Permission denied error when trying to use composer to update a static platform or trying to cd into a directory or use sftp!

[EdNett]

o2.ftp:~$ cd static/thunder7
o2.ftp:thunder7$ composer update -W
/usr/bin/env: ‘php’: Permission denied

Skynet Agent v.BOA-5.5.0-lts on Devuan/daedalus welcomes you aboard

  ======== Welcome to the Aegir, Drush and Compass Shell ========

boa info more is here:
https://gist.github.com/EdNett/4b9c4069a193f53cf741dc2447a30aac

This is on a dedicated - and I got the message that I can't expect ***ANY SUPPORT *** - yet I'm posting this in an effort to help. I am absolutely terrified to have this last server - my main production server go down so I cannot attempt an upgrade, and it appears I can no longer manage sites on it.

Best,

Ed

[EdNett]

I also now find myself unable to cd /static/platform_name:

Skynet Agent v.BOA-5.5.0-lts on Devuan/daedalus welcomes you aboard

  ======== Welcome to the Aegir, Drush and Compass Shell ========

     Type '?' or 'help' to get the list of allowed commands
         Note that not all Drush commands are available

   Use Gem and Bundler to manage all your Compass gems! Example:
               `gem install --conservative compass`

          Use NPM to manage all your packages! Example:
                    `npm install -g gulp`

  To initialize Ruby use control file and re-login after 5 minutes
             `touch ~/static/control/compass.info`

o1.ftp:$ cd static/d7
*** forbidden path -> "/data/disk/o1/static/d7/"
*** You have 2 warning(s) left, before getting logged out.
This incident has been reported.
o1.ftp:$ cd static
*** forbidden path -> "/data/disk/o1/static/"
*** You have 1 warning(s) left, before getting logged out.
This incident has been reported.
o1.ftp:~$

[sluc23]

I have a similar behavior today executing drush:

o2.ftp:~$ drush sa
/usr/bin/env: ‘php’: Permission denied

This weeks' updates are very unstable, breaking and fixing drush & composer constantly..

[EdNett]

What would the proper command be to put the actual location of php (/opt/php81/bin/php or other version) to create symlinks?
Would "sudo ln -s /opt/php81/bin/php /usr/bin/php" work? and if so, would we have to do symlinks for each version of php?

Or is the php that composer requires installed elsewhere on teh BOA vps?

[omega8cc]

Hello,

Could you please run the following command and let us know if it resolves the issue?

wget -qO- http://files.aegir.cc/BOA.sh.txt | bash  

We’ve recently introduced a new branches structure to prevent such issues from recurring.

For more details, you can refer to:
https://github.com/omega8cc/boa/blob/5.x-dev/docs/BRANCHES.md

We sincerely apologize for any inconvenience or disruption this may have caused.

[EdNett]

That did the trick. Now drush seems to work again

[EdNett]

I have to reopen because on a different vps - I have the same problem, and repeated running of
wget -qO- http://files.aegir.cc/BOA.sh.txt | bash
none of which reinstall pip, etc.
and a "barracuda up-lts system" and numerous reboots still give this error:

o1.ftp:~$ cd static
*** forbidden path -> "/data/disk/o1/static/"
*** You have 2 warning(s) left, before getting logged out.
This incident has been reported.

I will try a few more baracuda up-lts system and see if that doesn't correct the problem.

This is not fixed for this VM:

server1:# wget -qO- http://files.aegir.cc/BOA.sh.txt | bash
185.206.225.30 already denied for Flooding user/password
185.253.97.238 already denied for Flooding user/password
STATUS: Skynet Agent is Active, OK!
STATUS: You can add the _SKYNET_MODE=OFF line in
STATUS: /root/.barracuda.cnf to disable me, if needed.
CLNP: Only the allowed version (libcurl.so.4.8.0) is present in /usr/lib
CLNP: Only the allowed version (libcurl.so.4.8.0) is present in /usr/local/lib
CLNP: Only the allowed version (libcurl.so.4.8.0) is present in /usr/lib/x86_64-linux-gnu
CLNP: No broken symlinks found in /usr/lib
CLNP: No broken symlinks found in /usr/local/lib
CLNP: No broken symlinks found in /usr/lib/x86_64-linux-gnu
server1:# boa info

