Permission Denied

Post support questions that directly relate to Linux/Unix operating systems.

Moderators: Developers, Moderators

monitorbrd
Posts: 17
Joined: Sun Dec 17, 2017 1:05 pm

Re: Permission Denied

Post by monitorbrd »

Hello friends.
Help please with a known problem. I just can not decide.

Code: Select all

Permission Denied

You are not permitted to access this section of Cacti.
If you feel that this is an error. Please contact your Cacti Administrator.
[/b]

My config.php

Code: Select all

$database_type = "mysql";
$database_default = "cacti";
$database_hostname = "localhost";
$database_username = "cactiuser";
$database_password = "mypassword";
$database_port = "3306";
When I enter the wrong login and password, the system responds that I do not enter it correctly. And when I enter correctly, the system writes me a mistake Permission Denied

Even the password changed, not the input. Does not help !
Please, help me!
---------------------------
My OS FreeBSD 11
Version Cacti : 1.1.24
paulgevers
Cacti Pro User
Posts: 613
Joined: Tue Aug 29, 2006 4:09 pm
Location: NL

Re: Permission Denied

Post by paulgevers »

monitorbrd wrote: My OS FreeBSD 11
Version Cacti : 1.1.24
This is probably different than in Ubuntu, so the rest of this thread doesn't apply.
Maintainer of cacti in Debian (and Ubuntu).
Cacti 1.* is now officially supported on Debian Stretch via Debian backports
FAQ Ubuntu and Debian differences
Generic cacti debugging
netniV
Cacti Guru User
Posts: 3441
Joined: Sun Aug 27, 2017 12:05 am

Re: Permission Denied

Post by netniV »

clifford64 wrote:
paulgevers wrote:Ah, sorry, you didn't install the cacti package? Than I haven't said anything.

I thought (but I never install cacti manually, always from the Debian/Ubuntu package) that on initial install you get asked questions before you need to log in (the installi is without credentials, that is the part I don't like for Debian/Ubuntu, so I fixed that). I believe the install asks you which password to use for admin, but I may be wrong.

Anyways, you can also set the password in MySQL/MariaDB if admin/admin is really not working for you:

Code: Select all

UPDATE user_auth SET password=md5('your_new_password'), must_change_password='' WHERE id=1;

I was able to change the password from the default admin to something, but I am still getting the same error of:
Permission Denied
You are not permitted to access this section of Cacti.

If you feel that this is an error. Please contact your Cacti Administrator.
You need to be careful with doing this kind of update on a users password. In future versions of Cacti, the MD5 availability of password comparison could disappear. I know that there is an outstanding pull request for updating some of the password code to ensure compatibility between old and new as the 1.1.27/28 code has some flaws in it. But in future, that could all disappear with the user of password_hash and password_verify functions of PHP. I don't believe there is a MySQL compatible version so a custom PHP page would have to be written.
Cacti Developer & Release Manager
The Cacti Group

Director
BV IT Solutions Ltd

+--------------------------------------------------------------------------+

Cacti Resources:
Cacti Website (including releases)
Cacti Issues
Cacti Development Releases
Cacti Development Documentation
monitorbrd
Posts: 17
Joined: Sun Dec 17, 2017 1:05 pm

Re: Permission Denied

Post by monitorbrd »

markv wrote:
clifford64 wrote:
paulgevers wrote:Ah, sorry, you didn't install the cacti package? Than I haven't said anything.

I thought (but I never install cacti manually, always from the Debian/Ubuntu package) that on initial install you get asked questions before you need to log in (the installi is without credentials, that is the part I don't like for Debian/Ubuntu, so I fixed that). I believe the install asks you which password to use for admin, but I may be wrong.

Anyways, you can also set the password in MySQL/MariaDB if admin/admin is really not working for you:

Code: Select all

UPDATE user_auth SET password=md5('your_new_password'), must_change_password='' WHERE id=1;

I was able to change the password from the default admin to something, but I am still getting the same error of:
Permission Denied
You are not permitted to access this section of Cacti.

If you feel that this is an error. Please contact your Cacti Administrator.
You need to be careful with doing this kind of update on a users password. In future versions of Cacti, the MD5 availability of password comparison could disappear. I know that there is an outstanding pull request for updating some of the password code to ensure compatibility between old and new as the 1.1.27/28 code has some flaws in it. But in future, that could all disappear with the user of password_hash and password_verify functions of PHP. I don't believe there is a MySQL compatible version so a custom PHP page would have to be written.

