Sympl issueshttps://gitlab.com/sympl.io/sympl/-/issues2024-03-19T17:05:31Zhttps://gitlab.com/sympl.io/sympl/-/issues/323disable-filesystem-security: Can’t disable with config/disable-filesystem-sec...2024-03-19T17:05:31ZPaul Cammishdisable-filesystem-security: Can’t disable with config/disable-filesystem-security# Summary
According to multiple pages in the wiki, you can use `/srv/example.com/config/disable-filesystem-security` to disable on a **per-site** basis. However only `${domain}/config/do-not-secure` for per-site or `/etc/sympl/disable-f...# Summary
According to multiple pages in the wiki, you can use `/srv/example.com/config/disable-filesystem-security` to disable on a **per-site** basis. However only `${domain}/config/do-not-secure` for per-site or `/etc/sympl/disable-filesystem-security` for server-wide works.
https://wiki.sympl.io/view/Website_Configuration_Reference#Filesystem_Permissions
https://wiki.sympl.io/view/Configuration_Reference
See line 170 in the `sympl-filesystem-security` script
https://gitlab.mythic-beasts.com/sympl/sympl/-/blob/bullseye/core/sbin/sympl-filesystem-security#L170
# Steps to reproduce
- Create `/srv/example.com/config/disable-filesystem-security`
- change ownership of any file in the `public` directory
- run `sudo sympl-filesystem-security`
- the ownership is changed back, despite the script supposedly being disabled for this domain
# Example Project
See the script’s code, it doesn’t check on the file described in the wiki. It only checks the **global** config file, not the **domain specific** one.
https://gitlab.mythic-beasts.com/sympl/sympl/-/blob/bullseye/core/sbin/sympl-filesystem-security#L170
# What is the current bug behavior?
Doesn’t disable filesystem ownership changes in the domain
`/srv/example.com/config/disable-filesystem-security`
# What is the expected correct behavior?
According to multiple pages in the wiki, you can use `/srv/example.com/config/disable-filesystem-security` to disable on a **per-site** basis. However only `${domain}/config/do-not-secure` works.
https://wiki.sympl.io/view/Website_Configuration_Reference#Filesystem_Permissions
https://wiki.sympl.io/view/Configuration_Reference
# Possible fixes
See line 170 in the `sympl-filesystem-security` script
https://gitlab.mythic-beasts.com/sympl/sympl/-/blob/bullseye/core/sbin/sympl-filesystem-security#L170
/cc @kelduumPaul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/329Removal of sympl-ftp package doesn't remove /etc/sympl/monit.d/pure-ftp symlink2023-06-10T21:36:53ZPaul CammishRemoval of sympl-ftp package doesn't remove /etc/sympl/monit.d/pure-ftp symlink# What is the current bug behavior?
When you remove sympl-ftp (`apt remove --purge sympl-ftp`), the file `/usr/share/sympl/monit/checks/pure-ftpd` is removed but the symlink `/etc/sympl/monit.d/pure-ftpd` remains, causing the monitoring...# What is the current bug behavior?
When you remove sympl-ftp (`apt remove --purge sympl-ftp`), the file `/usr/share/sympl/monit/checks/pure-ftpd` is removed but the symlink `/etc/sympl/monit.d/pure-ftpd` remains, causing the monitoring to whine.
# What is the expected correct behavior?
The symlink `/etc/sympl/monit.d/pure-ftpd` should be removed also
/cc @kelduumhttps://gitlab.com/sympl.io/sympl/-/issues/328sympl-mail: Emailing mailbox quota functionality prevents mail delivery on Bu...2022-10-05T08:22:43ZPaul Cammishsympl-mail: Emailing mailbox quota functionality prevents mail delivery on BullseyeIdentified in an install migrated from Sympl 10, Exim considers the `mailboxes/example/quota`, `config/mailbox-quota` and `/etc/sympl/exim4/mailbox-quota` files tainted.
Mail is received and waits in the local spool, but cannot be deliv...Identified in an install migrated from Sympl 10, Exim considers the `mailboxes/example/quota`, `config/mailbox-quota` and `/etc/sympl/exim4/mailbox-quota` files tainted.
Mail is received and waits in the local spool, but cannot be delivered to user mailboxes until the quota is disabled.
Relevant variables will need de-tainting before they can be used.
Relevant file is `mail/exim4/sympl.d/30-transports/30-address-directory`Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/306Sympl 11: Installing sympl-mysql doesnt write the password to /home/sympl2021-02-15T11:33:44ZPaul CammishSympl 11: Installing sympl-mysql doesnt write the password to /home/symplThis is currently causing the testing to fail, and will need looking into.This is currently causing the testing to fail, and will need looking into.Sympl 11 for Debian BullseyePaul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/270sympl-web: Allow apache includes in config/2020-09-10T08:28:06ZPaul Cammishsympl-web: Allow apache includes in config/As per https://forum.sympl.host/t/auto-updating-ssl-certs-with-custom-apache-site-config/69/3
> One of the ways around this under symbiosis was to add an `IncludeOptional` directive to the master templates (`ssl.template.erb` & `non_ssl...As per https://forum.sympl.host/t/auto-updating-ssl-certs-with-custom-apache-site-config/69/3
> One of the ways around this under symbiosis was to add an `IncludeOptional` directive to the master templates (`ssl.template.erb` & `non_ssl.template.erb`) with customisations kept in, say, config…
>
> `IncludeOptional /srv/<% domain %>/config/apache-*.conf`
Thanks to alphacabbage1 for the suggestion.
This will need checking for security, as we don't want any random user writing stuff to there, and breaking the security model or stopping Apache from starting.https://gitlab.com/sympl.io/sympl/-/issues/279sympl-monit: Security warning emails on hostname resolution failure2020-04-20T10:41:34ZPaul Cammishsympl-monit: Security warning emails on hostname resolution failureIf for some reason DNS fails for the system hostname, the systemd service at `/usr/lib/systemd/system/sympl-monit.service` will throw security warnings at the root user via email as sudo is not happy.If for some reason DNS fails for the system hostname, the systemd service at `/usr/lib/systemd/system/sympl-monit.service` will throw security warnings at the root user via email as sudo is not happy.Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/275"doveconf: Warning: please set ssl_dh"2020-01-28T00:25:23ZPaul Cammish"doveconf: Warning: please set ssl_dh"I'm getting an hourly email from /etc/cron.hourly/sympl-mail-dovecot-sni saying:
> doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem
> doveconf: Warning: You can generate it with: dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 s...I'm getting an hourly email from /etc/cron.hourly/sympl-mail-dovecot-sni saying:
> doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem
> doveconf: Warning: You can generate it with: dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dhparam -inform der > /etc/dovecot/dh.pem
It looks like from https://wiki2.dovecot.org/Upgrading/2.3#dhparams you can do just that in order to fix the issue, but not sure if there's something else that should be done instead/as well. I'm running the buster version of Sympl.Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/238mail: Sieve tests failing2019-07-02T16:38:04ZPaul Cammishmail: Sieve tests failingLooks like two tests are failing at present.
* test_deliver_with_sieve
* test_deliver_with_sieve_for_local_users
Likely a change to sieve configuration as with Stretch.Looks like two tests are failing at present.
* test_deliver_with_sieve
* test_deliver_with_sieve_for_local_users
Likely a change to sieve configuration as with Stretch.Sympl v10.0 (for Debian Buster)Paul CammishPaul Cammish