Aegir BOA-5.5.0-lts on Devuan/daedalus x86_64
HOST OpenStack Foundation
VPS Linux KVM guest
SKY _SKYNET_MODE=ON
NGX 1.27.3
PHP 8.3.14
DBV 5.7.44
RDS 7.0.15
SHD 9.9p1
SSH OpenSSH_9.9p1, OpenSSL 3.3.2 3 Sep 2024
LSH 0.10
PY3 3.11.2
PX3 3.12.5
SSL 3.3.2
CRL 8.10.1
CRL_From_Packages NO
CRL_Local_Bin YES
_AUT _AUTOPILOT=YES
_CCC _CUSTOM_CONFIG_CSF=YES
_CCL _CUSTOM_CONFIG_LSHELL=NO
_CCR _CUSTOM_CONFIG_REDIS=NO
_CCS _CUSTOM_CONFIG_SQL=NO
_DBG _DEBUG_MODE=YES
_DBS _DB_SERIES=5.7
_DNS _DNS_SETUP_TEST=YES
_EXP _EXTRA_PACKAGES=
_MFS _MAGICK_FROM_SOURCES=NO
_MFX _MODULES_FIX=YES
_PCV _PHP_CLI_VERSION=8.3
_PEC _PHP_EXTRA_CONF=""
_PFD _PHP_FPM_DENY=""
_PFV _PHP_FPM_VERSION=8.3
_PFX _PERMISSIONS_FIX=YES
_PMI _PHP_MULTI_INSTALL="7.4 8.1 8.2 8.3"
_PSI _PHP_SINGLE_INSTALL=
_SAR _SSH_ARMOUR=NO
_SBP _STRICT_BIN_PERMISSIONS=YES
_SFS _SSH_FROM_SOURCES=YES
_STP _STRONG_PASSWORDS=YES
_SUO _SYSTEM_UP_ONLY=YES
_UMY _USE_MYSQLTUNER=NO
_XTR _XTRAS_LIST="ADM GIT CSF IMG SR4 SR7 FTP"
_NRC command
_AUT _AUTOPILOT=YES

_XSY System Uptime/Load/Kernel/CPU/Memory/Disk Report

_XSU System Uptime: up 22 minutes
_XSL System Load: 0.54, 0.74, 0.60
_XSK Current Kernel Version: 6.1.0-28-amd64
_XSG GRUB: GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"
_CPU Number: 2
_RAM Total: 7.56 GB
_RAM Usage: 35%
_DSK Usage for relevant partitions:
_DSK /dev/sda1: 53% used (/)

_XSE Key Services Uptime Report

_XSE Running services:

_XSE sshd is running for 5 minutes.
_XSE crond is running for 21 minutes.
_XSE php74-fpm is running for 4 minutes.
_XSE php81-fpm is running for 4 minutes.
_XSE php82-fpm is running for 4 minutes.
_XSE php83-fpm is running for 4 minutes.
_XSE mysql is running for 21 minutes.
_XSE redis is running for 4 minutes.
_XSE solr7 is running for 4 minutes.
_XSE jetty9 is running for 4 minutes.
_XSE pure-ftpd is running for 21 minutes.
_XSE lfd is running for 5 minutes.
_XSE rsyslogd is running for 8 minutes.
_XSE unbound is running for 10 minutes.
_XSE vnstat is running for 22 minutes.

_XSE Not running services:

_XSE nginx is not running (PID file not found).

