Using the installer on Centos 7 and install procedure as documented here doesn’t seem to work as expected:
The installer seems to change ownership of the /root/ folder - noticed as ssh authorized_keys stop working. /root is now owned by uid 1000, gid “users”.
After installation the webapp is inaccessible due to firewall issues.
Steps to reproduce:
- Fresh CentOS 7 installation (mine was from CentOS minimal-1810.
- ssh key added using
ssh-copy-idfrom a different box.
yum updateso all packages at current version as of today.
- ssh into system as root and download/run the installer (as per guide)
Even before responding to the first question, the root directory ownership and permissions have already been altered giving world read/execute permissions on /root/
[root@passbolt ~]# stat /root File: ‘/root’ Size: 4096 Blocks: 8 IO Block: 4096 directory Device: fd01h/64769d Inode: 33584193 Links: 5 Access: (0755/drwxr-xr-x) Uid: ( 1000/ UNKNOWN) Gid: ( 100/ users) Context: system_u:object_r:admin_home_t:s0 Access: 2019-06-18 11:09:54.823871081 +0100 Modify: 2019-06-18 11:09:44.583536792 +0100 Change: 2019-06-18 11:09:44.583536792 +0100
If I ignore this and continue with the installation (yes to maria, manual ssl certificates, yes to haveged) the installer gives two possible errors (
grep: /var/spool/cron//*: No such file or directory &&
libsemanage.dbase_llist_query: could not query record value) but seems to complete successfully.
At this point I’m told to visit the URL to complete setup, though this inaccessible due to the firewall. The following fixes the issue; should the installer be doing this automagically?
firewall-cmd --permanent --add-service=http --add-service=https
Other than these two issues everything seems to get installed and work fine.
[✓] I have read intro post: About the Installation Issues category
[✓] I have read the tutorials, help and searched for similar issues
[✓] I provide relevant information about my server (component names and versions, etc.)
[x] I provide a copy of my logs and healthcheck
[✓] I describe the steps I have taken to trouble shoot the problem
[✓] I describe the steps on how to reproduce the issue