ISPConfig correct settings of Owner/Group for /var/www/...

Discussion in 'Installation/Configuration' started by Keith Shepherd, May 14, 2020.

  1. Keith Shepherd

    Keith Shepherd New Member

    Unfortunately, when trying to modify permissions so that a user can upload files, I've messed up the Owner/Group settings so that I can no longer run ISPConfig 3 from a browser as I get the message in the browser saying 'No input file specified'. Also I can no longer run php scripts from a browser and get an Error 500 Internal Server Error.
    I'm currently running Ubuntu 18.04, Apache2, the latest version of ISPConfig and php 7.2.
    The directory structure is as follows:
    /var/www:
    drwxr-xr-x 2 www-data www-data 4096 Apr 24 18:48 apps
    drwxr-xr-x 3 www-data www-data 4096 Apr 25 17:12 clients
    drwxr-xr-x 2 www-data www-data 4096 Apr 25 17:12 conf
    drwxr-xr-x 2 www-data www-data 4096 Apr 25 19:33 html
    lrwxrwxrwx 1 ispconfig ispconfig 34 Apr 24 18:48 ispconfig -> /usr/local/ispconfig/interface/web lrwxrwxrwx 1 root root 29 May 14 15:01 lovedoneslife.uk -> /var/www/clients/client0/web6 drwxr-xr-x 5 ispconfig ispconfig 4096 Apr 27 12:58 php-fcgi-scripts
    drwxr-xr-x 2 www-data www-data 4096 May 14 06:58 webalizer
    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
    /var/www/apps:
    total 0
    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------/var/www/clients:
    drwxr-xr-x 3 www-data www-data 4096 May 14 14:59 client0

    /var/www/client0:
    drwxr-xr-x 10 root root 4096 Apr 27 12:58 web6

    /var/www/client0/web6:
    drwxr-xr-x 2 www-data www-data 4096 Apr 27 12:58 cgi-bin
    drwxr-xr-x 2 www-data www-data 4096 May 14 12:50 log
    drwx--x--- 2 www-data www-data 4096 Apr 27 12:58 private
    drwxr-xr-x 2 www-data www-data 4096 Apr 27 15:25 ssl
    drwxrwx--- 2 www-data www-data 4096 May 12 19:43 tmp
    drwxrwxrwx 10 www-data www-data 4096 May 13 14:58 web
    drwx--x--- 2 www-data www-data 4096 Apr 27 12:58 webdav
    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
    /var/www/conf:
    total 0
    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------/var/www/html:
    -rw-rw-r-- 1 www-data www-data 469 Apr 25 15:00 index.htm.bak
    -rw-r--r-- 1 www-data www-data 10918 Apr 24 17:24 index.html.ubuntuapache
    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------/var/www/php-fcgi-scripts:
    drwxr-xr-x 2 ispconfig ispconfig 4096 Apr 24 18:48 apps
    drwxr-xr-x 2 ispconfig ispconfig 4096 Apr 24 18:48 ispconfig
    drwxr-xr-x 2 root root 4096 Apr 27 14:56 web6

    /var/www/php-fcgi-scripts/apps:
    -rwxr-xr-x 1 ispconfig ispconfig 281 Apr 24 18:48 .php-fcgi-starter

    /var/www/php-fcgi-scripts/ispconfig:
    -rwxr-xr-x 1 ispconfig ispconfig 300 Apr 24 18:48 .php-fcgi-starter