I updated my password with this request

Code: Select all

mysql> update user_auth set password=’34819d7baaaee0934a5c854bc85b3e44′ where username=’admin’;
It's not strange that updating the password helped, but it's impossible to enter the system.
Friends, how can you help in this situation? What's next, I'm at an impasse!
netniV
Cacti Guru User
Posts: 3441
Joined: Sun Aug 27, 2017 12:05 am

Re: Permission Denied

Post by netniV »

Cacti is designed so that you create a database, install the source, run the /install/ folder and then login.

Paul's backports some of that work for you so that all you have to do is the /install/ sections that aren't already completed which added some security to the debian/ubuntu versions by setting the DB user and admin user passwords to a secure random password which is stored in the file above. That password is only readable by the sysadmin so can't be guessed easily if it is never changed.

Unfortunately, there are quite a few older installation guides out there though there are only a few guides updated to the latest versions. Good to hear that you got it working though by starting over.

Paul - The only thing I would suggest as an update, set the "change password" flag? Make them update as they log in that first time to ensure the change you recommend.
Cacti Developer & Release Manager
The Cacti Group

Director
BV IT Solutions Ltd

+--------------------------------------------------------------------------+

Cacti Resources:
Cacti Website (including releases)
Cacti Issues
Cacti Development Releases
Cacti Development Documentation
netniV
Cacti Guru User
Posts: 3441
Joined: Sun Aug 27, 2017 12:05 am

Re: Permission Denied

Post by netniV »

monitorbrd wrote:I updated my password with this request

Code: Select all

mysql> update user_auth set password=’34819d7baaaee0934a5c854bc85b3e44′ where username=’admin’;
It's not strange that updating the password helped, but it's impossible to enter the system.
Friends, how can you help in this situation? What's next, I'm at an impasse!
If this is a newer version of cacti with php 5.5 or above, you are better off using code to generate the password and then update the database using the SQL as above because cacti will use the newer password hash functions so try the following:

Code: Select all

<?php
$password = 'ThisIsATest1';
$hash = password_hash($password, PASSWORD_DEFAULT);
echo "[".$hash."]\n";
?>
This will give output such as:

Code: Select all

[$2y$10$V6EOAFseyVZuLIjNeu8zquw.0fv8D0XHash8pRSHlpWz.UR1eLrF2]
Or when run a second time

Code: Select all

[$2y$10$PwgVTQqgcVJbh06qZljmtefLwkFDOXtMM548UaQ/gF/9f6p3gIsI6]
Take everything but the brackets and update your user with that password:

Code: Select all

mysql> update user_auth set password=’$2y$10$V6EOAFseyVZuLIjNeu8zquw.0fv8D0XHash8pRSHlpWz.UR1eLrF2′ where username=’admin’;
If you are running PHP earlier than 5.5, use the MD5 method that Paul mentioned above.
Cacti Developer & Release Manager
The Cacti Group

Director
BV IT Solutions Ltd

+--------------------------------------------------------------------------+

Cacti Resources:
Cacti Website (including releases)
Cacti Issues
Cacti Development Releases
Cacti Development Documentation
monitorbrd
Posts: 17
Joined: Sun Dec 17, 2017 1:05 pm

Re: Permission Denied

Post by monitorbrd »

markv wrote:
monitorbrd wrote:I updated my password with this request

Code: Select all

mysql> update user_auth set password=’34819d7baaaee0934a5c854bc85b3e44′ where username=’admin’;
It's not strange that updating the password helped, but it's impossible to enter the system.
Friends, how can you help in this situation? What's next, I'm at an impasse!
If this is a newer version of cacti with php 5.5 or above, you are better off using code to generate the password and then update the database using the SQL as above because cacti will use the newer password hash functions so try the following:

Code: Select all

<?php
$password = 'ThisIsATest1';
$hash = password_hash($password, PASSWORD_DEFAULT);
echo "[".$hash."]\n";
?>
This will give output such as:

Code: Select all

[$2y$10$V6EOAFseyVZuLIjNeu8zquw.0fv8D0XHash8pRSHlpWz.UR1eLrF2]
Or when run a second time

Code: Select all

[$2y$10$PwgVTQqgcVJbh06qZljmtefLwkFDOXtMM548UaQ/gF/9f6p3gIsI6]
Take everything but the brackets and update your user with that password:

