Correct CMOD settings for smarty3, subfolders and their users
Hi there @Friendica Support ,
this question is related to this help request:
frio theme - Service Unavailable
https://tupambae.org/display/0ac89072-9165-5e71-7f9f-916750014598
I had a look at the smarty CHMOD settings and found the following:
drwxrwxr-x 3 www-data www-data 4096 Nov 8 20:23 smarty3
If I'm not wrong that's CMOD 775 (rwx|rwx|r-x) (?)
In the installation process the commands to create the smarty folders were:
www-data@VPShosting:~/html$ mkdir -p view/smarty3
www-data@VPShosting:~/html$ chmod 775 view/smarty3
see:
https://squeet.me/display/962c3e10-1565-2eab-e611-2a9750230278
https://tupambae.org/display/0ac89072-2065-5da2-9124-8b5839853793
--
I looked into the subfolders and found:
rootname@VPShosting:/var/www/html/view/smarty3# ls -l
drwxr-xr-x 222 www-data www-data 4096 Nov 25 17:20 compiled => CMOD 755 (rwx|r-x|r-x) (?)
--
The folder "compiled" has a long list of sub-folders apparently each having 2 more steps of sub-folders.
rootname@VPShosting:/var/www/html/view/smarty3/compiled# ls -l
total 880
I found two types of folders, some few created on different dates strangely belonging to the user root instead of www-data, here two examples and how those two types of subfolders look like.
I guess the folders owned by root are wrong?
--------------------
drwxr-xr-x 3 root root 4096 Nov 12 04:35 00
-
rootname@VPShosting:/var/www/html/view/smarty3/compiled/00# ls -l
drwxr-xr-x 3 root root 4096 Nov 12 04:35 d4 => CMOD 755 (rwx|r-x|r-x) (?)
rootname@VPShosting:/var/www/html/view/smarty3/compiled/00/d4# ls -l
drwxr-xr-x 2 root root 4096 Nov 12 04:35 ec => CMOD 755 (rwx|r-x|r-x) (?)
rootname@VPShosting:/var/www/html/view/smarty3/compiled/00/d4/ec# ls -l
-rw-r--r-- 1 root root 675 Nov 12 04:35 00d4eca105abd94437094f3d4409477acb55526a_2.string.php => CMOD 644 (rw-|r--|r--) (?)
--------------------
drwxr-xr-x 3 www-data www-data 4096 Nov 22 20:25 01
-
rootname@VPShosting:/var/www/html/view/smarty3/compiled/01# ls -l
drwxr-xr-x 3 www-data www-data 4096 Nov 22 20:25 97 => CMOD 755 (rwx|r-x|r-x) (?)
rootname@VPShosting:/var/www/html/view/smarty3/compiled/01/97# ls -l
drwxr-xr-x 2 www-data www-data 4096 Nov 22 20:25 f2 => CMOD 755 (rwx|r-x|r-x) (?)
rootname@VPShosting:/var/www/html/view/smarty3/compiled/01/97/f2# ls -l
-rw-r--r-- 1 www-data www-data 6140 Nov 22 20:25 0197f2d4b23957a898d38870d6c6a3775da487ff_2.file.group_side.tpl.php => CMOD 644 (rw-|r--|r--) (?)
utopiArte
in reply to TupambAdmin [stable] • • •Just checked all the 13 of 220 folders that were created as belonging to user and group
root
and that I consider shouldn't exist as owned by root i the folder /smarty3.In general terms speaking I couldn't find a common property.
They refer to posts or replies by three different users.
Most refer to one specific post.
Two create a page:
Not Found
The requested item doesn't exist or has been deleted.
Request: XYZ
All were created with the theme VIER.
utopiArte
in reply to TupambAdmin [stable] • • •New error message (of FRIO) about a folder created by the user root.
I haven't found the extensive conversation about this problem with @Hypolite Petovan yet but I'm quite sure that I changed all folders to ownership of user www-data before 28th of November of the smarty folder. Actually there was another conversation about ownership of folders and I changed all folders to be owned by root except storage and view that day on 02:45hs, the new folder owned by root at /view/smarty3/compiled/ like stated below was created on 3:50hs.
As for what I remember of all the conversations this shouldn't have happened.
Service Unavailable
Exception thrown in /var/www/html/src/Core/Renderer.php:90unable to create directory /var/www/html/view/smarty3/compiled/7c/ea/e6
Stack trace:
#0 /var/www/html/mod/photos.php(902): Friendica\Core\Renderer::replaceMacros()
#1 /var/www/html/src/LegacyModule.php(96): photos_content()
#2 /var/www/html/src/LegacyModule.php(73): Friendica\LegacyModule->runModuleFunction()
#3 /var/www/html/src/BaseModule.php(244): Friendica\LegacyModule->content()
#4 /var/www/html/src/App.php(703): Friendica\BaseModule->run()
#5 /var/www/html/index.php(52): Friendica\App->runFrontend()
#6 {main}
Console research result
rootname@VPShosting:/var/www/html/view/smarty3/compiled# ls -l..
drwxr-xr-x 5 www-data www-data 4096 Dec 6 00:40 7b
drwxr-xr-x 3 root root 4096 Nov 28 03:50 7c
drwxr-xr-x 3 www-data www-data 4096 Nov 28 02:45 7d
..
