Permissions model question(s)

I have the latest stable hestiacp on an up to date debian 11.6 system.
Trying to get Squirrelmail working. (I know, it’s old, but I have many users who prefer it over Roundcube, so I offer this as a secondary option, besides, the latest versions are even running under php 8!)
Whatever I do, I keep getting;

Error opening …/data/default_pref
Could not create initial preference file!
/home/prefs/ should be writable by user x
Please contact your system administrator and report this error.

User x is the user created by hestia, for the web-domain under which I will offer up Squirrelmail.
On the previous server(s) on which Sqm is running fine now, I have nginx running with
user:group www-data:www-data. This is also listen user/group in the php-fpm pool file.
On this hestiacp controlled instance, I assume it’s x : www-data

So I made /home/prefs writable by user x, but nothing changes.

Squirrelmail has some possible solutions: SquirrelMail - Webmail for Nuts!
but none of those work. I’m at a loss here. Any ideas?
Can I safely create a template whereby I force it to use www-data:www-data as it is on its preceding system, or does one such template already exist for hestia?

Just in case, is a username of one character allowed (it is actually x here)? And since I will be running Sqm under this user, can other users mail-accounts still use this webmail instance too? If so, why have you chosen this permission model? nginx and php-fpm running as a user different from www-data is quite un-usual, as far as I can tell.

I assume you install the “index” file in /home/user/web/xxxxx/public_html
So it tries to create /home/user/web/xxxxx/data/xxx

  1. You can create a folder as root and chmod it to the user and create custom php-fpm template.
  2. Upload Squirlemail to /home/user/web/xxxxx/public_html/xxxx and
  3. Or look at the implementation I made for rain loop in the past and it allows user to select It in the dropdown ([Feature] Rainloop + Flexible Webmail client support by jaapmarcus · Pull Request #1548 · hestiacp/hestiacp · GitHub)

Thanks, I will try that. I was trying to get logging visible to debug the issue, and then noticed that fpm wasn’t logging at all, and that the nginx domainname_error.log wasn’t either. That last one was owned by root, while the error logs of all other domains I have running already are owned by its user.
Something’s amiss with nginx here.
Maybe because I manually apt installed the new version again.

Is there a command to re-install only nginx exactly as hestia did during its initial install, without deleting existing domains config?

We only overwrite

Doesn’t make a difference what I do. Still that error. This is so weird.
I already tried giving it all 777, so the dialog is not correct, it’s something else. It’s as if php/nginx does not want to write to /home/prefs no matter what I change.

I’m going to try and activate the old nginx domain conf and php-fpm conf from the preceding system for just this domain and see what happens.

# ps -eo user,comm | grep nginx
root     hestia-nginx
admin    hestia-nginx
root     nginx
www-data nginx
www-data nginx
www-data nginx
www-data nginx
www-data nginx
www-data nginx
www-data nginx
www-data nginx
www-data nginx

Nginx does run under www-data by default that is fine.

But public_html should have www-data group permissions. Their reset should be user:user and “normal” read permissions only writeable by the user.

It’s working! Apparently needed to put the /data/ and /attachments/ dirs under the public_html dir. With Sqm a directory deeper that’s secure enough for me… So now in Sqm config file it’s;

$data_dir = ‘/home/userx/web/’;
$attachment_dir = ‘/home/userx/web/’;

The second hurdle is getting nginx caching right for squirrelmail, because now it shows other user data stuff mingled with the new logged in user, old folders cached for the new user. Weird. Is any of the templates best to pick for webmail usage? I guess I can rip it from what roundcube or rainloop uses.

Default webmail installation run under a different system then web domains

If you need to offer your clients a method to select the webmail in the settings:

is the route to follow…

1 Like

You mean: [How-to] RainLoop in Hestia CP - #2 by ruflex

The tutorial is from even before that time

How ever the file locations are still correct but name the templates like:


And when done:

Update /usr/local/hestia/conf/hestia.conf WEBMAIL to roundcube,squiremail