Permissions for web Directory

Discussion in 'General' started by outeredge, Dec 1, 2010.

  1. outeredge

    outeredge New Member

    Hi All,

    We've got a problem with the permissions that ISPConfig assigns to users web directories. Whenever changes are made to a customers account, the following command is issued:

    exec: chmod 710 /var/www/clients/client(x)/web(x)/web

    Some web applications, such as the PHP based SilverStripe CMS to name one, are unable to operate when the sites root folder does not have permissions of 755 or above as they use functions such as scandir() on the root path.

    Is this something that the team would consider changing in ISPConfig or do we need to look at creating our own custom code changes?


  2. till

    till Super Moderator Staff Member ISPConfig Developer

    I guess you use the wrong PHP mode as all cms systems that I know work perfectly with ispconfig. Make sure that you use php-fcgi or php-cgi and that you have suexec enabled for that website.
  3. outeredge

    outeredge New Member

    Hi Till,

    I disagree, on one of our existing servers that have been running DirectAdmin for many years, if I chmod 710 the web directory, the PHP scandir() function will fail to work.

    Why do you need to apply these permissions to the folder in the first place?

  4. till

    till Super Moderator Staff Member ISPConfig Developer

    This is ISPConfig and not DirectAdmin. ISPConfig does not use the configuration of DirectAdmin, so you can not compare something that you do on directadmin with ispconfig.

    Please ensure that PHP is configured in the way that I pointed out above.

    For security reasons. There is no access by others nescessary.
  5. outeredge

    outeredge New Member

    We already use suexec on our servers.

    If you put a PHP file in a users web root directory (with permissions of 710 set), with the following contents:


    Does it throw a php warning/error? it does for us.
    Last edited: Dec 1, 2010
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    No, you are missing the point. Directadmin php setup is not ispconfig php setup.

    Works fine on my server, no error and it prints the complete folder content as it should. Debian 5.0 perfect server, ispconfig 3.0.3, php-fcgi with suexec.

    Thats what I told you above, you can not compare a setup change that you do in directadmin with ispconfig.

    Why shall a scandir fail if php runs under the same user that is the owner of the web directory and the owner has "7" permissions?
  7. outeredge

    outeredge New Member

    Hi Till,

    Sorry if my post appeared rude, I do appreciate all your help on these forums. I honestly wasn't trying to suggest that our DA setup should be in any way similar to that of ISPConfig. Just that we could replicate the problem with permissions on that server.

    Obviously we must have something configured wrong in our setup that prevents the PHP user from scanning the web directory.

    I accept that we are trying to do things differently, as we have followed the Perfect Setup with the exception that we are running Litespeed instead of Apache.

    I wonder if yourself or anyone in the community has any ideas how we might fix this or where we might start?

    We have Litespeed setup to use Apache config files, suexec is turned on and we are using LSAPI with PHP 5.2.14.

  8. till

    till Super Moderator Staff Member ISPConfig Developer

    You should try to find out if your scripts are really running under the website user. Please create a file from within a php script and check which user owns this newly created file. e.g.


    If you dont use fcgi and suexec with the starter scripts generated by ispconfig, then your scripts are most likely running under the wrong user (the user of the webserver and not the user of the website).
  9. outeredge

    outeredge New Member


    I owe you one, after a second glance, I realised that I didn't have 'suexec' ticked in the control panel.

    Crisis averted, thanks!


Share This Page