Directory Permissions

Discussion in 'General' started by rbartz, Jul 12, 2006.

  1. rbartz

    rbartz Member HowtoForge Supporter

    Tim and Falko, you guys are incredible!

    We have some sites that use PHP programs that occassionally need to write files or save images to directories in /var/www/webXX/web/.

    We have been chowning these directories to nobody as in:

    chown -R nobody /var/www/web10/web/images/UserFiles

    Since our apache runs as 'nobody' and php is NOT cgi, it works great UNTIL (apparently) something croned in ispconfig changes the directory ownerships back from nobody to web10_admin.web10, ...etc.

    # 1. Is there some way to lock ownership of a directory so that ispconfig does not change it back?

    If not, then I suppose running PHP as cgi and using suEXEC or suPHP is what is left. I am running a "Perfect Setup Fedora Core 3" server.

    #2. Is there a tutorial for setting up PHP to run as a CGI using suEXEC?

    I saw the new tutorial for suPHP on Debian, but am reluctant to have to always edit the httpd.conf every time we install a new site to add the suPHP etc.

    What do you guys recommend?

    Thanks for your wisdom.

    RBartz
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    SuPHP will be supported directly in the next ISPConfig release. I expect the new release to be ready within 1-2 weeks.
     
  3. fobicodam

    fobicodam New Member

    ready to use or ready to test it? will it be release as a dev version?

    did you let erase selected items from the recycle bin?
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    stable and dev branch.

    No, thats currently not on our feature list.
     
  5. rbartz

    rbartz Member HowtoForge Supporter

    Thanks Till! Sorry I called you Tim in the first post...! You and Falko are amazing. I am not sure about Tim, whoever he is...! :)

    Great! This will solve the problem. I will watch for it. In the meantime, I suppose I could temporarily chmod 777 those dirs so that ownership wouldn't matter. That would help at least for now rather than having to go back and manually change the owner to nobody every so often, although the lack of security of that is not appealing.

    I am still puzzled at what it is that changes the ownership of all directories and files in the web/ directory back to the site admin's user/group. Ownership seems to change back whenever another new site or user is added to the server...? Is that intended?

    Thanks again
     
  6. falko

    falko Super Moderator Howtoforge Staff

    Yes, you can do that, but keep in mind that this is rather insecure (if you have users you trust, then it's ok).

    I am still puzzled at what it is that changes the ownership of all directories and files in the web/ directory back to the site admin's user/group. Ownership seems to change back whenever another new site or user is added to the server...? Is that intended?
    [/QUOTE]
    The files and directories in /var/www/web1/web (for example) aren't touched regarding permissions and ownerships. Only the files and directories above that level (in /var/www/web1, for example).
     
  7. rbartz

    rbartz Member HowtoForge Supporter

    Hmmm.... One live example right now is a directory named content:
    /var/www/web20/web/content

    The ownership 48 hours ago was nobody.web8, I set it to update a shtml content page. When I checked a few minutes ago, it is NOW:

    drwxr-xr-x 2 greenfields web8 4096 Jun 27 14:34 content

    Something, somewhere, changed the ownership of it and its contents back to the site admin user account.

    Any ideas?

    Thanks!
     
  8. falko

    falko Super Moderator Howtoforge Staff

    Maybe some other process (cron job, etc.) changed it, maybe even yourself?
     
  9. fobicodam

    fobicodam New Member

    i believe you must review some ispconfig cron jobs, i have 2 problems with them, first, "someone" change the /var/spool/mail access rights, and second, "someone" make proftod stop every hour (every hour at 8 minutes) the service check system start it again but one hour later it stops again. I cant see the log files yet..
     
  10. falko

    falko Super Moderator Howtoforge Staff

    That's the first time I hear something like this, so I doubt it is related to ISPConfig's cron jobs...
     
  11. rbartz

    rbartz Member HowtoForge Supporter

    I will continue to watch this, there is nothing that I can see that would change directory ownerships unless perhaps when something is changed in the site setups... Since there are a couple of us changing site setups occassionally, we will monitor that.

    In any case, when we get this over to suPHP, it will solve the need for changing ownership from the site admin/group to noobdy anyway. That is preferred, of course. We can tolerate this little thing for now.

    Thanks for your help.

    Regards,

    Richard
     
  12. rbartz

    rbartz Member HowtoForge Supporter

    Still Not Understanding....

    Hello,

    Regarding the directory and file ownership changes from nobody.nobody BACK to the_admin_user.web:

    Not that I can find or know of. However, anytime we update a site in ispConfig, then the ownership of ALL the directories and files in the /web/ changes back to the site_admin.web_group.

    I tried commenting out every chown -R line in /root/ispconfig/scripts/lib/config.lib.php that changed ownership of the /web/ directories, but still whenever I change anything and saved the site in ispconfig, it changes it back!

    Here is how I test it:

    chown -R nobody.nobody /var/www/web1/web/content
    ll /var/www/web1/web/ ---> Shows owned by nobody.nobody :)

    change the site in ispconfig, say take OFF mysql, SAVE

    ll /var/www/web1/web/ ----> CHANGED to john.web1 :rolleyes:

    Is there anywhere else in the system where ownership is changed?

    Thanks for you help!

    R
     
  13. falko

    falko Super Moderator Howtoforge Staff

    We will check that.
     
  14. rbartz

    rbartz Member HowtoForge Supporter

    Thanks Falko. I appreciate it!

    Richard
     

Share This Page