Closed MarcosxDeveloper closed 3 years ago
Did you follow the installation steps here? https://intelmq.readthedocs.io/en/maintenance/user/intelmq-api.html
-> Does the webserver have write permissions for /etc/intelmq/api-session.sqlite
?
Yes! I Install it with pip and test it with hug
using the curl command for login does not give any problem
the problem comes when accessing through the webserver
I already tried to give it permissions in various ways with chow and chmod but the problem persists
Please show:
echo $INTELMQ_API_CONFIG
jq .session_store ${INTELMQ_API_CONFIG:-/etc/intelmq/api-config.json}
jq .session_store ${INTELMQ_API_CONFIG:-/etc/intelmq/api-config.json} | tr -d '"' | xargs ls -l
ok! here you have the result:
I used the following apache2 conf:
# SPDX-FileCopyrightText: 2020 Birger Schacht
#
# SPDX-License-Identifier: CC0-1.0
#Override the default configuration file path using the
#INTELMQ_API_CONFIG environment variable
#SetEnv INTELMQ_API_CONFIG /etc/intelmq/api-config.json
<IfModule mod_wsgi.c>
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
WSGIScriptAlias / /usr/local/lib/python3.6/dist-packages/intelmq_api/intelmq-api.wsgi
</IfModule>
<Directory /usr/local/lib/python3.6/dist-packages/intelmq_api/>
Require all granted
</Directory>
/usr/local/lib/python3.6/dist-packages/etc/intelmq/api-config.json
looks strange.
But it looks like www-data
should have write-access to the actual session file. Let's test it explicitly:
sudo -u www-data namei -l /etc/intelmq/api-session.sqlite
ok! here you have the result:
drwxr-xr-x root root /
drwxr-xr-x root root etc
drwxrwxr-x 997 997 intelmq
-rw-rw-r-- www-data www-data api-session.sqlite
Okay, you've got me stumped.
Let's wait for @schacht-certat, I'm sure he has better ideas than I have. But you'd have to wait until Monday.
Anyway: thanks for reporting the issue, I'm sure we can resolve that together :)
hello @wagner-certat!
I Solved the problem added www-data permission to /etc/intelmq folder and not only api-session.sqlite file.
it seems that sqlite3 creates some temporary files in the folder when reading the api-session.sqlite file,
command:
sudo -u www-data namei -l /etc/intelmq/api-session.sqlite
result:
f: /etc/intelmq/api-session.sqlite
drwxr-xr-x root root /
drwxr-xr-x root root etc
drwxrwxr-x www-data www-data intelmq
-rw-rw-r-- www-data www-data api-session.sqlite
Oh, yeah. Right. I actually stumbled over the same issues some weeks ago while testing :/ Great that you could resolve it so fast.
We should add that to the documentation and maybe add some verbose logging to hint into this direction as well.
You can also let intelmq
itself own (owner and group) the directory and add www-data
to the intelmq
group. That's how we do it in the deb/rpm-packages.
thanks @wagner-certat
I have another bug but I will open another ticket for that
action => login
http response => internal server error
installation type => python pip
intelmqctl check => No issues found
apache2 logs: