I am running ubuntu 13.04 and I've installed ISPConfig control panel. The server is running an Amazon AMI with an EBS share mounted to /var/www Here are the folder permissions I am working with: drwxr-xr-x 3 root root 4096 Sep 26 15:12 ./ drwxr-xr-x 3 root root 4096 Sep 26 15:11 ../ lrwxrwxrwx 1 root root 30 Sep 25 21:57 snapapp.mantrais.com -> /var/www/clients/client0/web1// drwxr-xr-x 9 root root 4096 Sep 25 21:57 web1/ Inside web1 drwxr-xr-x 2 web1 client0 4096 Sep 25 21:57 cgi-bin drwxr-xr-x 2 root root 4096 Sep 25 21:57 log drwx--x--- 2 web1 client0 4096 Sep 25 21:57 private drwxr-xr-x 2 root root 4096 Sep 25 21:57 ssl drwxrwxrwx 2 web1 client0 4096 Sep 25 21:57 tmp drwx--x--- 11 web1 client0 4096 Sep 26 15:10 web drwx--x--- 2 web1 client0 4096 Sep 25 21:57 webdav If I run the following commands I get the following outputs: root@ip-10-80-245-30:/var/www/clients/client0/web1# chmod u+w . chmod: changing permissions of ‘.’: Operation not permitted root@ip-10-80-245-30:/var/www/clients/client0/web1# mkdir albums mkdir: cannot create directory ‘albums’: Permission denied root@ip-10-80-245-30:/var/www/clients/client0/web1# If I try and create a folder above or below web1 its no problem.
Thats correct as the folders are protected and there should be no folders created in the web1 folder. If you need custom folders, better create them in the private folder if they shall not be in the web folder. If you really want to create a folder inside the web1 folder, then unprotect it with: chattr -i /var/www/clients/client0/web1 and protect it again after you created the folder with: chattr +i /var/www/clients/client0/web1 do not change the permissions of the web1 or web1/web folder if you dont want to open up your server for hackers.
I found this out by googling but this is not a good way as certain frameworks store their system files outside webroot and reference by referential paths. I need to be able to access my new folder from a web accessible location. There appears to be some restriction in places that is preventing my application from working. I need this to work they way it does on my dev server, it is crucial. So I have a file in web the refers to a file outside web via ../folder/file when the web file gets called it gets the content from the file outside web and then loads it.
You can create such folders if your app is not able to use the private folder which exists for this purpose like I explained above. Example: Code: chattr -i /var/www/clients/client0/web1 mkdir /var/www/clients/client0/web1/folder chown web1:client0 /var/www/clients/client0/web1/folder chattr +i /var/www/clients/client0/web1
The problem I was subsequently having was because I had switched to mod-php at some point in an attempt to troubleshoot. Once I switched back to fastcgi I had permissions to read/write to the folder. However I still think preventing root from creating folders there is not the best idea. As I mentioned many frameworks store folders at that level and it may not be immediately obvious (as it wasn't for me) how to get over that. Thanks for your help
You can disable the folder protection under system > server config. But be aware that your customers will be able then to delete their "web" folder, which may cause the webserver to fail due to a missing document root of a vhost.
