Jump to content
Froxlor Forum
  • 0

Froxlor keeps resetting file permissions


zumbuschk

Question

Hi,

I've set up a Debain 10 system with Nginx and PHP 7.4 FPM. I have configured a separate FPM pool for Froxlor using svc-froxlor as username and group for the pool. I added www-data to the svc-froxlor group.

Froxlor is installed from the latest release tarball to /var/www/froxlor and all file permissions to same user and group as used or the FPM pool and removed read access from other:
 

chown -R svc-froxlor.svc-froxlr /var/www/froxlor
chmod -R u=rwX,g=rX,o= /var/www/froxlor

As I want to manage the virtual host and the FPM pool outside of Froxlor and have Froxlor only handle anything configured within Froxlor, I did not activate the corresponding settings in the Froxlor configuration. In the web server settings the username and group are set to www-data.

Whenever the cron job is executed, the file owner and group for /var/www/froxlor and all sub directories are reset to www-data and Froxlor stops working. When I fix the owner and group for /var/www/froxlor, Froxlor is working again.

Is it the intended behavior that the file permissions are reset by Froxlor? I'd argue that Froxlor should not handle its own installation.

With kind regards

Kay Zumbusch

Link to comment
Share on other sites

5 answers to this question

Recommended Posts

  • 0

There is a setting for the local froxlor user (in your case svc-froxlor). Verify that the setting is correct, this value is used to chown the directory. And yes, its intended to ensure everything has the correct owner. Also remember to set up libnss-extrausers and enable it in the settings if php-fpm is used. Also also: I hope you enabled fpm for froxlor from within froxlor and not created pools manually. Froxlor can perfectly handle that for you so it works out of the box.

24 minutes ago, zumbuschk said:

I'd argue that Froxlor should not handle its own installation.

My opinion is exactly the opposite and experience shows that it mostly is necessary. Also: why should an app not handle its own files and folders and permissions? That's what most users would assume.

Link to comment
Share on other sites

  • 0

Well, I have to configure the file permissions, web server and PHP-FPM in advance to even be able to access Froxlor. Why should Froxlor do that itself? If setting up everything during installation with a script or so, I would agree with you but if I decide to do a manual installation from the tarball, Froxlor should not alter this configuration.

libnss-extrausers works as expected, virtual user names and group are properly resolved.

Link to comment
Share on other sites

  • 0
9 minutes ago, zumbuschk said:

Well, I have to configure the file permissions, web server and PHP-FPM in advance to even be able to access Froxlor.

If you setup fpm manually and disable mod_php, yes. But froxlor is a Server management panel, it's designed to do the configuration stuff for you, that's the whole point. If you do manual stuff and don't want Froxlor to manage its own vhost then just disable vhost container in ip/port settings. But don't complain if something doesn't work out because many options will be useless - you have to do it manually then.

Link to comment
Share on other sites

  • 0

Froxlor might be a server management panel and should be solely used to managed all provided hosting functions, but there is nowhere stated that the initial web server and PHP configuration to get Froxlor up and running has to be the PHP Apache module. And there even is no dependency on that module for the debian package. And as Froxlor is most likely used to manage shared hosting even considering the Apache module is risky.

The initial system configuration should be a basic Apache2/Nginx setup with a single vhost for Froxlor using PHP-FPM. And as the admin has to set up the web server, vhost, FPM pool and file permissions properly before Froxlor takes over, this configuration should never be touched. I deploy all of my Linux based systems with system management tools like Ansible, Chef or Puppet and like to use Froxlor ( a customized syscp until now) to allow customers to manage their domains and email addresses with Froxlor. If Froxlor keeps resetting the configuration that is managed by the system management tools it is constantly breaking itself.

Now I have Froxlor set up to use PHP-FPM for itself and the file permissions are reset to the correct FPM user and group but Froxlor does not generate a FPM pool or a vhost configuration for itself. And this time I used the Debian package to install Froxlor and used the preconfigured paths for the PHP pools and Apache configuration. The only difference to a regular Dabien Buster installation is using PHP 7.4 FPM from https://deb.sury.org/.

Link to comment
Share on other sites

  • 0
16 minutes ago, zumbuschk said:

but there is nowhere stated that the initial web server and PHP configuration to get Froxlor up and running has to be the PHP Apache module.

true...we're assuming a clean system, if you already set up php-fpm we assume you know what you are doing and set the corresponding settings to your system requirements. 

17 minutes ago, zumbuschk said:

And there even is no dependency on that module for the debian package. And as Froxlor is most likely used to manage shared hosting even considering the Apache module is risky.

No one forces you to use froxlor.

17 minutes ago, zumbuschk said:

If Froxlor keeps resetting the configuration that is managed by the system management tools it is constantly breaking itself.

I already told you how you can stop froxlor from managing its own vhost. I don't know what you are complaining about. It's free software after all...

18 minutes ago, zumbuschk said:

but Froxlor does not generate a FPM pool or a vhost configuration for itself.

it does if set up correctly. No idea what you did, but that's done in like 5 minutes - just enabling the settings, follow the configuration templates and boom - up and running. I do this regulary and never have any problems (also using deb.sury.org)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×
×
  • Create New...