.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable

  • We had an issue in our forum: http://forum.i-mscp.net/Thread-RESOLVED-Error-403
    The thread is now closed, but i can reproduce the problem.
    I had a fresh installation with fcgi. The user has every rights for php.
    Now i created a new user...In the webfolder every file has the owner "vuxxx:www-data"...
    If i remember in the past we had everytime the owner "vuxxx:vuxxx".. Why is it changed?
    The problem appears if the index.html is set to "vu2xxx:vu2xxx"...


    The problem is, if you upload teh index.html (at first delete the file) with ftp, the file is set to "vu2xxx:vu2xxx"...
    And then you get a 403 "Permission denied: file permissions deny server access".


    I need someone who test this again!


    Btw...
    I updated the system with the nightly script and changed to mod_itk...
    The files inside the webfolder are set to "vu2xxx:www-data" but the entry in the apache config is:

    Code
    1. <IfModule !mpm_itk_module>
    2. <IfModule suexec_module>
    3. SuexecUserGroup vu2xxx vu2xxx
    4. </IfModule>
    5. </IfModule>

    Edited once, last by TheCry ().


  • Bug in Update Progress??


    Yes... In my eyes it is a bug while chmod the webfolders of the user..

    Code
    1. $cmd = "$main::imscpConfig{'CMD_CHOWN'} -R $self->{domain_uid}:$httpdGroup $dmn_dir";


    But i wait for the reply of Daniel.


    Btw... Please have a look on your server in the webfolders of the users.. And then look on the ownership of the files and dirs. But only if you are using the current master

    Edited once, last by TheCry ().

  • I think is because of mod_php and fcgid enabled in same time. can you provide a lust of enabled modules?

  • Hi Daniel...
    Here the list of the enabled modules..


    Btw... This is a fresh installation!
    And i didn't activated or deactived any modules on my own.. I'd only worked with the imscp-autoinstaller...
    But i took a look inside the scripts and the engine makes every time the owner "vu***:www-data"... The problem is the proftpd, because it uploads with "vu***:vu***".
    If we will fix the problem, we should give the folder a "chmod o+x" or we need to update the gid of the users.
    But at first take a look by yourself.

    Edited once, last by TheCry ().

  • I've looked a bit more into that, it seems that the change in the chmod behaviour was introduced in this commit (https://github.com/i-MSCP/imsc…6e739c075c9ec2902aaf97e5a) it seems that the code came together with the fix of #215
    Since we are using suexec it seems to me that it makes sense having the files with vuxxxx for user and group permissions, and the behaviour of the proftpd is the right one (IMHO).
    I'll try to revert that change and see what happens.


  • Hello ;


    I cannot reproduce the problem described here with last master.


    1. Usage of fcgid
    2. Creation of new domain account
    3. Deletion of the index.html (filezilla client) file via ftp
    4. Upload of new index.html file via ftp (filezilla client) (permissions are set as vuxxx:vuxxx 0644)


    Code
    1. root@imscp:/var/www/virtual/test.com/htdocs# ls -la
    2. total 16
    3. drwxr-x--- 3 vu2006 www-data 4096 14 déc. 07:12 .
    4. drwx--x--- 9 vu2006 www-data 4096 14 déc. 06:36 ..
    5. drwxr-x--- 2 vu2006 www-data 4096 14 déc. 06:36 images
    6. -rw-r--r-- 1 vu2006 vu2006 90 14 déc. 07:12 index.html
    7. root@imscp:/var/www/virtual/test.com/htdocs#


    All work fine.


    Of course, if you want restrict the permissions to 0640 (not world readable), you must allow the apache user (www-data) to read the static files such as the index.html file, and so, you have to set the user and group as vuxxxx:www-data.


    BTW: When using ITK, the suexec section is not relevant (see the negation)...


    For now, I'll close the related ticket #480.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    Edited once, last by Nuxwin ().