Error with permissions in virtualhost folders

ftp
virtualhosts

(Matthew) #1

I’ve created several virtualhosts via the web interface and everyone of them has issues when I try to upload via ftp. I can upload the files but user:group becomes ftp:ftp and I can’t change permissions in any ftp client. ie can’t set group write which stops me installing prestashop (error is php can’t write to folder …) or doing anything that needs caching. This is a huge issue as there is no file manager where I can set the group and user to apache:apache. Also I can’t delete the install files made by apache user. I have tried winscp and filezilla. Both can’t change group options. Is there a fix?


(Pasquale Inglese) #2

You can manage your files and permissions via ssh with admin account (or root account in case you don’t have admin).

@stephdl told me: you are the root, … be the master of your server :slight_smile:

Shell > Active SSH (only green network)
ssh -p yourportnumber admin@yournethserverip

  • for change owner to apache:apache you can use this command:
    chown -R apache:apache /var/lib/nethserver/vhost/yourvhost.tld

  • for delete files you can use this command:
    rm -r /var/lib/nethserver/vhost/yourvhost.tld/*


(Stéphane de Labrusse) #3

ROTFL


(Matthew) #4

I love it guys… I just didn’t know if Nethserver changed permissions once I set them… and what permissions/user accounts were being used. Now that I see it’s standard apache:apache I’ll go ahead and change. :slight_smile:

I did try changing the permissions before I posted to the recommended by prestashop but the ftp user lost access (couldn’t display files) using 775 for folders and 664 for files.


(Stéphane de Labrusse) #5

honestly set all the permissions to apache for a web application is really not a good idea, indeed if someone does a hack, then apache is the root. This is what it should never happen.

For example when we create a RPM, we set the apache ownership only on certain files (mostly configuration files) and on some data folders


(Matthew) #6

Hmmm then I’m stuck with the issue of not being able to change permissions in the ftp client. If I set group to rw on a folder it doesn’t happen… oh well back to terminal.


(Pasquale Inglese) #7

Well!
It is important to be aware of the security issues that can be generated by enabling apache as an owner.
A possible way to reduce hacking vulnerabilities is to set a .htacces file. You can also use to customize the URL-rewriting rules and control the access to some directories and some other actions.
Sure you will find many tutorials on what is the best configuration for your web app.

If I remember well, I believe that the correct permissions are:
755 for folder and 644 for file.

To apply this permissions quickly you can use:

find /var/lib/nethserver/vhost/yourvhost.tld -type f -exec chmod 644 {} \; #for file
find /var/lib/nethserver/vhost/yourvhost.tld -type d -exec chmod 755 {} \; #for folder