    /var/www/php-fcgi-scripts/web6
    -rwxr-xr-x 1 root root 1061 Apr 27 14:56 .php-fcgi-starter
    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------/var/www/webalizer:
    ctry_usage_202004.png
    -rw-r--r-- 1 www-data www-data 2533 May 14 06:58 ctry_usage_202005.png
    -rw-r--r-- 1 www-data www-data 2991 May 1 09:22 daily_usage_202004.png
    -rw-r--r-- 1 www-data www-data 2578 May 14 06:58 daily_usage_202005.png
    -rw-r--r-- 1 www-data www-data 1994 May 1 09:22 hourly_usage_202004.png
    -rw-r--r-- 1 www-data www-data 1599 May 14 06:58 hourly_usage_202005.png
    -rw-r--r-- 1 www-data www-data 4232 May 14 06:58 index.html
    -rw-r--r-- 1 www-data www-data 83129 May 1 09:22 usage_202004.html
    -rw-r--r-- 1 www-data www-data 44113 May 14 06:58 usage_202005.html
    -rw-r--r-- 1 www-data www-data 2179 May 14 06:58 usage.png
    -rw-r--r-- 1 www-data www-data 1945 May 14 06:58 webalizer.current
    -rw-r--r-- 1 www-data www-data 3368 May 14 06:58 webalizer.hist
    Following is the entry in the Apache2 error.log:
    [Thu May 14 14:39:26.733913 2020] [fcgid:warn] [pid 8494] (104)Connection reset by peer: [client 90.244.189.120:53452] mod_fcgid: error reading data from FastCGI server
    [Thu May 14 14:39:26.733948 2020] [core:error] [pid 8494] [client 90.244.189.120:53452] End of script output before headers: index.php
    suexec policy violation: see suexec log for more details
    suexec policy violation: see suexec log for more details
    suexec policy violation: see suexec log for more details
    suexec policy violation: see suexec log for more details
    suexec policy violation: see suexec log for more details
    suexec policy violation: see suexec log for more details
    suexec policy violation: see suexec log for more details
    suexec policy violation: see suexec log for more details
    Entry in the Apache2 suexec.log:
    [2020-05-14 15:35:22]: uid: (5004/web6) gid: (5005/client0) cmd: .php-fcgi-starter
    [2020-05-14 15:35:22]: target uid/gid (5004/5005) mismatch with directory (0/0) or program (0/0)
    [2020-05-14 15:36:55]: uid: (5004/web6) gid: (5005/client0) cmd: .php-fcgi-starter
    [2020-05-14 15:36:55]: target uid/gid (5004/5005) mismatch with directory (0/0) or program (0/0)
    [2020-05-14 15:37:02]: uid: (5004/web6) gid: (5005/client0) cmd: .php-fcgi-starter
    [2020-05-14 15:37:02]: target uid/gid (5004/5005) mismatch with directory (0/0) or program (0/0)

    I'm pretty positive that it's either a Owner/Group or permissions problem, as I can run php on the server.

    Any help would be much appreciated.
     
  2. nhybgtvfr

    nhybgtvfr Active Member

    ispapps:ispapps for ispapps
    root:root for clients, conf, html, php-fcgi-scripts, webalizer and all contents recursively unless specified otherwise below

    within php-fcgi-scripts:
    ispapps:ispapps for apps
    ispconfig:ispconfig for ispconfig
    <webid>:<clientid> for web## as appropriate.

    root:root for /var/www/clients/<clientid>/<webid> inclusive.
    from within /var/www/clients/client##/web##:
    root:root for log and ssl folders and all contents
    <webid>:<clientid> for cgi-bin, private, tmp, web, WebDAV folders and all contents

    if you have ssh users enabled on a site:
    root:root for bin, etc, home, lib, lib64, run, usr, var and all contents (except contents of home), and permissions on tmp changed to 777
    within home: <webid>:<clientid> for all folders and contents
     
    Last edited: May 14, 2020
  3. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    (EDIT: I saw above reply after I posted this, but I'll leave it here)

    I'm running Debian 10 and these are the perms for /var/www:
    Code:
    drwxr-xr-x  2 ispapps ispapps 4096 Feb 15 21:28 apps
    drwxr-xr-x  9 root    root    4096 Mar 14 17:00 clients
    drwxr-xr-x  2 root    root    4096 Feb 15 23:05 conf
    drwxr-xr-x  2 root    root    4096 Feb 15 20:57 html
    lrwxrwxrwx  1 root    root      34 Feb 15 22:02 ispconfig -> /usr/local/ispconfig/interface/web
    drwxr-xr-x 20 root    root    4096 Apr  6 09:30 php-fcgi-scripts
    drwxr-xr-x  2 root    root    4096 May 14 06:25 webalizer
    However, the web folders of the clients are ofcourse owned by webID:clientID... So you can't simply change the ownership recursively, I think. You could try changing the ownership of the ispconfig folder and when you can reach the interface again, resync all websites, but again, I'm not 100% sure if that would work.
     
  4. Keith Shepherd

    Keith Shepherd New Member

    THank you so much for your prompt responses. I'll reset the owner/group based on the above to hopefully resolve the problems I'm having.
     
  5. nhybgtvfr

    nhybgtvfr Active Member

    you could for recursively setting owners, where subfolders eventually change ownsership, use, from in /var/www/clients:
    find . -maxdepth # -type d -exec chown root:root {} \;
    find . -maxdepth # -type f -exec chown root:root {} \;

    to change ownership of everything to root:root upto where the ownership needs to change to the webid:clientid, changing # to whatever number correctly specifies the required subfolder depth.

    for folders in /var/www/clients/client#/web#/ there may be some variation you can do using mindepth instead, but it's much more complicated since you'll need to change files and folders at the same depth to different owners. if you don't have a lot of websites, it'll be easier/quicker to just cd into /var/www/clients/client#/web# and chown -R <userid>:<groupid> each folder manually.
     
  6. Keith Shepherd

    Keith Shepherd New Member

    Applied changes listed above and php now working OK, but unfortunately I'm still getting 'No input file specified' when I try to run ISPConfig from a browser.
    This is the URL https://serverIPAddress:8080/login/index.php
    ISPConfig worked perfectly before I messed-up the Owner/Group settings.
    Any ideas?
     
  7. nhybgtvfr

    nhybgtvfr Active Member

    you say you can run php on the server, I assume you mean on the cli? that will use php-cli, that doesn't mean the php-apache, php-cgi, or php-fpm are working correctly.

    you've obviously changed owner details on quite a bit, although hopefully, all those changes are correctly fixed now,
    have you also, since the ispconfig interface last worked, changed any apache or php settings/ config files?
    or changed anything in any file in /etc/apache2/sites-enabled or /etc/apache2/sites-available?
     
  8. Keith Shepherd

    Keith Shepherd New Member

    Yes php is running OK from browser. The changes you provided did the trick apart from ISPConfig. Since ISPConfig last worked, prior to me messing-up the Owner/Group settings, I haven't amended the apache or php settings/config files or changed anything else. It looks as though ISPConfig not finding correct directory.
     
  9. Keith Shepherd

    Keith Shepherd New Member

    The symbolic link ispconfig in /var/www is pointing to /usr/local/ispconfig/interface/web.
    The owner/group setting for the symbolic link is root:root. Should this be ispconfig:ispconfig?
    The owner/group for /usr is root:root
    The owner/group for /usr/local is root:root
    The owner/group for /usr/local/ispconfig is root:root
    The owner/group for /usr/local/ispconfig/interface is ispconfig:ispconfig
    The owner/group for /usr/local/ispconfig/interface/web is www-data:www-data
    The owner/group for all the directories and files within /usr/local/ispconfig/interface/web is ispconfig:ispconfig
    Should the owner/group for /usr/local/ispconfig/interface/web be ispconfig:ispconfig and this is what's causing the problem?
    I don't like to change the owner/group setting incase I mess it up again!
     
  10. nhybgtvfr

    nhybgtvfr Active Member

    post the output of
    ls -l /var/www/ | grep ispconfig
    and of:
    ls -l /usr/local/ | grep ispconfig
    ls -l /usr/local/ispconfig
    ls -l /usr/local/ispconfig/interface

    it may also be worth posting the content of /etc/apache2/sites-available/ispconfig.vhost so we can check nothing strange has been done in there, possibly by a resync/reconfigure of services. not expecting anything here, but it won't hurt to check.

    it's most likely the ownership of /var/www/ispconfig, I believe that should be root:root
    may need to use the -h option in chown for that, and even if you're in the /var/www folder running the command, you may still need to use the full folder path when specifying the symlink.
     
  11. nhybgtvfr

    nhybgtvfr Active Member

    ok, looks like you posted most of what I requested whilst I was typing it. :)
    everything from /usr/local/ispconfig/interface/web onwards should be ispconfig:ispconfig


    might be worth checking everything in /usr/local/ispconfig/interface to be sure.
    everything in there and all subfolders and their contents should all be ispconfig:ispconfig, except for the ssl folder, ssl and all contents should be root:root

    i'd suggest changing the ownership on the symlink /var/www/ispconfig first, as if you don't get that bit right you could be changing the actual file/folder permissions again instead.
     
    Last edited: May 15, 2020
  12. Keith Shepherd

    Keith Shepherd New Member

    Changing the owner/group of /usr/local/ispconfig/interface/web from www-data:www-data to ispconfig:ispconfig did the trick. ISPConfig now working.

    It looks as though the owner/group of root:root for the symbolic link ispconfig in /var/www must be the correct setting.
     
  13. Keith Shepherd

    Keith Shepherd New Member

    Thank you so much for your help.
     

Share This Page