I'm having the following problem. I'm running latest ISPConfig3 release on CentOS 5.5. All the sites are running with Fast-CGI and suExec. Each time I make any modification on a site by SPConfig Panel I have to manually change the perms to 711 on the web folder. On /etc/group I have this: The output of groups apache shows: The perm on a site when I create are: And I always get a Permission denied until i change them to: Other workaround is to change the group owner of the web directory to apache. I need help on sorting this out. I followed the multiserver installation as detailed on the ISPConfig Manual I bought. I have a dedicated mysql server, that is my multiserver setup. Thank you in advance, Sergio Rosa
This are the correct permissions for the site. Under which user and group does the apache server run on your server?
hello till, yes, does are the right perms. But with them apache can't access the directory. Apache (web server) is running as user/group apache.
But then apache must be able to access the directory. Do you have any security extensions like selinux enabled that might prevent apache accessing the files?
0 enable 1 disable selinux is disable. What other thing might be causing this? I've banged my head to the wall but I can't see what is wrong.
If I activate the account apache in order to login (su - apache) when I try do browse the user's directories I get an "access denied". No matter if apache belongs to the group or not. For some reason CentOS is not respecting the user/group permissions and access. Any tool I can use to debug this dam thing?
I think that a litle thing was missed by me. on the nfs server, the export is made like this I think that this might be the problem. Any suggestion on what flags to use to export the mpoint?
Just to update this, it might be of some utility. If the /var/www is mounted from a remote nfs server you'll have trouble with the permissions of the web directory. I moved all data to a system disk and everything is running fine now. Thank you 4 your help.
I have related issue. Joomla site gives error for some functionality. It's related with trying to open/read/close folder tree with PHP functions. Warning: opendir(/var/www/clients/client0/web4/web): failed to open dir: Permission denied in /var/www/clients/client0/web4/web/components/com_component/elements/directories.php on line 102 Warning: readdir(): supplied argument is not a valid Directory resource in /var/www/clients/client0/web4/web/components/com_component/elements/directories.php on line 103 Warning: closedir(): supplied argument is not a valid Directory resource in /var/www/clients/client0/web4/web/components/com_component/elements/directories.php on line 129 if I set web folder 0755 it works without errors and problems it's sad that IPSConfig changes all web folders to 0710. What can I do? BTW: Code: [root@server www]# selinuxenabled [root@server www]# echo $? 1 [root@server www]# id apache uid=48(apache) gid=48(apache) groups=48(apache),5004(ispconfig),5005(client0)
Which php mode do you use and do you have suexec enabled. Also post the ouput of: ls -la /var/www/clients/client0/web4/web The correct permissions are 710. This works on all joomla sites on my server.
Code: total 116 drwx--x--- 19 web4 client0 4096 Sep 19 06:18 . drwxr-x--x 6 web4 client0 4096 Sep 14 01:49 .. drwxr-xr-x 11 web4 client0 4096 Aug 25 11:32 administrator drwxr-xr-x 40 web4 client0 4096 Sep 15 05:15 cache drwxr-xr-x 25 web4 client0 4096 Dec 13 2010 components -rw-r--r-- 1 web4 client0 1949 Sep 14 11:20 configuration.php drwxr-xr-x 2 web4 client0 4096 Sep 14 01:49 error drwxr-xr-x 14 web4 client0 4096 Apr 25 06:54 files -r--r--r-- 1 web4 client0 3755 Mar 21 2011 .htaccess drwxr-xr-x 10 web4 client0 4096 May 26 2010 images drwxr-xr-x 8 web4 client0 4096 May 28 2010 includes -rw-r--r-- 1 web4 client0 588 May 28 2010 index2.php -rw-r--r-- 1 web4 client0 2049 May 28 2010 index.php drwxr-xr-x 4 web4 client0 4096 May 28 2010 language drwxr-xr-x 16 web4 client0 4096 Dec 10 2010 libraries drwxr-xr-x 2 web4 client0 4096 Jul 6 2009 logs drwxr-xr-x 6 web4 client0 4096 Dec 10 2010 media drwxr-xr-x 26 web4 client0 4096 Dec 10 2010 modules drwxr-xr-x 16 web4 client0 4096 Dec 10 2010 plugins -rw-r--r-- 1 web4 client0 388 Jan 14 2010 robots.txt -rw-r--r-- 1 web4 client0 11417 Jun 25 2010 sitemap.xml drwxr-xr-x 2 web4 client0 4096 Sep 15 00:31 stats drwxr-xr-x 4 web4 client0 4096 Feb 10 2010 templates drwxr-xr-x 2 web4 client0 12288 Dec 13 2010 tmp drwxr-xr-x 4 web4 client0 4096 May 28 2010 xmlrpc I use PHP-mod (PHP as Apache module) for all sites and suexec checkbox is not selected for each website. BTW, if I set permission for web folder 750 it works without warnings. And It's obvious because Code: [root@server www]# id apache uid=48(apache) gid=48(apache) groups=48(apache),5004(ispconfig),5005(client0) I think that read for group must be, mustn't it?
Your problem is that you use the wrong php mode. For a website that run a cms system which accesses the filesystem you should always use php-fastcgi plus suexec and not mod-php, so that the php scripts run under the user of the website and not the apache user. Using mod-php with joomla is also a security risk, as its easy for a hacker to infect all your sites when one joomla system is hacked and all sites run under the apache user instead of the website user.
Here I see that suPHP could be used also. http://www.howtoforge.com/forums/showthread.php?t=33817 I've tested it and agree that with suPHP my problem is gone. What do you suggest with it?
You should use php-fcgi and suexec. Of course you can use suphp too as it does basically the same, but suphp is a lot slower when used for larger cms systems like joomla or typo3.