/error/ directory is owned by root.root and has 750 perms when recreated

Discussion in 'General' started by tensor, Dec 3, 2007.

  1. tensor

    tensor New Member

    I installed ISPConfig when is was at 2.2.14, then upgraded all the way to the current latest version 2.2.18.
    I am running Debian 4.
    I deleted "error" directory from /var/www/web1/web. However this directory is automatically recreated when some settings are altered for the site. The only problem is that the recreated "error" directory is owned by user root and group root and has 750 permissions. As a result the ErrorDocument files are not editable by site administrator.

    I grepped the source and found the line of code in /root/ispconfig/scripts/lib/config.lib.php

    exec("chown -R --from=$old_admin_uid $apache_user $web_path/web &> /dev/null");

    chown seems to fail with --from option because $old_admin_id is not yet known.

    I blame'ed the sources in the svn and found no reason why --from is really needed. It was there at the moment of initial import into svn. :confused:
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    The --from is needed as the line you posted is to change the permissions of a site when the administrator changes. Without the from part, the command will mess up ownerships that are changed by the user.
     
  3. tensor

    tensor New Member

    I think the better approach would be to check for the folder existence and then issue an exec("chown") with or without --from parameter.
     
  4. tensor

    tensor New Member

    What happens when there are no administrator for the web site? Who owns the newly created files, right after the site is created?
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    Thats not an option as it would kill custom ownerships.

    As far as I remember, they are owned by the apache user and some of them are owned by the root user.
     
  6. tensor

    tensor New Member

    Let me clarify myself. When the admin presses the "Save" button on an existing website, various activities are done, including configuration files generation, update of ownerships, etc. The problem is that when the "/error" directory does not exist (it was deleted by the user) it is created with 750 permissions and owned by root:root. As a result, even if administrator for the site in question exists, he cannot change the error documents in this folder. The editors work by writing first the temp file into the directory and then renaming it into the correct one.
    Here is the patch which works for me.

    === ispconfig/scripts/lib/config.lib.php
    ==================================================================
    --- ispconfig/scripts/lib/config.lib.php (revision 279)
    +++ ispconfig/scripts/lib/config.lib.php (local)
    @@ -1172,7 +1172,9 @@
    } else {
    $owner = $apache_user;
    }
    + exec("chmod 775 $web_path/web/error");
    exec("chmod 664 $web_path/web/error/*");
    + exec("chown $owner:web$doc_id $web_path/web/error");
    exec("chown $owner:web$doc_id $web_path/web/error/*");
    exec("chown -R $owner:web$doc_id $web_path/log/*");
    exec("chown $owner:web$doc_id $web_path/phptmp");


    Even if the root wipes the /var/www/webXXX/web/error directory it will be recreated with correct permissions.

    EDIT:
    + exec("chmod 775 $web_path/web/error");
     
    Last edited: Jan 10, 2008

Share This Page