Jump to content
Froxlor Forum
  • 0
jBOKA

Permissions of configuration alias-folder of php-fpm

Question

Hi,

 

I just set up Froxlor to work with php-fpm.

I'm using pretty much the standard configuration.

 

Debian Jessie

Froxlor ver 0.9.35.1-1

PHP 5.6

 

My pool-config lies in

/etc/php5/fpm/pool.d
since I'm using Debian Jessie, all other configuration values are set to default.

 

Therefore the configuration alias-directory of php-fpm is set to

/var/www/php-fpm/

 

My Problem is, that froxlor creates/changes the subdirectories (e.g. /var/www/php-fpm/username) on every master cronjob to owner root:root with permissions 750. This way I get this error on access in the users custom error log from apache stating

(13)Permission denied: [client 77.181.66.50:49690] AH00035: access to /fastcgiphp/index.php denied (filesystem path '/var/www/php-fpm/username/domain.com') because search permissions are missing on a component of the path, referer: http://domain.com/

 

Right now I fixed it by adding a

chmod o+x /var/www/php-fpm/*
to the webserver restart script, that I have configured.

 

Is this due to a misconfiguration or a bug?

 

Regards

jBOKA

 

 

Share this post


Link to post
Share on other sites

11 answers to this question

Recommended Posts

  • 0

So, how can I debug this?

I mean, if permission 750 is correct for /var/www/php-fpm/*

what does this mean for that error? Should I post anything else, or is there mybe a way to get more information on that error?

 

/EDIT:
Just read the Unix permission basics again.

This is the situation:

 

 drwxr-xr-x root    root    /
 drwxr-xr-x root    root    var
 drwxr-xr-x root    root    www
 drwxr-xr-x root    root    php-fpm
 drwxrwx--- root    root    user
 drwxrwx--- user    user    domain.com

There's no way for the user to read the files in the user folder without the x-permission. How should this all work? I mean it's definitely Froxlor who changes the permission (tried it with the master cron). Why is that and what would the misconfiguration be?

Share this post


Link to post
Share on other sites
  • 0

the froxlor user is LOCAL, libnss-mysql is used to read the customers users from the database, completely different thing

Share this post


Link to post
Share on other sites
  • 0

Sorry, I should have emphasized that I meant "froxlor user accounts", the accounts created by froxlor for the customers.

I can login and ssh into the machine using the user credentials from the database (when ftp_users.shell set to '/bin/bash').

 

This is what makes me assume libnss-mysql is working properly.

 

Can you tell me if the created permission are correct? If so, how would the 'user' accout be able to access the mentioned folders/files?

Share this post


Link to post
Share on other sites
  • 0

From the beginning:

 

My Problem is, that froxlor creates/changes the subdirectories (e.g. /var/www/php-fpm/username) on every master cronjob to owner root:root with permissions 750. This way I get this error on access in the users custom error log from apache stating

 

Froxlor does not create/change anything in /var/www/php-fpm/username as this directory is just used as alias (hence the setting-name 'Alias Directory'). Everything create/changed there is caused by fpm and/or apache.

 

So to cut things short:

 

- nopaste vhost of domain

- nopaste fpm pool-config of domain

- show us your fpm-setting (SQL: select * from panel_settings where settinggroup = 'phpfpm';)

Share this post


Link to post
Share on other sites
  • 0

/var/www/php-fpm is not the issue, its the subfolders

 

drwxr-xr-x root    root    /
 drwxr-xr-x root    root    var
 drwxr-xr-x root    root    www
 drwxr-xr-x root    root    php-fpm
 drwxrwx--- root    root    user
 drwxrwx--- user    user    domain.com

 

I use chmod on /var/www/php-fpm/*

Share this post


Link to post
Share on other sites
  • 0

Then sorry, without a look at the server i cannot tell you what is wrong. No idea.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

  • Similar Content

    • By irisdina
      Warning, this is not an official guide!!!
      1.
      sudo mv /etc/apt/source.list /etc/apt/source.list.bak 1a. Create new Source.list
      sudo nano /etc/apt/source.list 1b.  insert (for Debian Stretch)
      1.2B (for Ubuntu Cosmic)
       
