Bug#892569: gosa: fails to generate gosa.conf if Apache web server is used

[Wolfgang Schweer]

Package: gosa
Version: 2.7.4+reloaded3-3
Severity: important

Hi,

trying to setup gosa from scratch is successful with Lighttpd but fails 
with Apache; in this case a user can't finish step 1 of 8, an error 
message isn't shown.

Reason: Since Stretch, apache2 is using a Systemd unit file with setting 
'PrivateTmp=true'.

As the user, who is setting up GOsa, is informed to echo the session ID 
to /tmp/gosa.auth the conflict is clear: Both the user and www-data are 
seeing a different /tmp dir, www-data can't read the file to get the 
session ID and the setup process is stuck.

Unless a smarter solution can be found, maybe some information like the 
following should be provided on the welcome page.

If using Apache, the apache2 PrivateTmp directory needs to be disabled 
for 'Step 1' to work; so run as root:

(1) service apache2 stop
(2) sed -i 's/Tmp=true/Tmp=false/' /lib/systemd/system/apache2.service
(3) systemctl daemon-reload
(4) service apache2 start

After 'Step 1' has been successful, the change should be reverted for 
security reasons:

(1) service apache2 stop
(2) sed -i 's/Tmp=false/Tmp=true/' /lib/systemd/system/apache2.service
(3) systemctl daemon-reload
(4) service apache2 start

(Another way might be to tell the user to echo the session ID as root to 
/tmp/<apache-private-dir>/gosa.auth, where the private dir name 
contains random strings...)  

Please check.

Wolfgang
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/debian-edu-pkg-team/attachments/20180310/cd64cc1b/attachment.sig>