• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Resolved Problem with rights in Webserver

F

Fabhino22Elz

Basic Pleskian
Hello,

I am using Virtual Cloud Server With Centos and Plesk.

I ran several Websites in the Server. They are all running with PHP 7.0.22 - FPM served by Apache.

The Problem is, that The scripts and Software Applications of The several Websites create Folders and Files equal Cachefiles and Folders. With that i am getting several Right Problems, because some Folders are Created with the Root User, ohers are created with the FTP User of the Domain.

Now i cant Export Files via the Software Running on the Domain because it says no permission to Write to the folder.

So i give the permission to the Folder via SSH, but this are temporary folders, so the Problem comes up again and again.

What can i do to fix this permanently?

Kind Regards
 
If the software sets the file or directory permissions to less than what you need it there is not fix but to change the software. Normally, when a PHP script creates a directory or a file, it will do this by using the account's FTP user and group psacln. Folders that are owned by root have likely been created by a shell script, maybe one running through a Cron job. If that is the case, you might have a general security problem on your system.

A workaround could be to create a Cron job that changes file permissions in temporary folders every n minutes automatically.
 
First let me thank you for your reply.

You are right, the Software uses the FTP user.

So would it be right to change the owner of the root folders to the php user and then watch if there are new folders coming up with the root user?

How can i check for the mentioned security Problem?
 
What are the "root" folders for you?

Normally document root for the first website of a subscription is /httpdocs. That should have owner <ftp-user>, group psaserv, mode 0750. All files and directories underneath should habe owner <ftp-user>, group psacln and mode at least 0640 or more relaxed.
 
Thank you for your answer again.

This one helped me a lot.

So here some more information and a point where i think there is something wrong.

The Folders and their owners are like you said <ftp-user>, group psaserv. Modes are a littlebit changed because of necessary permissions for the webscript.

The Cache Folders are also generated with the <ftp-user>, group psaserv. So there is everything right.

But if i am logged in and start a export within the webscript admin area, it creates a folder with owner root, group root. And then the webscript wants to create the file inside this folder and says no permission. (i guess because of trying to create a file with <ftp-user>, group psaserv in a root / root folder). And that is wrong, isn't it?

I guess, that is because of the FPM mod served by apache, isn't it?
 
You are saying that you connect to the server through SSH as root user to launch the script isn't it ?

You could create ssh access for the domain user under the plesk domain access configuration, connect with its creds and execute the script as that user. That way, the owner and the group of new folders/files will be good.
 
Hello,

thank you for your response.

No, not via ssh.

Here is a example:
I Log in in the Admin Interface of the Script (Admin-CP like in Wordpress or Magento), start a export and i get the message no rights. Then i look t the folder - The export folder is created with root/root and that is wrong i guess. If i delete the folder and start again, it creates the folder again with root / root.

I guess that is because of the fpm mode, apache works with root.

So what can i do here?
 
Ok. So, like Peter said, it must be an application issue. I don't think it's php fpm relative… Contact the application developper to report this issue.
 
Hello,

now i think i got the right point where my failure happens:

I added a task to run a cronjob as root user. The task is creating cache folders and does this as root. Then i am not able to update or delete the folders with the domain ftp account or the user.

what is the right user for a multiple domain plesk using to run task / cronbjobs.

if i use apache it says no right to write in the specific folder.

Also the question is - what is the right crontab - shell and what are all this optinons for?

Thanks for support!
 
Ok, now i found the Problem.

I startet the task not in the domain section, i startet it in the root section. after i added the task in the domain section as a task and not in the global settings it works fine for me!
 
You must log in or register to reply here.

Similar threads

P
Resolved I'm looking for a way to make backups, a quick and reliable method, any ideas?
Replies
4
Views
766
Pecnet
P
UHF
Resolved SFTP Connection Issue
Replies
2
Views
2K
UHF
UHF
B
Question Nginx and user group
Replies
3
Views
686
Peter Debik
P
D
Sudden problem with themes
Replies
1
Views
5K
rohan3
R
M
Issue node permissions problem
Replies
2
Views
2K
Michael-456
M
Back
Top