-----------------
rootname@VPShosting:/var/www/html/view/smarty3/compiled# cd 7c
rootname@VPShosting:/var/www/html/view/smarty3/compiled/7c# ls -l
total 4
drwxr-xr-x 3 root root 4096 Nov 28 03:50 d2
rootname@VPShosting:/var/www/html/view/smarty3/compiled/7c# cd d2
rootname@VPShosting:/var/www/html/view/smarty3/compiled/7c/d2# ls -l
total 4
drwxr-xr-x 2 root root 4096 Nov 28 03:50 69
rootname@VPShosting:/var/www/html/view/smarty3/compiled/7c/d2# cd 69
rootname@VPShosting:/var/www/html/view/smarty3/compiled/7c/d2/69# ls -l
total 4
-rw-r--r-- 1 root root 710 Nov 28 03:50 7cd2693513597460a71347ba02d3179c5e5ab822_2.string.php
nano 7cd2693513597460a71347ba02d3179c5e5ab822_2.string.php
utopiArte
in reply to utopiArte • • •Here is the previous conversation about this where I described when and how I changed the access settings of the installation and folders.
utopiArte
2023-11-27 16:44:52
utopiArte
in reply to utopiArte • • •:(
f***, just pulled the whole link into this
😞
utopiArte
Unknown parent • • •Not using daemon but CRON.
I guess that is running as root ..
utopiArte
in reply to utopiArte • • •@Hypolite Petovan
So this is a "tricky" one for me as I have no idea what or how to do this.
In the helpers page:
https://tupambae.org/help/Install#cron+job+for+worker
it only states:
helpers page wrote:
I did my installation with the help of @hankg's tutorial:
https://www.nequalsonelifestyle.com/2022/07/30/creating-friendica-server-ubuntu/#creating-workers
ubuntu install tutorial wrote:
How do I set this so "It should run as www-data."
??
Tutorial: Creating a Friendica Server with Ubuntu 22.04
N=1 LifestyleutopiArte
Unknown parent • • •Something like this?
# For more information see the manual pages of crontab(5) and cron(8)
#
# m h dom mon dow command
*/5 * * * * cd /var/www/html; su -u friendica /usr/bin/php bin/worker.php
utopiArte
Unknown parent • • •As off now it was running like this:
*/5 * * * * cd /var/www/html; /usr/bin/php bin/worker.php
Your suggestion:
php
command withsu -u friendica
*/5 * * * * cd /var/www/html;
su -u friendica/usr/bin/php bin/worker.php
What we didn't actually clarified is what
friendica
stands for.Like to say, is it a "place holder", a variable for a user or application name?
Is "friendica" defined as such in
worker.php
?Or would it actually be
www-data
?utopiArte
Unknown parent • • •learning question:
(some maybe "notes to myself to investigate")
When is that php software setting actually done?
I'm still working on that friendica for ubuntu VPS installation tutorial and at the same time (of course) starting to wonder about adding more sites, friendica or maybe other site software to the server I'm testing around with and actually just started to wonder how to separate for example two friendica instances to not use two times www-data for example. Like to get as differentiated permission and access settings as possible.
In the case of DB user and DB's themselfs that's more than obvious, but how when or where does the (in this case) www-data setting take place?
When pulling from github into the prepared (in this case) /html folder?
Or the subsequent
bin/composer.phar install --no-dev
step?What happens if I try now to create a folder tree for several domains/subdomains and move/rename the existing /html folder?
There are some references in the admin panel for paths, that's kinda easy to find and change but are there more settings in the LAMP-Installation to have an eye on?
Why is it that the cron setting is the only one that doesn't have a path like the other files to edit with nano for example?
utopiArte
Unknown parent • • •Well, this;
*/5 * * * * cd /var/www/html; su -u www-data /usr/bin/php bin/worker.php
.. didn't work out.
Looks like cron job didn't execute at all.
TupambAdmin [stable]
in reply to utopiArte • • •Still monitoring this and wondering if some setting and changes while moving the server has to do with this.
Right now there are folder structures like the mentioned created and visible in /smarty3 and /storage.
Of the two folders that have root as owner in the /smarty3 folder, there is one subfolder that exists in the /storage folder and one that doesn't.
The one that does exist in /storage and /smarty3 has the same creation date (Nov 28 2023).
It actually points right now to this very answer above:
/display/0ac89072-1165-95dc-31ec-a8a342054692
That folder contains an completely unrelated unknown avatar.
While trying to nano the file contained in the other folder right now the following message came up:
"File root is being edited by root (with nano 6.2, PID 3334); open anyway?"
Opening anyway gave an empty nano editor with something like 1/7.
Trying to leave with [ctrl-X] and [N] wasrejected and an empty nano editor with 1/2 showed up on top.
Closed the SSH window o escape this.
utterly strange
utopiArte
in reply to TupambAdmin [stable] • • •I start getting the feeling that the admin profile has or had the ability to publish as root.
There is specifically one post right now that is public where this profile commented on. That post shows up on the profile page but when this profile tries to open it or even open a notification of an answer on that post done by the admin profile a blank page get's displayed. Occasionally with a code error, occasionally with nothing at all.
This is the link of the latest notification that display a blank page:
https://tupambae.org/display/0ac89072-4065-b25c-c45a-703128708436
Server settings
tupambae.org