Make /home/user/web/domain/ directory writable

using nginx/fastcgi only:

  1. Created a new template /usr/local/hestia/data/templates/web/php-fpm >>> default-new.tpl with addition of: /home/%user%/web/%domain% to php_admin_value[open_basedir] =
  2. Changed /home/user/web/domain/ domain permissions to: 0751
  3. Selected/saved new tpl in panel + ran v-rebuild-web-domain just in case

ISSUE: /home/user/web/domain/ Permissions revert back to 0551

Looks like /usr/local/hestia/func/ line 463 does the reversion. Any work around besides created a sub directory under public_html and assigning that as docroot?

I don’t understand why making /home/user/web/domain/ unwritable improves security. It looks like there is only stats + logs in that dir…

Easiest method is just move everything 1 folder up with the custom docroot

And enter in Directory public_html

Thank you for your reply.

Yes. I understand that is already built into hestia and it works.

My questions is:

Can I make /home/user/web/domain/ writeable and have it persist?

Yes create a file .sh file with the same template in


And write permissions



chmod 755 /home/$user/web/$domain

Thank you.

I created the file: /usr/local/hestia/data/templates/web/php-fpm/ containing



chmod 755 /home/$user/web/$domain

and rebuilt the domain. But the permissions stayed the same. I’m not clear how the underlying hestia code works. So I’m missing something in your instructions. I read your instructions as hestia will autoload that .sh file on domain rebuild. Thanks!

chmod +x /usr/local/hestia/data/templates/web/php-fpm/

Edit: my cat decided to send the post before I finished it :stuck_out_tongue:

As far as I know, script will be triggered when saving domain but when rebuilding domain, function rebuild_web_domain_conf (the one which changes perms to 551) is executed after the trigger that executes so you can’t do it with a template script.

Thank you @sahsanu Making it executable didn’t work. Other suggestions?

To confirm: Running v-rebuild-web-domain where domain Backend Template PHP-FPM is set to: default-new.tpl will auto execute True?

I’ve edited the above post, don’t know if you have seen it

Thanks. And yes I didn’t see it before I sent reply.

I poked around the hestia code a little but I couldn’t find where the script gets triggered.

Regardless, unexpected behavior that doesn’t make sense to me; should be same on create AND rebuild. I can see the value in having a script run at domain creation AND having a different script run on domain rebuild if necessary. It seems like an easy thing to implement either way while preserving current functionality. So…

Can we fix that? I’m happy to help… Maybe someone else will chime in.

It get triggered here:

Thanks. Looks like line 335-340 plus var setup earlier in function.

What is the purpose of having it function differently on create vs rebuild?

For those that might find this useful in the future, I contributed this feature to hestia and it is available since version 1.8.11 to use add config:

add: DOMAINDIR_WRITABLE='yes' to /usr/local/hestia/conf/hestia.conf
or use command: v-change-sys-config-value DOMAINDIR_WRITABLE 'yes'


Created a new template /usr/local/hestia/data/templates/web/php-fpm >>> your-template-name.tpl with addition of: /home/%user%/web/%domain% to php_admin_value[open_basedir] =