Sat Nov 30 02:04:36 PM UTC 2024 / Devuan.chimaera x86_64 Linux KVM guest / Aegir lts / Barracuda BOA-5.5.0-lts / Nginx 1.27.2 / PHP-MI 7.4 8.1 8.2 8.3 / PHP-SE / FPM 8.3 / CLI 8.3 / Percona-5.7.44 localhost
Sat Nov 30 15:11:01 UTC 2024 / Devuan.daedalus x86_64 Linux KVM guest / Aegir lts / Barracuda BOA-5.5.0-lts / Nginx 1.27.2 / PHP-MI 7.4 8.1 8.2 8.3 / PHP-SE / FPM 8.3 / CLI 8.3 / Percona-5.7.44 localhost
Sat Nov 30 15:49:38 UTC 2024 / Devuan.daedalus x86_64 Linux KVM guest / Aegir lts / Barracuda BOA-5.5.0-lts / Nginx 1.27.2 / PHP-MI 7.4 8.1 8.2 8.3 / PHP-SE / FPM 8.3 / CLI 8.3 / Percona-5.7.44 localhost
Thu Dec 5 05:18:21 PM UTC 2024 / Devuan.daedalus x86_64 Linux KVM guest / Aegir lts / Barracuda BOA-5.5.0-lts / Nginx 1.27.3 / PHP-MI 7.4 8.1 8.2 8.3 / PHP-SE / FPM 8.3 / CLI 8.3 / Percona-5.7.44 localhost
Thu Dec 5 05:39:09 PM UTC 2024 / Devuan.daedalus x86_64 Linux KVM guest / Aegir lts / Barracuda BOA-5.5.0-lts / Nginx 1.27.3 / PHP-MI 7.4 8.1 8.2 8.3 / PHP-SE / FPM 8.3 / CLI 8.3 / Percona-5.7.44 localhost

[EdNett]

After doing 4 barracuda up-lts system updates, with a reboot after each and running the command after each reboot, I finally decided to do a full "barracuda up-lts" update and it errored:

BOA [19:03:06] ==> INFO: Installing Aegir Provision backend...
BOA [19:03:06] ==> INFO: Downloading Drush and Provision extensions...
BOA [19:03:12] ==> DNLD: Attempt 1 of 10: Downloading clean_missing_modules.tar.gz...
BOA [19:03:13] ==> DNLD: Attempt 1 of 10: Downloading utf8mb4_convert-7.x-1.3.tar.gz...
Drush command terminated abnormally due to an unrecoverable [error]
error.
Error: Uncaught Error: Call to undefined function
provision_autoload_register_prefix() in
/var/aegir/host_master/067/profiles/hostmaster/modules/aegir/aegir_objects/drush/aegir_objects.drush.inc:15
Stack trace:
#0
/var/aegir/host_master/067/profiles/hostmaster/modules/aegir/aegir_objects/drush/aegir_objects.drush.inc(23):
aegir_objects_register_autoload()
#1 /var/aegir/drush/includes/command.inc(226):
aegir_objects_drush_init()
#2 /var/aegir/drush/includes/command.inc(199): drush_command()
#3 /var/aegir/drush/lib/Drush/Boot/BaseBoot.php(67):
drush_dispatch()
#4 /var/aegir/drush/includes/preflight.inc(67):
Drush\Boot\BaseBoot->bootstrap_and_dispatch()
#5 /var/aegir/drush/drush.php(12): drush_main()
#6 {main}
thrown in
/var/aegir/host_master/067/profiles/hostmaster/modules/aegir/aegir_objects/drush/aegir_objects.drush.inc,
line 15
BOA [19:03:13] ==> FATAL ERROR: Drush is broken (/opt/php83/bin/php /var/aegir/drush/drush.php help failed)
BOA [19:03:13] ==> FATAL ERROR: Aborting AegirUpgrade installer NOW!
BOA [19:03:13] ==> FATAL ERROR: AegirUpgrade installer failed
BOA [19:03:13] ==> FATAL ERROR: Aborting Barracuda installer NOW!

So on this VPS I still can't even #o1.ftp:# cd static

because it is forbidden!

[omega8cc]

Try this:

rm -f /var/xdrago/log/*.{pid,log}
wget -qO- http://files.aegir.cc/BOA.sh.txt | bash

[EdNett]

Hello, running those two commands gives this:

server1:# rm -f /var/xdrago/log/*.{pid,log}
server1:# wget -qO- http://files.aegir.cc/BOA.sh.txt | bash
185.206.225.30 already denied for Flooding user/password
185.253.97.238 already denied for Flooding user/password
STATUS: Skynet Agent is Active, OK!
STATUS: You can add the _SKYNET_MODE=OFF line in
STATUS: /root/.barracuda.cnf to disable me, if needed.
CLNP: Only the allowed version (libcurl.so.4.8.0) is present in /usr/lib
CLNP: Only the allowed version (libcurl.so.4.8.0) is present in /usr/local/lib
CLNP: Only the allowed version (libcurl.so.4.8.0) is present in /usr/lib/x86_64-linux-gnu
CLNP: No broken symlinks found in /usr/lib
CLNP: No broken symlinks found in /usr/local/lib
CLNP: No broken symlinks found in /usr/lib/x86_64-linux-gnu

