File manager Unknown Error after restore VPS

Good Night every1.
I’ve already searched for this topic on the forum and outside and I’ve tried all the options that were presented.

But in resume after I’ve restore my VPS to the latest backup ( after I mess with some stuff and didnt work ) I’m facing the Unknown Error on the FIle Manager.

I’m sharing the log to see if it make sence to any PRO here ?
I’m a newbie so for even after opening the files, I dont understand the problem :stuck_out_tongue:

root@hestiacp:~# tail -f -s0.1 /var/log/hestia/nginx-error.log
2023/10/29 02:05:55 [error] 2220902#0: *3115 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 51.79.196.197, server: _, request: "POST /debugger/configs.php HTTP/1.1", upstream: "fastcgi://unix:/run/hestia-php.sock:", host: "143.42.27.180:8083"
2023/10/29 02:05:56 [error] 2220902#0: *3117 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 51.79.196.197, server: _, request: "POST /configurations/debug.php HTTP/1.1", upstream: "fastcgi://unix:/run/hestia-php.sock:", host: "143.42.27.180:8083"
2023/10/29 18:43:54 [error] 1300#0: *1 FastCGI sent in stderr: "PHP message: PHP Fatal error:  Uncaught League\Flysystem\Sftp\InvalidRootException: Root is invalid or does not exist: / in /usr/local/hestia/web/fm/vendor/league/flysystem-sftp/src/SftpAdapter.php:279
Stack trace:
#0 /usr/local/hestia/web/fm/vendor/league/flysystem-sftp/src/SftpAdapter.php(208): League\Flysystem\Sftp\SftpAdapter->setConnectionRoot()
#1 /usr/local/hestia/web/fm/vendor/league/flysystem/src/Adapter/AbstractFtpAdapter.php(650): League\Flysystem\Sftp\SftpAdapter->connect()
#2 /usr/local/hestia/web/fm/vendor/league/flysystem-sftp/src/SftpAdapter.php(360): League\Flysystem\Adapter\AbstractFtpAdapter->getConnection()
#3 /usr/local/hestia/web/fm/vendor/league/flysystem/src/Adapter/AbstractFtpAdapter.php(338): League\Flysystem\Sftp\SftpAdapter->listDirectoryContents()
#4 /usr/local/hestia/web/fm/vendor/league/flysystem/src/Filesystem.php(272): League\Flysystem\Adapter\AbstractFtpAdapter->listContents()
#5 /usr/local/hestia/web/fm/backend/Services/Storage/Filesystem.php(199): League\Flysystem\Files" while reading response header from upstream, client: 81.115.82.240, server: _, request: "POST /fm/?r=/getdir HTTP/2.0", upstream: "fastcgi://unix:/run/hestia-php.sock:", host: "hestiacp.example.com:8083", referrer: "https://hestiacp.example.com:8083/fm/"

This is done already:

/etc/ssh/sshd_config
Subsystem sftp internal-sftp

Deleted all XXX that I’ve created
/home/XXX/.ssh/

did also the chmod 644 ( I’ve restore again the backup so its no more at 644 )

Show the output of these commands:

ls -lh /etc/ssh/sshd_config
ls -lh /etc/ssh/sshd_config.d/
grep -vE '^#|^$' /etc/ssh/sshd_config

ls -lh /etc/ssh/sshd_config
-rw-r–r-- 1 root root 3.4K Oct 24 16:15 /etc/ssh/sshd_config
ls -lh /etc/ssh/sshd_config.d/
total 0