Code: Select all

mysql> update user_auth set password=’$2y$10$V6EOAFseyVZuLIjNeu8zquw.0fv8D0XHash8pRSHlpWz.UR1eLrF2′ where username=’admin’;
If you are running PHP earlier than 5.5, use the MD5 method that Paul mentioned above.
-------
Friends !
Gives an error message after entering the command

Code: Select all

 update user_auth set password='$2y$10$0Ww3VfvnQD1kXoR5dgq83.c.B8FMP6.f61jLSOLwkZxsk94CjqM26' where username='admin';
ERROR 1406 (22001): Data too long for column 'password' at row 1
netniV
Cacti Guru User
Posts: 3441
Joined: Sun Aug 27, 2017 12:05 am

Re: Permission Denied

Post by netniV »

Can you do a

Code: Select all

show create table `user_auth`\G;
in mysql ?

Mine shows a line for the password field of:

Code: Select all

`password` varchar(2048) NOT NULL DEFAULT ''
Cacti Developer & Release Manager
The Cacti Group

Director
BV IT Solutions Ltd

+--------------------------------------------------------------------------+

Cacti Resources:
Cacti Website (including releases)
Cacti Issues
Cacti Development Releases
Cacti Development Documentation
monitorbrd
Posts: 17
Joined: Sun Dec 17, 2017 1:05 pm

Re: Permission Denied

Post by monitorbrd »

markv wrote:Can you do a

Code: Select all

show create table `user_auth`\G;
in mysql ?

Mine shows a line for the password field of:

Code: Select all

`password` varchar(2048) NOT NULL DEFAULT ''
----------
Sorry !!!

For database mysql or cacti ?

Code: Select all

create table `user_auth';
or

Code: Select all

show table `user_auth';
:D
-----------------------------
I am doing
mysql -u root -p
use cacti;
show tables;

Code: Select all




cdef                      |
| cdef_items                |
| colors                    |
| data_input                |
| data_input_data           |
| data_input_fields         |
| data_local                |
| data_template             |
| data_template_data        |
| data_template_data_rra    |
| data_template_rrd         |
| graph_local               |
| graph_template_input      |
| graph_template_input_defs |
| graph_templates           |
| graph_templates_gprint    |
| graph_templates_graph     |
| graph_templates_item      |
| graph_tree                |
| graph_tree_items          |
| host_graph                |
| host_snmp_cache           |
| host_snmp_query           |
| host_template             |
| host_template_graph       |
| host_template_snmp_query  |
| plugin_config             |
| plugin_db_changes         |
| plugin_hooks              |
| plugin_realms             |
| poller_item               |
| poller_reindex            |
| rra                       |
| rra_cf                    |
| settings                  |
| settings_graphs           |
| settings_tree             |
| snmp_query                |
| snmp_query_graph          |
| snmp_query_graph_rrd      |
| snmp_query_graph_rrd_sv   |
| snmp_query_graph_sv       |
| user_auth                 |
| user_auth_perms           |
| user_auth_realm           |
| version 


paulgevers
Cacti Pro User
Posts: 613
Joined: Tue Aug 29, 2006 4:09 pm
Location: NL

Re: Permission Denied

Post by paulgevers »

markv wrote:Paul - The only thing I would suggest as an update, set the "change password" flag? Make them update as they log in that first time to ensure the change you recommend.
I expect every administrator to change the password on first login. In the past Cacti in Debian just followed the Cacti behavior, so there should not be any "unsafe" password out there on systems that are being used. Why I implemented that secure password thing is to avoid having a running Cacti instance without a safe password, especially for admins that didn't release that installing the package would be unsafe without actions (that is not the Debian philosophy).

I don't think upgrading warrants a password change, but please convince me if you still think that is a good idea.
Maintainer of cacti in Debian (and Ubuntu).
Cacti 1.* is now officially supported on Debian Stretch via Debian backports
FAQ Ubuntu and Debian differences
Generic cacti debugging
netniV
Cacti Guru User
Posts: 3441
Joined: Sun Aug 27, 2017 12:05 am

Re: Permission Denied

Post by netniV »

markv wrote:Can you do a

Code: Select all

show create table `user_auth`\G;
in mysql ?

