This is just to understand some internals of ISPConfig. I have noticed that ISPConfig creates an user for each site, called webX, which belongs to a group called clientY. The folder web, which contains all the accessible data of a site, belongs to webX. The user that nginx (this is the web server software used in my case) uses to serve the sites is www-data. The user www-data belong to all clientY groups. So, first question: is all the above correct? And second: Say I have a wordpress installation on the web folder of webX site. Any file has 644 permissions, and any dir has 755 permissions. So, www-data have 4=r-- permissions on any file, and 5=r-x permissions on any dir. In such configuration, I am allowed to, i.e., install a pluigin in wordpress. How can www-data write to the plugin folder to install the plugin? (cause I checked it is able to). Thanks a lot.
Inside of <root> of website run this command: Code: chown -R web{your_number}:client{your_client_#} ./ This will provide a normal access. My question: have you read the handbook of ISP Config - ISPConfig 3.1 Manual? It helps to solve many of questions.
Thanks for your answer Alex. I apologize cause I have not explained myself enough. I don't need a solution to anything. I am only trying to understand how ISPConfig deals with permisions by default, how it sets the sites when you create them from the web interface. I have the manual and I have read it, but I did find how to use ISPConfig, but not what ISPConfig exaclty does when you configure it somehow. Sorry if I missed something in the manual, but I think it does not cover too much how ISPConfig internally does the configurations (and I think it does not have to, since it is an usage manual). Thanks again!
Yep, about making users for NEWLY created websites - you are right: for instance, if i created a website, which was assigned to: user - web1; group - client1, i also can't log-in with web1, because password is unknown and... like: su web1 - even no response from the system. But i found solution: enabling shell-user, allows to act as web1 Sites -> Shell-user -> Add new Shell-user Code: su defaultdrupal And BASH begins to perceive you as the demanded user - web1. This feature is very important when making deal with the Composer.
I didn't need any solution, ISPConfig works out of the box and web server has access rights to wordpress. I was serching for the reason why it works out of the box, and I found out: -The web server use the user www-data, so it can read to any site on the same host. But not write, cause the files belongs to userX:grupoX with 755 and 644 permisions. -But php-fmp runs with separate sock for any site, using userX for each site. So php-fpm can write but if a site is compromised, it cannot write to the other sites. Thats the reason why I could write even with www-data having no write permissions on the site: php-fpm has. Thanks a lot for your help.
This is much more severe, when you deal with drupal. Websites' directories and files must be owned by its master. In my practice, php-fpm also doesn't work properly without re-written permissions.
That's correct. The www-data user is a member of the clientX group, that's why apache and Nginx can e.g. read static files like images or CSS files. PHP itself runs as webX user and clientX group, that's why PHP can read and write the files inside the web directory.
