HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=27)
-   -   Wrong permissions on web folder (http://www.howtoforge.com/forums/showthread.php?t=51406)

awd.pt 12th February 2011 12:10

Wrong permissions on web folder
 
I'm having the following problem.

I'm running latest ISPConfig3 release on CentOS 5.5.

All the sites are running with Fast-CGI and suExec.

Each time I make any modification on a site by SPConfig Panel I have to manually change the perms to 711 on the web folder.

On /etc/group I have this:
Quote:

...
client32:x:5043:apache
...
The output of groups apache shows:
Quote:

apache : apache ispconfig client2 client3 client4 client5 client6 ... client32 ...
The perm on a site when I create are:
Quote:

[root@ISPC30 srmvfr.pt]# ls -l
total 16
drwxr-x--x 2 web60 client35 4096 Feb 10 16:22 cgi-bin
lrwxrwxrwx 1 web60 client35 34 Feb 10 16:22 log -> /var/log/ispconfig/httpd/srmvfr.pt
drwxr-x--x 2 web60 client35 4096 Feb 10 16:22 ssl
drwxrwxrwx 2 web60 client35 4096 Feb 10 16:22 tmp
drwx--x--- 13 web60 client35 4096 Feb 11 12:43 web
[root@ISPC30 srmvfr.pt]#
And I always get a Permission denied until i change them to:
Quote:

[root@ISPC30 srmvfr.pt]# ls -l
total 16
drwxr-x--x 2 web60 client35 4096 Feb 10 16:22 cgi-bin
lrwxrwxrwx 1 web60 client35 34 Feb 10 16:22 log -> /var/log/ispconfig/httpd/srmvfr.pt
drwxr-x--x 2 web60 client35 4096 Feb 10 16:22 ssl
drwxrwxrwx 2 web60 client35 4096 Feb 10 16:22 tmp
drwx--x--x 13 web60 client35 4096 Feb 11 12:43 web
[root@ISPC30 srmvfr.pt]#
Other workaround is to change the group owner of the web directory to apache.

I need help on sorting this out.

I followed the multiserver installation as detailed on the ISPConfig Manual I bought.

I have a dedicated mysql server, that is my multiserver setup.

Thank you in advance,
Sergio Rosa

till 13th February 2011 21:20

Quote:

drwx--x--- 13 web60 client35 4096 Feb 11 12:43 web
This are the correct permissions for the site.

Under which user and group does the apache server run on your server?

awd.pt 14th February 2011 01:03

hello till,

yes, does are the right perms. But with them apache can't access the directory.

Apache (web server) is running as user/group apache.

till 14th February 2011 10:04

But then apache must be able to access the directory. Do you have any security extensions like selinux enabled that might prevent apache accessing the files?

awd.pt 14th February 2011 12:40

Quote:

Originally Posted by till (Post 251102)
But then apache must be able to access the directory. Do you have any security extensions like selinux enabled that might prevent apache accessing the files?

Quote:

[root@ISPC30 ]# selinuxenabled
[root@ISPC30 ]# echo $?
1
[root@ISPC30 ]#
0 enable
1 disable

selinux is disable.

What other thing might be causing this?

I've banged my head to the wall but I can't see what is wrong.

awd.pt 14th February 2011 12:51

just another info, showing that everything should be fine...

Quote:

[root@ISPC30 ~]# id apache
uid=48(apache) gid=48(apache) groups=48(apache),5004(ispconfig),5005(client2),50 06(client3),5007(client4),5008(client5),5009(clien t6),5010(client7),5011(client8),5012(client9),5013 (client10).......

till 14th February 2011 12:56

I have no idea.

What is the exact error message that you get in the error.log of the website?

awd.pt 14th February 2011 13:56

Quote:

Originally Posted by log/error.log

[Mon Feb 14 12:47:07 2011] [crit] [client 213.13.150.21] (13)Permission denied: /var/www/thecandystory.com/web/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
[Mon Feb 14 12:47:07 2011] [error] [client 213.13.150.21] File does not exist: /var/www/error/403.html

Quote:

Originally Posted by ls -l
drwxr-x--x 2 web62 client38 4096 Feb 10 16:26 cgi-bin
lrwxrwxrwx 1 web62 client38 42 Feb 10 16:26 log -> /var/log/ispconfig/httpd/thecandystory.com
drwxr-x--x 2 web62 client38 4096 Feb 10 16:26 ssl
drwxrwxrwx 2 web62 client38 4096 Feb 10 16:26 tmp
drwx--x--- 7 web62 client38 4096 Feb 11 17:55 web

Quote:

Originally Posted by ls -la /web
...
[root@ISPC30 thecandystory.com]# ls -l web/
total 1192

-rw-r--r-- 1 web62 client38 2349 Feb 16 2009 index.html
-rw-r--r-- 1 web62 client38 4524 Feb 16 2009 index.php

....

no .htaccess in web directory

If I activate the account apache in order to login (su - apache) when I try do browse the user's directories I get an "access denied". No matter if apache belongs to the group or not.

For some reason CentOS is not respecting the user/group permissions and access.

Any tool I can use to debug this dam thing?

awd.pt 14th February 2011 14:03

I think that a litle thing was missed by me.

Quote:

Originally Posted by df-kh
...
nfs-srv:/export/ispc30 144G 31G 106G 23% /var/www
...

on the nfs server, the export is made like this
Quote:

Originally Posted by cat /etc/exports
...
/export/ispc30 ispc30(rw,no_root_squash)
...

I think that this might be the problem.

Any suggestion on what flags to use to export the mpoint?

awd.pt 15th February 2011 12:09

Just to update this, it might be of some utility.

If the /var/www is mounted from a remote nfs server you'll have trouble with the permissions of the web directory.

I moved all data to a system disk and everything is running fine now.

Thank you 4 your help.


All times are GMT +2. The time now is 04:44.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.