HELP!!! Wrong permissions

Discussion in 'General' started by blocker, Jun 27, 2008.

  1. blocker

    blocker Member

    Hi all,

    suddenly ALL permissions are wrong on 1 of my servers. The folders and subfolders in /var/www are owned by group 10590, which does not exist in /etc/group.
    If i delete and then restore a site everything gets fixed, but i have more than 500 sites on the server. :eek: How does it come to such a problem?!

    Please help asap
    Thanks!!!
     
  2. blocker

    blocker Member

    Please help ASAP, my a** is burning :eek:, how do i get the right permissions at once, as i said above, deleting and restoring site does do the job... The next question will be whys that happening, but first i need to fix that permission crap...
     
  3. Snowman

    Snowman Member

    PASTE some examples.. it will help to find solution as soon as it is possible
     
  4. blocker

    blocker Member

    what kind of examples

    ALL the folders and subfolders in /var/www are owned by www-data:10590, and 10590 does not exist as ID or group name in /etc/group...

    no idea hows that happened, yesterday everything was OK - up and running w/o any problems ....
     
  5. Snowman

    Snowman Member

    /etc/group

    www-data:10590 is :LOL:
    as i know if you have webs in /var/www (i.e.)
    webs are numbered like : /var/www/web44/web/[content of webpage]

    permissons must be
    server:/var/www# ls -la | grep web44
    drwxr-xr-x 9 domain_admin web44 4096 2008-06-12 22:13 web44
    lrwxrwxrwx 1 www-data web44 22 2008-05-30 12:04 www.domain.com -> /var/www/web44

    so www.domain.com is 777 because its symlink to /var/www/web44 and web44 is folder with 755 and its owned by domain admin and domain group so if you have web44 it should be "chown domain_admin.web44".
    (symlinks are owned by www-data)

    Are there any records of web[number] in /etc/group ? (i.e. web44:x:10044:admispconfig,domain.com_admin)
     
  6. till

    till Super Moderator

    Please run the following SQL statements in the ispconfig database:

    update isp_isp_web set status = 'u' where status = '';
    update isp_isp_user set status = 'u' where status = '';

    Then change a setting in one of the sites in ispconfig and click on save.
     
  7. Snowman

    Snowman Member

    lol :) straight to solution thnx
     
  8. blocker

    blocker Member

    Thanks Till!!!

    Thats exactly what i was looking for!
    But unfortunately it doesn't work for me. I have tried exactly your suggestion:

    Code:
    mysql -u root -p
    use db_ispconfig;
    update isp_isp_web set status = 'u' where status = '';
    update isp_isp_user set status = 'u' where status = '';
    quit
    /root/ispconfig/php/bin/php /root/ispconfig/scripts/writeconf.php
    the output is something like this:

    Code:
    start
    UPDATE: 594
    UPDATE: 595
    UPDATE: 596
    etc etc etc
    
    UPDATE USER: 1
    UPDATE USER: 2
    UPDATE USER: 6
    etc etc etc
    
    ende
    there were also a couple of warnings like this:

    Code:
    UPDATE USER: 746
    
    Warning: symlink(): File exists in /root/ispconfig/scripts/lib/config.lib.php on line 933
    UPDATE USER: 1494
    after that:

    Code:
    cd /var/www
    ls -la
    
    drwxrwxrwx   8 admin_user                10590  4096 2008-06-28 08:50 web168
    lrwxrwxrwx   1 www-data                   10590    15 2008-03-20 11:25 www.example.org -> /var/www/web168
    
    (changed to 777, so the users at least can get the mails in their Maildirs...)

    So i suppose the problem should be somewhere in the ispc database, in case the writeconf.php is started after a modification flag has been set to every user and site? This is really wired i am totally confused...
     
  9. till

    till Super Moderator

    @ blocker: That looks all fine so far. What is your problem?
     
  10. blocker

    blocker Member

    Hi Till,

    my problem is that web168 (and all the other webs) has a group ownership of 10590 (such group name or group ID does no exist in /etc/group), this leads for example to another issue - users can not get their mails in the Maildir because (Permission denied)

    example of a directory structure:

    Code:
    drwxrwxrwx   8 admin_user                10590  4096 2008-06-28 08:50 web168
    lrwxrwxrwx   1 www-data                   10590    15 2008-03-20 11:25 www.example.org -> /var/www/web168
    Code:
    /var/www/web168# ls -la
    drwxrwxrwx   8 admin_user  10590  4096 2008-06-28 08:50 .
    drwxr-xr-x 539 www-data     10590 36864 2008-06-28 10:01 ..
    drwxrwxrwx   2 admin_user  10590  4096 2007-06-29 12:13 cgi-bin
    -rw-------   1 admin_user web168    24 2008-06-28 08:50 .forward
    -rw-rw-r--   1 www-data    web168    26 2008-06-30 04:06 .htpasswd
    drwxrwxrwx   4 admin_user web168  4096 2008-06-02 00:30 log
    lrwxrwxrwx   1 root        root      40 2008-06-28 08:50 Maildir -> /var/www/web168/user/admin_user/Maildir
    drwxrwxrwx   2 admin_user web168  4096 2007-06-29 12:13 phptmp
    -rw-r--r--   1 root        root     478 2008-06-28 08:50 .procmailrc
    lrwxrwxrwx   1 root        root      47 2008-06-28 08:50 .spamassassin -> /var/www/web168/user/admin_user/.spamassassin/
    drwxrwxrwx   2 admin_user  10590  4096 2007-06-29 12:13 ssl
    drwxrwxrwx   3 admin_user  10590  4096 2007-06-29 12:13 user
    lrwxrwxrwx   1 root        root      48 2008-06-28 08:50 .vacation.cache -> /var/www/web168/user/admin_user/.vacation.cache
    drwxrwxrwx  12 admin_user  10590  4096 2007-12-10 12:52 web
    
    Thanks!
     
  11. till

    till Super Moderator

    Please have a look in the file /etc/group Doe this look ok, are the other groups there or does it look corrupted somewhere?
     
  12. blocker

    blocker Member

    it doesn't look to be corrupted it has 592 rows, example of such record web168:

    Code:
    web168:x:10168:admispconfig,admin_user
    but noticed somethhing strange:

    Code:
    ispconfigend:x:20000:
    
    is on row 406, is that normal
     
  13. falko

    falko Super Moderator

    No. Did you add that group manually?
     
  14. blocker

    blocker Member

    no, but the server has been moved recently to new hardware, probably thats the time point when something went wrong
     
  15. till

    till Super Moderator

    All recent ispconfig versions add the ispconfigend group automatically.
     

Share This Page