Can't create folder or change permissions as root

Discussion in 'ISPConfig 3 Priority Support' started by skione, Sep 26, 2013.

  1. skione

    skione New Member

    I am running ubuntu 13.04 and I've installed ISPConfig control panel. The server is running an Amazon AMI with an EBS share mounted to /var/www

    Here are the folder permissions I am working with:
    drwxr-xr-x 3 root root 4096 Sep 26 15:12 ./
    drwxr-xr-x 3 root root 4096 Sep 26 15:11 ../
    lrwxrwxrwx 1 root root 30 Sep 25 21:57 snapapp.mantrais.com -> /var/www/clients/client0/web1//
    drwxr-xr-x 9 root root 4096 Sep 25 21:57 web1/

    Inside web1
    drwxr-xr-x 2 web1 client0 4096 Sep 25 21:57 cgi-bin
    drwxr-xr-x 2 root root 4096 Sep 25 21:57 log
    drwx--x--- 2 web1 client0 4096 Sep 25 21:57 private
    drwxr-xr-x 2 root root 4096 Sep 25 21:57 ssl
    drwxrwxrwx 2 web1 client0 4096 Sep 25 21:57 tmp
    drwx--x--- 11 web1 client0 4096 Sep 26 15:10 web
    drwx--x--- 2 web1 client0 4096 Sep 25 21:57 webdav

    If I run the following commands I get the following outputs:
    root@ip-10-80-245-30:/var/www/clients/client0/web1# chmod u+w .
    chmod: changing permissions of ‘.’: Operation not permitted
    root@ip-10-80-245-30:/var/www/clients/client0/web1# mkdir albums
    mkdir: cannot create directory ‘albums’: Permission denied
    root@ip-10-80-245-30:/var/www/clients/client0/web1#

    If I try and create a folder above or below web1 its no problem.
     
  2. till

    till Super Moderator

    Thats correct as the folders are protected and there should be no folders created in the web1 folder. If you need custom folders, better create them in the private folder if they shall not be in the web folder.

    If you really want to create a folder inside the web1 folder, then unprotect it with:

    chattr -i /var/www/clients/client0/web1

    and protect it again after you created the folder with:

    chattr +i /var/www/clients/client0/web1

    do not change the permissions of the web1 or web1/web folder if you dont want to open up your server for hackers.
     
  3. skione

    skione New Member

    I found this out by googling but this is not a good way as certain frameworks store their system files outside webroot and reference by referential paths.

    I need to be able to access my new folder from a web accessible location. There appears to be some restriction in places that is preventing my application from working. I need this to work they way it does on my dev server, it is crucial.

    So I have a file in web the refers to a file outside web via ../folder/file when the web file gets called it gets the content from the file outside web and then loads it.
     
  4. till

    till Super Moderator

    You can create such folders if your app is not able to use the private folder which exists for this purpose like I explained above. Example:

    Code:
    chattr -i /var/www/clients/client0/web1
    mkdir /var/www/clients/client0/web1/folder
    chown web1:client0 /var/www/clients/client0/web1/folder
    chattr +i /var/www/clients/client0/web1
     
  5. skione

    skione New Member

    The problem I was subsequently having was because I had switched to mod-php at some point in an attempt to troubleshoot. Once I switched back to fastcgi I had permissions to read/write to the folder.

    However I still think preventing root from creating folders there is not the best idea. As I mentioned many frameworks store folders at that level and it may not be immediately obvious (as it wasn't for me) how to get over that.

    Thanks for your help
     
  6. till

    till Super Moderator

    You can disable the folder protection under system > server config.

    But be aware that your customers will be able then to delete their "web" folder, which may cause the webserver to fail due to a missing document root of a vhost.
     

Share This Page