarts
    #innodb_buffer_pool_dump_at_shutdown=1
    #innodb_buffer_pool_load_at_startup=1
    innodb_buffer_pool_populate=0
    ## Disabled settings
    performance_schema=OFF
    innodb_stats_on_metadata=OFF
    innodb_sort_buffer_size=2M
    innodb_online_alter_log_max_size=128M
    query_cache_strip_comments=0
    log_slow_filter =admin,filesort,filesort_on_disk,full_join,full_scan,query_cache,query_cache_miss,tmp_table,tmp_table_on_disk
    
    [mariadb-10.1]
    innodb_file_format = Barracuda
    innodb_file_per_table = 1
    
    ## wsrep specific
    # wsrep_on=OFF
    # wsrep_provider
    # wsrep_cluster_address
    # binlog_format=ROW
    # default_storage_engine=InnoDB
    # innodb_autoinc_lock_mode=2
    # innodb_doublewrite=1
    # query_cache_size=0
    
    # 2 variables needed to switch from XtraDB to InnoDB plugins
    #plugin-load=ha_innodb
    #ignore_builtin_innodb
    
    ## MariaDB 10 only save and restore buffer pool pages
    ## warm up InnoDB buffer pool on server restarts
    #innodb_buffer_pool_dump_at_shutdown=1
    #innodb_buffer_pool_load_at_startup=1
    innodb_buffer_pool_populate=0
    ## Disabled settings
    performance_schema=OFF
    innodb_stats_on_metadata=OFF
    innodb_sort_buffer_size=2M
    innodb_online_alter_log_max_size=128M
    query_cache_strip_comments=0
    log_slow_filter =admin,filesort,filesort_on_disk,full_join,full_scan,query_cache,query_cache_miss,tmp_table,tmp_table_on_disk
    
    # Defragmenting unused space on InnoDB tablespace
    innodb_defragment=1
    innodb_defragment_n_pages=7
    innodb_defragment_stats_accuracy=0
    innodb_defragment_fill_factor_n_recs=20
    innodb_defragment_fill_factor=0.9
    innodb_defragment_frequency=40