      1c. 
      sudo apt update && sudo apt dist-upgrade && sudo apt autoclean && sudo apt autoremove 1d. 
      sudo apt install curl wget apt-transport-https dirmngr git software-properties-common Now you can start setting up your server
      2. MariaDB install
      Warning use sudo command für this install!
      sudo apt install mariadb-server mariadb-client 2a. MariaDB 10.3 Workround (Optional)
      3. nginx install
      sudo apt install nginx 3a. 
      mkdir /etc/nginx/sites-available mkdir /etc/nginx/sites-enabled 3b. nano /etc/nginx/nginx.conf
      4. PHP install
      sudo apt-get -y install php7.3-fpm php7.3-mysql php7.3-curl php7.3-gd php7.3-intl php-pear php-imagick php7.3-imap php-memcache php7.3-pspell php7.3-recode php7.3-sqlite3 php7.3-tidy php7.3-xmlrpc php7.3-xsl php7.3-mbstring php-gettext php7.3-mysql php7.3-curl php7.3-gd php7.3-intl php-pear php-imagick php7.3-imap php-memcache php7.3-memcached php7.3-pspell php7.3-recode php7.3-sqlite3 php7.3-tidy php7.3-xmlrpc php7.3-xsl php7.3-mbstring php-gettext php7.3-fpm php7.3-cli php7.3-cgi php-bcmath php-zip php7.3-fpm php7.3-curl php7.3-gd php7.3-mysql php7.3-mbstring php7.3-zip php7.3-bcmath zip unzip 4a. 
      sudo service nginx restart sudo service php7.3-fpm restart Froxlor install
      There are two ways to get Froxlor. Stable (wget) and Beta Build (git / Master)
      Stable Version
      1. 
      cd /var/www/html/ 1a. 
      sudo https://files.froxlor.org/releases/froxlor-latest.tar.gz && sudo tar xzfv froxlor-latest.tar.gz or
      Git Version (Beta Version)
      sudo git clone https://github.com/Froxlor/Froxlor.git && sudo chown -HR www-data:www-data Froxlor/ sudo apt install composer  su - www-data -s /bin/bash cd /var/www/html/Froxlor/ 1a(2). Composer install in your Froxlor directory
      composer install --no-dev 1b. 
      sudo chown -R www-data:www-data Froxlor/ Set up Froxlor
      2. Open Your Browser
      2a.
      http://your IP or Hostname/Froxlor
       

      Install Froxlor finish
       3d. Move userdata (Optional) 
      sudo mv /tmp/userdata.inc.php /var/www/html/Froxlor/lib/ 2c. 
      sudo rm /etc/nginx/site-enable/default don't restart nginx!
      Froxlor Settings
      1. Cronjob
      sudo nano /etc/cron.d/froxlor insert 
      # # Set PATH, otherwise restart-scripts won't find start-stop-daemon # PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin # # Regular cron jobs for the froxlor package # # Please check that all following paths are correct # */5 * * * * root /usr/bin/nice -n 5 /usr/bin/php -q /var/www/html/Froxlor/scripts/froxlor_master_cronjob.php sudo chmod 0640 "/etc/cron.d/froxlor" sudo chown root:0 "/etc/cron.d/froxlor" sudo service cron restart 2. Nginx PHP Backend
      Settings > Webserver settings > Nginx PHP backend
      from 127.0.0.1:8888 to unix:/run/php/php7.3-fpm.sock
      3. 
      sudo mkdir -p /var/customers/webs/ sudo mkdir -p /var/customers/logs/ sudo mkdir -p /var/customers/tmp sudo chmod 1777 /var/customers/tmp sudo service nginx restart 4. IPs and Ports > Add IP/Port

      2a(1), SSL Port



      Wait 5min for Autimatic Start Froxlor's cronjob or start the cronjob manually
      sudo php /var/www/html/Froxlor/scripts/froxlor_master_cronjob.php --force --debug Optional
      PHP-FPM activate
      1. User/Group add
      sudo adduser froxlorlocal --disabled-password --no-create-home && sudo usermod -a -G www-data froxlorlocal 2. libnss-extrausers install 
      sudo apt install nscd libnss-extrausers sudo mkdir -p /var/lib/extrausers sudo touch /var/lib/extrausers/{passwd,group,shadow} sudo mv "/etc/nsswitch.conf" "/etc/nsswitch.conf.frx.bak" sudo nano /etc/nsswitch.conf # Make sure that `passwd`, `group` and `shadow` have mysql in their lines # You should place mysql at the end, so that it is queried after the other mechanisams # passwd: compat extrausers group: compat extrausers shadow: compat extrausers hosts: files dns networks: files dns services: db files protocols: db files rpc: db files ethers: db files netmasks: files netgroup: files bootparams: files automount: files aliases: files sudo service nscd restart sudo nscd --invalidate=group 2a. Settings > System settings > Activate > Use libnss-extrausers instead of libnss-mysql

      3. Settings > PHP-FPM > Activated:
      Change from NO to YES
      3a. PHP-FPM versions
      Change > php-fpm restart command:
      service php7.3-fpm restart and
      Configuration directory of php-fpm: > to 
      /etc/php/7.3/fpm/pool.d/ 3b. Settings > Froxlor VirtualHost settings > Activate > Enable PHP-FPM for the Froxlor vHost

