Tuesday 26 September 2023

Passbolt on openSUSE Leap 15.5 fails to start php-fpm 

Installing Passbolt using their guide fails to start php-fpm at the end, with this error:

.
.
.
===================
Setting up nginx...
===================
Created symlink /etc/systemd/system/multi-user.target.wants/nginx.service → /usr/lib/systemd/system/nginx.service.
extension=gnupg.so
Created symlink /etc/systemd/system/multi-user.target.wants/php-fpm.service → /usr/lib/systemd/system/php-fpm.service.
Job for php-fpm.service failed because the control process exited with error code.
See "systemctl status php-fpm.service" and "journalctl -xeu php-fpm.service" for details.

Leap 15.4 and newer (possibly older releases too, I didn't check) come with AppArmor installed and running. The default config doesn't expect/allow php-fpm to create a www.sock in /var/run so we need to edit the config to allow that.

vi /etc/apparmor.d/php-fpm

Find the line that says "# we need to be able to create all sockets" at around line 37 and ADD this right after...

@{run}/php{,-fpm}/www.sock rw,

restart/reload apparmor.service and you should be able to get it running now: systemctl restart php-fpm.service

Ideally you'd adjust the config prior to running the installer, but you won't have seen the error at that point!! :-D

This is just the beginning; there are a load of issues reading other config files which I haven't resolved yet - in the first instance you might just prefer to clear the config (aa-teardown) to prove it works.
by at No comments:
Labels: ,

Tuesday 18 October 2022

Zimbra on CentOS Stream 8 - SELinux & systemctl

Zimbra on CentOS Stream 8 - startup issue with systemctl

By default the SELinux configuration on /etc/init.d/zimbra is wrong.

Check yours with ls -Z if you like.


[mark@server.co.uk :init.d]# ls -alZ
total 36
drwxr-xr-x.  2 root root system_u:object_r:etc_t:s0         4096 Sep 30 00:06 .
drwxr-xr-x. 10 root root system_u:object_r:etc_t:s0         4096 Sep 30 00:06 ..
-rw-r--r--.  1 root root system_u:object_r:bin_t:s0        18434 Aug 10 14:03 functions
-rw-r--r--.  1 root root system_u:object_r:initrc_exec_t:s0 1161 Sep 30 00:06 README
-rwxr-xr-x.  1 root root unconfined_u:object_r:etc_t:s0     1971 Oct 17 16:05 zimbra


You can see the difference between functions and zimbra - that's what we need to correct. Use chcon and use functions as a reference to apply to zimbra. Obviously you should adjust your specific filenames, if you don't have functions for example.

[mark@server.co.uk :init.d]# chcon --reference=functions zimbra

This issue caused zimbra to not start at boot on a server with SELinux mode enforcing, with the error:

systemd[1]: Starting LSB: Zimbra mail service...
zimbra[  ]: /etc/rc.d/init.d/zimbra: line 41: /usr/bin/su: Permission denied
systemd[1]: zimbra.service: Control process exited, code=exited status=126
systemd[1]: zimbra.service: Failed with result 'exit-code'.
systemd[1]: Failed to start LSB: Zimbra mail service.

by at No comments:
Labels:

Thursday 10 January 2019

Moto G6 - Remove LinkedIn and Outlook

Having replaced my OnePlus 3 with a Moto G6 I was annoyed by the pre-installed crapware; LinkedIn and Outlook - two apps I will never use.

 With USB Debugging enabled, I was able to issue the following two commands in adb shell to get rid of them.

 pm uninstall -k --user 0 com.linkedin.android
pm uninstall -k --user 0 com.microsoft.office.outlook
by at 2 comments:

Friday 7 December 2018

Lenovo Thinkpad E480 Won't power off

A colleague presented me with his laptop today, and an unusual problem.
It was powered on, according to the light on the power switch, however there was no video and, the strange part was that we were unable to power it off.

 Regardless of how long we held the power button, it just would not switch off.

 Most of the folks on the forums seemed to have issues with powering on, not off. Checking the Hardware maintenance manual indicates that this model should have an emergency reset hole, but I believe that to be lies. 
We certainly couldn't find it, and had to resort to undoing the screws on the case and using a spudger to carefully pry the case apart.

 Exposing the motherboard enabled me to locate the battery and I was able to unplug it for ~10 seconds. Reconnecting it (it just pulls in/out) was enough to sort the problem and the machine (reassembled!) now boots and shuts down okay.

by at No comments:

Monday 19 November 2018

Hylafax Job Purge

I always forget how to purge the Hylafax job queue, thereby removing all outstanding jobs.
To delete the whole lot, you need to use the faxrm job, and on my servers this needs to be done as the fax user...

su - fax
faxstat -s

 Have a look and figure out what the range of job numbers is (in broad terms).
Delete them:

faxrm $(seq 1 100)

faxrm $(seq 36500 37100)



Job 37073 removed (from doneq).

Job 37074 removed (from doneq).


Job 37076 removed (from doneq).

Job 37075 removed (from doneq).
Job 37077 removed (from doneq).


Job 37080 removed (from doneq).

Job 37078 removed (from doneq).
Job 37079 removed (from doneq).
Job 37081 removed (from doneq).


Job 37082 removed (from doneq).
by at No comments:
Bournemouth Collegiate School Swimming Pool

 The school have apparently got a nice pool, where you can get lessons and your child can learn to swim, however the entrance to the facilities are classified. Top Secret - eyes only.

 I'm going to bust open the mystery of how to get in, think of this post like wikileaks for BCS!

 Park in the street, go through the gate to the minibus parking, and follow the gravel path and to the right of the main school building.

 Why the school don't sign-post this is beyond me, nor does it obviously appear in any Google search results... Until now.

 Happy 🏊
by at No comments:

Wednesday 26 August 2015

PDFtk Burst PDF in a Windows Command Prompt (Batch File)

I had a user at work who needed to expand PDF files into their individual pages. 
This is the solution I came up with, using PDFtk and a bit of cmd script.
It creates files in a sub folder called output, so make sure that exists before you try and run it.

<code>
@echo off
setlocal EnableDelayedExpansion
set "source=%~dp0"
set "name=%1"

IF DEFINED name (
 call :burst %name%
 ) else (
 call :usage
 )
goto :xit

:burst
 set "file=%~nx1"
 echo Working on %file%
 for /f "skip=1" %%x in ('wmic os get localdatetime') do if not defined mydate set mydate=%%x
 SET "mytime=%mydate:~0,14%"
 pdftk %name% burst output "%source%output\%file%_%mytime%_%%04d.pdf"
 for %%d in (%source%output\doc_data.txt) do del %%d
 echo Done!
 goto :EOF

:usage
echo Nothing to do... drag a file onto me!
goto :EOF

:xit
endlocal
timeout /T 3
<\code>
by at 2 comments:
Labels: , ,
Subscribe to: Posts (Atom)