BOA Meta Installers setup completed
Please check INSTALL.md and UPGRADE.md at https://github.com/omega8cc/boa
Bye

The problem still exists:

o1.ftp:$ cd static/d7
*** forbidden path -> "/data/disk/o1/static/d7/"
*** You have 2 warning(s) left, before getting logged out.
This incident has been reported.
o1.ftp:$

It does not try to install pip, etc. like it did on teh other vps.

[EdNett]

I'll give you one more bit of information that may help you fix this issue - or whatever issues are currently affecting ssh/lshell , etc.

I use an ssh client that will also open an sftp connection when ssh in. For years, when ssh in as the o1.ftp user, both the terminal and the sftp put me at the same place /data/disk/o1 - so I am looking at teh /static/ directory; however, for 3 or 4 days now, when I ssh in as o1.ftp, the terminal is where it should be, but the sftp is at the server root - and immediately throws an error, since it doesn't have permissions to see the root of the server, and thus cannot be used at all.

On a vps which has this erronious behavior:
Fri Dec 6 05:12:28 AM UTC 2024 / Devuan.daedalus x86_64 Linux KVM guest / Aegir lts / Barracuda BOA-5.5.0-lts / Nginx 1.27.3 / PHP-MI 7.4 8.1 8.3 / PHP-SE / FPM 8.3 / CLI 8.3 / Percona-5.7.44 localhost
_XSE pure-ftpd is not running (PID file not found).
server1:~# boa info

Aegir BOA-5.5.0-lts on Devuan/daedalus x86_64
HOST Hetzner
VPS Linux KVM guest
NGX 1.27.3
PHP 8.3.14
DBV 5.7.44
RDS 7.0.15
SHD 9.9p1
SSH OpenSSH_9.9p1, OpenSSL 3.3.2 3 Sep 2024
LSH 0.10
PY3 3.11.2
PX3 3.12.5
SSL 3.3.2
CRL 8.10.1
CRL_From_Packages NO
CRL_Local_Bin YES

On a vps where the old working-properly behavior still exists (that is, the sftp for an o1.ftp ssh in puts me at /data/disk/o1): the last update was on Nov 9 2024 - boa 5.5.0-lts, and pure-ftp is NOT running, and :
SKY _SKYNET_MODE=NO
NGX 1.27.2
PHP 8.1.30
DBV 5.7.44
RDS 7.0.15
SHD 9.9p1
SSH OpenSSH_9.9p1, OpenSSL 3.3.2 3 Sep 2024
LSH 0.10
PY3 3.11.2
PX3 3.12.5
SSL 3.3.2
CRL 8.10.1

[EdNett]

I'm still having problems here after numerous up-lts barracuda (with aegir) and octopus.

Could you please tell me if the directory /data/disk/o1 is suppossed to be set to:
711
and if its ownership is suppossed to be "o1", "or "o1.ftp", please ?

Thank you.

[EdNett]

For example, when ssh in as o2 user, I see this in the Octopus GUI fo the path of an octopus installed platform:

/data/disk/o2/distro/105/localgov-3.0.11-10.3.6/web

but I cannot see that directory distro in sftp and cannot cd to it either, so I will not be able to use the ssh terminal to go to the platform root, or go to the sites root if necessary to use drush, for example. How can this be?

[omega8cc]

You should not enable SSH for the Aegir system user for security reasons.

You can access all created platforms from the limited shell user home via the ~/platforms directory and symlinks.

[EdNett]

It still isn't working as of today's barracuda + octopus up-lts. Today is Dec 22 2024. I cannot see any subdirectory /distro in data/disk/o2/ - and that is the path of the installed boa platforms, and in the subdirectory /platforms there are 2 subdirectories (105 and 106) both of which have ONLY the empty sub-directory "keys" in them. I have to login as root in order to see the /distro subdirectory where the BOA platforms are installed. Do you want me to try installing a new BOA platform and see if it gets installed in /platforms instead of /distro ? I did NOT install any new platforms with todays up-lts.