      3c. 
      sudo chown -HR froxlorlocal:froxlorlocal /var/www/html/Froxlor SSL / Let's Encrypt activate
      1.
      sudo apt install certbot 1a. 
      sudo mkdir /etc/nginx/ssl && cd /etc/nginx/ssl 1b. Create SSL File
      sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt 1c. 
      sudo nano /etc/nginx/acme.conf insert
      location /.well-known/acme-challenge { alias /var/www/html/Froxlor/.well-known/acme-challenge; location ~ /.well-known/acme-challenge/(.*) { default_type text/plain; } }  
      2. Open your  Froxlor Panel
      Settings> SSL > Activated:
      Change from NO to YES
      2a. Settings > SSL > Settings
      Change your path from your certificate / Keyfile
      Path to the SSL certificate
      insert
      /etc/nginx/ssl/nginx.crt Path to the SSL Keyfile
      insert
      /etc/nginx/ssl/nginx.key 2b. Settings > SSL > Settings
      Activate > Enable Let's Encrypt

      Change Path to the acme.conf snippet to > 
      /etc/nginx/acme.conf 2c. Activate on Settings > Froxlor VirtualHost settings
      - Enable Let's Encrypt for the froxlor vhost
      - Enable SSL-redirect for the froxlor vhost
      - HTTP Strict Transport Security (HSTS)
      - Include HSTS for any subdomain






      2d. Activated HTTP2 Support on > Settings > Nginx
       
    • By tmuecksch
      Guten Tag,
      ich habe einen Debian 9 Server mit Froxlor und Apache2 am laufen. Wenn ich mit dem Kunden FTP Zugang Dateien hochlade haben diese Ordnungsgemäß das ownership 10000:10000.
      Wenn jedoch in der PHP-Weboberfläche eine Datei hochgeladen wird, wird diese mit dem ownership www-data:www-data hochgeladen. Liegt hier ein Konfigurationsfehler vor oder ist das Verhalten sogar so gewünscht? Ich kann den Fehler leider nicht entdecken. Das Problem ist nur, dass das PHP-Script dann eine Permission Denied Fehlermeldung wirft, wenn versucht wird die Datei zu lesen.
       
      Liebe Grüße
      tmuecksch
    • By LostNIL
      Greetings,
      I have Froxlor installed with PHP7.2 and need to install/enable PHP7.2-fpm. I've reviewed the wiki, The Froxlor YouTube video on the subject, and reviewed/completed the instructions within the Panel > Configuration > DB Jessie > Other > FPM and am having difficulties getting the panel to work with FPM. 
      All available instructions are written for PHP5 and when I complete the instructions and substitute PHP7.2, when the panel generates configurations there are syntax errors and the websites go down. 
       
      Does anyone have any pointers or updated instructions on enabling FPM/PHP7+ with Froxlor. 
    • By zed
      Hi, after fresh froxlor install on debian9 and php-fpm I have 503 error :
      Service Unavailable The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later. In /var/log/apache2/error.log I found:
      [proxy:error] [pid 997] (2)No such file or directory: AH02454: FCGI: attempt to connect to Unix domain socket /var/lib/apache2/fastcgi/1-froxlor.panel-sub.domain.com-php-fpm.socket (*) failed [proxy_fcgi:error] [pid 997] [client 1.1.1.1:57529] AH01079: failed to make connection to backend: httpd-UDS I have not created any customers or domains yet and I can't access Froxlor panel and phpmyadmin
      File /var/lib/apache2/fastcgi/1-froxlor.panel-sub.domain.com-php-fpm.socket is not available, I created it but still not work.
      What can I do ?
    • By gunnyst
      Hello again, hope you don't mind me coming up with another issue (including proposal for solution obviously).
      I had another issue using PHP-FPM, where I cannot get my .XML files parsed by the PHP interpreter even though I have this in my .htaccess:
      <FilesMatch "\.(xml)$">   SetHandler php5-fastcgi   Action php5-fastcgi /fastcgiphp   Options +ExecCGI </FilesMatch> It turns out that there is a limit imposed by the security.limit_extensions setting which defaults to .php only. My .XML files are used in order to automatically return the correct autodiscover/autoconfig settings to Outlook/Thunderbird and the like and therefor need to be "dynamic XML files", but I could imagine someone else needing .phps or the like...
      Currently I have gone so far as to add some stuff to /var/www/froxlor/lib/classes/phpinterface/class.phpinterface_fpm.php @ 248:
      if ($this->_domain['domain'] == 'autodiscover.mydomain.tld') {         $fpm_config.= 'security.limit_extensions = .php .xml'."\n"; } But again, this could be a new string-based setting in the new PHP-FPM versions section.
      (Slowly I'll get in touch with the code structure I promise...)




×
×
  • Create New...