Mine shows a line for the password field of:

Code: Select all

`password` varchar(2048) NOT NULL DEFAULT ''
Please run the command I put in the first code block at the MySQL prompt. You have broken it up which isn’t the desired commands.
Last edited by netniV on Tue Dec 19, 2017 1:47 pm, edited 1 time in total.
Cacti Developer & Release Manager
The Cacti Group

Director
BV IT Solutions Ltd

+--------------------------------------------------------------------------+

Cacti Resources:
Cacti Website (including releases)
Cacti Issues
Cacti Development Releases
Cacti Development Documentation
netniV
Cacti Guru User
Posts: 3441
Joined: Sun Aug 27, 2017 12:05 am

Re: Permission Denied

Post by netniV »

paulgevers wrote:
markv wrote:Paul - The only thing I would suggest as an update, set the "change password" flag? Make them update as they log in that first time to ensure the change you recommend.
I expect every administrator to change the password on first login. In the past Cacti in Debian just followed the Cacti behavior, so there should not be any "unsafe" password out there on systems that are being used. Why I implemented that secure password thing is to avoid having a running Cacti instance without a safe password, especially for admins that didn't release that installing the package would be unsafe without actions (that is not the Debian philosophy).

I don't think upgrading warrants a password change, but please convince me if you still think that is a good idea.
I agree upgrading doesn’t. I was just thinking of the first install when you set the password also mark it as expired.
Cacti Developer & Release Manager
The Cacti Group

Director
BV IT Solutions Ltd

+--------------------------------------------------------------------------+

Cacti Resources:
Cacti Website (including releases)
Cacti Issues
Cacti Development Releases
Cacti Development Documentation
monitorbrd
Posts: 17
Joined: Sun Dec 17, 2017 1:05 pm

Re: Permission Denied

Post by monitorbrd »

markv wrote:
markv wrote:Can you do a

Code: Select all

show create table `user_auth`\G;
in mysql ?

Mine shows a line for the password field of:

Code: Select all

`password` varchar(2048) NOT NULL DEFAULT ''
Please run the command I put in the first code block at the MySQL prompt. You have broken it up which isn’t the desired commands.


Run command and .....

Code: Select all

*************************** 1. row ***************************
       Table: user_auth
Create Table: CREATE TABLE `user_auth` (
  `id` mediumint(8) unsigned NOT NULL AUTO_INCREMENT,
  `username` varchar(50) NOT NULL DEFAULT '0',
  `password` varchar(50) NOT NULL DEFAULT '0',
  `realm` mediumint(8) NOT NULL DEFAULT '0',
  `full_name` varchar(100) DEFAULT '0',
  `must_change_password` char(2) DEFAULT NULL,
  `show_tree` char(2) DEFAULT 'on',
  `show_list` char(2) DEFAULT 'on',
  `show_preview` char(2) NOT NULL DEFAULT 'on',
  `graph_settings` char(2) DEFAULT NULL,
  `login_opts` tinyint(1) NOT NULL DEFAULT '1',
  `policy_graphs` tinyint(1) unsigned NOT NULL DEFAULT '1',
  `policy_trees` tinyint(1) unsigned NOT NULL DEFAULT '1',
  `policy_hosts` tinyint(1) unsigned NOT NULL DEFAULT '1',
  `policy_graph_templates` tinyint(1) unsigned NOT NULL DEFAULT '1',
  `enabled` char(2) NOT NULL DEFAULT 'on',
  PRIMARY KEY (`id`),
  KEY `username` (`username`),
  KEY `realm` (`realm`),
  KEY `enabled` (`enabled`)
) ENGINE=MyISAM AUTO_INCREMENT=4 DEFAULT CHARSET=latin1
1 row in set (0.02 sec)

ERROR:
No query specified
What do we do next?
netniV
Cacti Guru User
Posts: 3441
Joined: Sun Aug 27, 2017 12:05 am

Re: Permission Denied

Post by netniV »

OK, that is not what I expected for the current version of cacti. What version are you running again? Have you upgraded recently?
Cacti Developer & Release Manager
The Cacti Group

Director
BV IT Solutions Ltd

+--------------------------------------------------------------------------+

Cacti Resources:
Cacti Website (including releases)
Cacti Issues
Cacti Development Releases
Cacti Development Documentation
monitorbrd
Posts: 17
Joined: Sun Dec 17, 2017 1:05 pm

Re: Permission Denied

Post by monitorbrd »

markv wrote:OK, that is not what I expected for the current version of cacti. What version are you running again? Have you upgraded recently?

Freebsd 11
Cacti version 1.1.24
PHP 5.6.31


And this error occurs when you enter the correct login and password
Attachments
Cacti : permission denied
Cacti : permission denied
cacti_error.png (41.12 KiB) Viewed 1688 times
Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest