Make /home/user/web/domain/ directory writable

Community Support
1

using nginx/fastcgi only:

  1. Created a new template /usr/local/hestia/data/templates/web/php-fpm >>> default-new.tpl with addition of: /home/%user%/web/%domain% to php_admin_value[open_basedir] =
  2. Changed /home/user/web/domain/ domain permissions to: 0751
  3. Selected/saved new tpl in panel + ran v-rebuild-web-domain just in case

ISSUE: /home/user/web/domain/ Permissions revert back to 0551

Looks like /usr/local/hestia/func/rebuild.sh line 463 does the reversion. Any work around besides created a sub directory under public_html and assigning that as docroot?

I don’t understand why making /home/user/web/domain/ unwritable improves security. It looks like there is only stats + logs in that dir…

2

Easiest method is just move everything 1 folder up with the custom docroot

Screenshot 2023-09-23 at 21.49.13
Screenshot 2023-09-23 at 21.49.131708×556 25.7 KB

And enter in Directory public_html

3

Thank you for your reply.

Yes. I understand that is already built into hestia and it works.

My questions is:

Can I make /home/user/web/domain/ writeable and have it persist?

4

Yes create a file .sh file with the same template in

/usr/local/hestia/data/templates/web/nginx/php-fpm/

And write permissions

#!/bin/bash 

user="$1"
domain="$2"
ip="$3"
home="$4"
docroot="$5"

chmod 755 /home/$user/web/$domain
5

Thank you.

I created the file: /usr/local/hestia/data/templates/web/php-fpm/default-new.sh containing

#!/bin/bash 

user="$1"
domain="$2"
ip="$3"
home="$4"
docroot="$5"

chmod 755 /home/$user/web/$domain

and rebuilt the domain. But the permissions stayed the same. I’m not clear how the underlying hestia code works. So I’m missing something in your instructions. I read your instructions as hestia will autoload that .sh file on domain rebuild. Thanks!

6

chmod +x /usr/local/hestia/data/templates/web/php-fpm/default-new.sh

Edit: my cat decided to send the post before I finished it :stuck_out_tongue:

As far as I know, default-new.sh script will be triggered when saving domain but when rebuilding domain, function rebuild_web_domain_conf (the one which changes perms to 551) is executed after the trigger that executes default-new.sh so you can’t do it with a template script.

7

Thank you @sahsanu Making it executable didn’t work. Other suggestions?

To confirm: Running v-rebuild-web-domain where domain Backend Template PHP-FPM is set to: default-new.tpl will auto execute default-new.sh True?

8

I’ve edited the above post, don’t know if you have seen it

9

Thanks. And yes I didn’t see it before I sent reply.

I poked around the hestia code a little but I couldn’t find where the script gets triggered.

Regardless, unexpected behavior that doesn’t make sense to me; should be same on create AND rebuild. I can see the value in having a script run at domain creation AND having a different script run on domain rebuild if necessary. It seems like an easy thing to implement either way while preserving current functionality. So…

Can we fix that? I’m happy to help… Maybe someone else will chime in.

10

It get triggered here:

11

Thanks. Looks like line 335-340 plus var setup earlier in function.

What is the purpose of having it function differently on create vs rebuild?