Environment
Novell Open Enterprise Server (Linux based)
Novell Open Enterprise Server (OES)
Novell NetStorage
Situation
When NSS is installed on OES Linux, certain system users and
groups are imported into LUM. (wwwrun, novlxregd, novlxsrvd,
novlxtier) In a multi-server tree, the UID's and GID's may
not be the same on each server resulting in incorrect ownership of
the xtier directories.
The following error occurs in the /var/log/messages log
file:
httpd2-worker:
XSrvCChannel::connectSocket- Connection creation failed, error =
13
httpd2-worker: XSrvCChannel::init- Connection creation failed, error = 13
httpd2-worker: IPCCLNT -getCChannel- Channel Initialization failed for socket /var/opt/novell/xtier/xsrvd/srv-socket-3
httpd2-worker: IPCCLNT -SubmitReq- Channel unavailable
httpd2-worker: IPCCLNT -SubmitReq- Will attempt to retry RPC, count = 2
httpd2-worker: XSrvCChannel::init- Connection creation failed, error = 13
httpd2-worker: IPCCLNT -getCChannel- Channel Initialization failed for socket /var/opt/novell/xtier/xsrvd/srv-socket-3
httpd2-worker: IPCCLNT -SubmitReq- Channel unavailable
httpd2-worker: IPCCLNT -SubmitReq- Will attempt to retry RPC, count = 2
Resolution
Change these directory owners as follows:
chown -R
novlxregd:novlxtier /var/opt/novell/xtier/xregd
chown -R
novlxsrvd:novlxtier /var/opt/novell/xtier/xsrvd
Permissions should
look like this:
drwxrwx---
4 novlxregd novlxtier 216 Aug 2 14:24 .
drwxr-xr-x 14 root root 352 May 9 11:15 ..
drwxrwx--- 3 novlxregd novlxtier 104 Jun 27 12:52 xregd
drwxrwx--- 3 novlxsrvd novlxtier 1192 Jun 27 12:52 xsrvd
drwxr-xr-x 14 root root 352 May 9 11:15 ..
drwxrwx--- 3 novlxregd novlxtier 104 Jun 27 12:52 xregd
drwxrwx--- 3 novlxsrvd novlxtier 1192 Jun 27 12:52 xsrvd
Now make sure the
wwwrun user (Apache system user) is a member of the novlxtier group
with the following command:
getent group | grep
novlxtier
This should return
the group name, GID and membership. ie. novlxtier:!:101:wwwrun
If the Apache
system user (wwwrun) is not a member of the novlxtier group,
Apache will not have rights to the xtier sockets and RPC calls to
xtier from apache will fail.
Restart xtier and
apache.
rcnovell-xregd
restart
rcnovell-xsrvd
restart
rcapache2
restart
Another possible cause could be that the user wwwrun is not (correct) member of all needed groups. In a correct situation you should see the following when doing a "id wwwrun"
uid=30(wwwrun) gid=8(www) groups=8(www),81(novlxtier)
When the problem is present, the group novlxtier is missing. Checking NDS shows that the in the membership of novlxtier the user wwwrun is a member. But when checking the user wwwrun, you will not see his membership to the group novlxtier. After adding the group to the user and restarting the server, the problem is solved.
Another possible cause could be that the user wwwrun is not (correct) member of all needed groups. In a correct situation you should see the following when doing a "id wwwrun"
uid=30(wwwrun) gid=8(www) groups=8(www),81(novlxtier)
When the problem is present, the group novlxtier is missing. Checking NDS shows that the in the membership of novlxtier the user wwwrun is a member. But when checking the user wwwrun, you will not see his membership to the group novlxtier. After adding the group to the user and restarting the server, the problem is solved.
Additional Information
Another possible issue that could occur is duplicate UID or
GID's. If a user in LUM has the same UID as a user in the
etc/passwd file or a LUM group has the same GID as a group in the
etc/group file, file permissions may be affected. If this is
the case, changing the UID/GID to an unused value in the
passwd/group file will resolve the conflict. Be careful to
use a unique ID and remember that when a user or groups ID changes,
any file/directory ownerships will need to be changed via CHOWN to
reflect the new value.