grep -vE '^#|^
``` /etc/ssh/sshd_config
Include /etc/ssh/sshd_config.d/*.conf
LoginGraceTime 1m
PermitRootLogin yes
PasswordAuthentication yes
PermitEmptyPasswords no
KbdInteractiveAuthentication no
UsePAM yes
X11Forwarding yes
PrintMotd no
DebianBanner no
AcceptEnv LANG LC_*
Subsystem sftp internal-sftp

Match User sftp_dummy99,admin,dev,anasilva,waves4life,waves4life_customerFTP,admin_scp,waves4life_w4l,waves4life_man
ChrootDirectory %h
    X11Forwarding no
    AllowTCPForwarding no
    ForceCommand internal-sftp

@sahsanu

I see no problem with your sshd conf.

You can’t use file manager with any user or only some users don’t work?

Show the output of these commands:

cat /etc/shells
ls -l /home/admin/.ssh/
namei -mo /home/admin/.ssh/
grep -E '^admin|^dev|^anasilva|^waves4life' /etc/passwd

all the users are having the same error

# /etc/shells: valid login shells
/bin/sh
/bin/bash
/usr/bin/bash
/bin/rbash
/usr/bin/rbash
/usr/bin/sh
/bin/dash
/usr/bin/dash
/usr/bin/tmux
/usr/bin/screen
/usr/sbin/nologin
f: /home/admin/.ssh/
 drwxr-xr-x root  root  /
 drwxr-xr-x root  root  home
 drwxr-x--x root  root  admin
 drwxr-xr-x admin admin .ssh
admin:x:1000:1000:[email protected]:/home/admin:/usr/sbin/nologin
dev:x:1001:1001:[email protected]:/home/dev:/usr/sbin/nologin
anasilva:x:1002:1002:[email protected]:/home/anasilva:/usr/sbin/nologin
waves4life:x:1003:1003:[email protected]:/home/waves4life:/usr/sbin/nologin
waves4life_customerFTP:x:1003:1003::/home/waves4life/web/customer.waves4life.pt:/usr/sbin/nologin
admin_scp:x:1000:1000::/home/admin/web/hestiacp.cenasuteis.com:/usr/sbin/nologin
waves4life_w4l:x:1003:1003::/home/waves4life/web/kitesurfinportugal.com:/usr/sbin/nologin
waves4life_man:x:1003:1003::/home/waves4life/web/waves4life.pt:/usr/sbin/nologin

How do you guys come with all this codes ahahhaha ?

Can be something related to SSL ?
Again the only thing I did was restoring the backup of today morning ( and everything was working without any issue this morning )

Change admin home perms to 755:

chmod 755 /home/admin/
setfacl -m "g:admin:r-x" "/home/admin"

And try again.

Note: Don’t use above setfacl command with the other users.

@sahsanu magic ! it is working on the admin account.
Can you find some time to explain this witchcraft ?

Before fixing the other users, show me this output;

grep hestia-users /etc/group

hestia-users:x:999:dev,anasilva,waves4life,waves4life_customerFTP,waves4life_formFTP,admin_scp,waves4life_w4l,waves4life_man

For those users ( dev anasilva waves4life) do this (change $user by the real user):

chmod 755 /home/$user
setfacl -m "u:$user:r-x" "/home/$user"

Edit: I forgot this:

setfacl -m "g:hestia-users:---" "/home/$user"

Above command is for all users, included admin.

chmod 755 /home/dev
setfacl -m “g:hestia-users:—” “/home/dev”

chmod 755 /home/anasilva
setfacl -m “g:hestia-users:—” “/home/anasilva”

chmod 755 /home/waves4life
setfacl -m “g:hestia-users:—” “/home/waves4life”

This one did not work for any user, or I did something wrong ?
I log off and logon to try , and not working

I need the error message

Sorry i think i understood :slight_smile:

Doing the bellow, that user had access to FM
chmod 755 /home/waves4life
setfacl -m “u:waves4life:r-x” “/home/waves4life”

Doing the bellow, that user did not have access to FM
chmod 755 /home/anasilva
setfacl -m “g:hestia-users:—” “/home/anasilva”

You must add the three commands to dev anasilva waves4life and the last one also for admin user.

For the user anasilva did not work.

hestia-php.sock:", host: "hestiacp.cenasuteis.com:8083", referrer: "https://hestiacp.cenasuteis.com:8083/fm/"
2023/10/29 21:33:54 [error] 1300#0: *179 FastCGI sent in stderr: "PHP message: PHP Fatal error:  Uncaught League\Flysystem\Sftp\ConnectionErrorException: Could not login with username: anasilva, host: 127.0.0.1 in /usr/local/hestia/web/fm/vendor/league/flysystem-sftp/src/SftpAdapter.php:244
Stack trace:
#0 /usr/local/hestia/web/fm/vendor/league/flysystem-sftp/src/SftpAdapter.php(207): League\Flysystem\Sftp\SftpAdapter->login()
#1 /usr/local/hestia/web/fm/vendor/league/flysystem/src/Adapter/AbstractFtpAdapter.php(650): League\Flysystem\Sftp\SftpAdapter->connect()
#2 /usr/local/hestia/web/fm/vendor/league/flysystem-sftp/src/SftpAdapter.php(360): League\Flysystem\Adapter\AbstractFtpAdapter->getConnection()
#3 /usr/local/hestia/web/fm/vendor/league/flysystem/src/Adapter/AbstractFtpAdapter.php(338): League\Flysystem\Sftp\SftpAdapter->listDirectoryContents()
#4 /usr/local/hestia/web/fm/vendor/league/flysystem/src/Filesystem.php(272): League\Flysystem\Adapter\AbstractFtpAdapter->listContents()
#5 /usr/local/hestia/web/fm/backend/Services/Storage/Filesystem.php(199): League\Fly" while reading response header from upstream, client: 89.115.89.243, server: _, request: "POST /fm/?r=/getdir HTTP/2.0", upstream: "fastcgi://unix:/run/hestia-php.sock:", host: "hestiacp.cenasuteis.com:8083", referrer: "https://hestiacp.cenasuteis.com:8083/fm/"

I just tried the other users is not working also, but for waves4life was working a moment ago.

So i probably did something wrong here…

If you think its better for me to rollback the backup I can do it.

This is correct ? or the last line should not be changed to the userId ?
chmod 755 /home/anasilva
setfacl -m “u:anasilva:r-x” “/home/anasilva”
setfacl -m “g:hestia-users:—” “/home/anasilva”

That should work.

Show the output:

ls -ld /home/anasilva
getfacl /home/anasilva
root@hestiacp:~# ls -ld /home/anasilva
drwxr-xr-x+ 16 root root 4096 Oct 29 18:30 /home/anasilva

root@hestiacp:~# getfacl /home/anasilva
getfacl: Removing leading '/' from absolute path names
# file: home/anasilva
# owner: root
# group: root
user::rwx
user:anasilva:r-x
group::r-x
group:hestia-users:---
mask::r-x
other::r-x

But in resume because I used a backup on my VPS to restore the full system, ive lost the “permissions” how this is possible ?

I don’t know what happened with your backup.

Also, I see the right perms/acl for /home/anasilva , check the perms for /home/anasilva/.ssh too (them should be 755)

root@hestiacp:~# ls -ld /home/anasilva/.ssh
drwxr-xr-x 2 anasilva anasilva 4096 Oct 29 18:24 /home/anasilva/.ssh



root@hestiacp:~# ls -l /home/anasilva/.ssh
total 8
-rw-r--r-- 1 anasilva anasilva  326 Apr 19  2023 authorized_keys
-rw------- 1 admin    admin    1064 Apr 19  2023 hst-filemanager-key