File permissions query

Discussion in 'General' started by Chris_UK, Jan 28, 2017.

  1. Chris_UK

    Chris_UK Active Member HowtoForge Supporter

    Good morning all, I would like to ask a question on file permissions.

    I run a local server on which I host my companies website, so far so good I have it all up and running as it should for the most part. Im having some trouble however due to the way in which the website functions. Specifically the website is Opencart based which you may know uses a cache. For my purposes there area actually two cache directories.

    The problem i am coming up against when i make modifications to the website then the changes are stored to these two directories so they need to be writeable by www-data. Currently my work around is to 777 the directories including sub directories. this means i have to then manually browse to all areas while they are write enabled before setting them back to safe permissions, Some 30+ areas to remember and visit.

    Further to this problem, When products are added the images are uploaded via the admin area of opencart and so created by the apache user I also have to 777 some image folders then reset back too.

    Can anybody help suggest a work around for this behavior that will allow my to manage the website via its admin area and still remain secure at the file level?

    So far as i can tell, the problem relates to the files uploaded via ftp being owned by the ISPC account user, and any via the website get owned by the apache user (possibly root i just see numbers in my ftp client)

    System:
    Ubuntu 16.04 server
    ISPConfig3
    Apache2
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Websites in ispconfig are not running under www-data if configured correctly. I guess that you may use a wrong php mode. The PHP mode must be php-fpm or php-fcgi and the suexec options must be enabled in the website for all cms and shop systems that write on the server. Furthermore, all files and flder in the web directory must be owned by the webID User and clientID group of this website. No directory shall have 777 rights as this is not nescessary and very insecure. Also uploads by the FTP users are done by the correct user automatically if you use the above PHP settings.
     
  3. Chris_UK

    Chris_UK Active Member HowtoForge Supporter

    Thanks for the reply, much appreciated.
    I tried setting the php version to fcgi and it prevents me from logging into the website. I am assuming now then the fault is ispconfig was installed after the server was up and running a while. Recent addition.

    I guess now I need to look at options for how to reinstall without too much hassle. I should only need to backup DNS, Mail and I get a fresh backup of the Database once the site has been taken offline for maintenance.
     
    Last edited: Jan 30, 2017
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Before you consider a reinstall, check the error first. Check the error.log of the website (log folder of the site) to see if you get an error message there for your login problem.
     
  5. Chris_Lancs

    Chris_Lancs New Member

    Final update, seems all is sorted now.

    I used the automatic installer this time from a bare install of ubuntu 16.04. Not sure why but letsencrypt was not installed so couldnt use that. Installed and updated, had issues with a not secure message, turned out i just needed to close and reopen the browser.

    Ao thank you for your help, all is well now.
     
    Last edited: Jan 31, 2017

Share This Page