*** SECURITY information for hostname.domain.com ***
From: [email protected] To: [email protected] · Mon, Mar 30 at 2:49 PM
Message Body
hostname.domain.com : Mar 30 14:49:48 : hestiaweb : a password is required ; PWD=/usr/local/hestia/web/fm/dist ; USER=root ; COMMAND=/usr/bin/chmod o+x /home/username/.ssh
Is this normal? I received this email in my spam. That day I did some changes via FM on my WordPress site theme, usually stuff like theme/plugin updates.
After that action the permissions remained too open: .ssh = 755 authorized_keys = 644
Should I do this? Or?
chmod 700 /home/username/.sshchmod 600 /home/username/.ssh/authorized_keyschown -R username:username /home/khaconcepts/.ssh
You shouldn’t change permissions manually.
That’s a bug. hestiaweb is trying to use sudo with the chown command and it isn’t allowed,
You can ignore the log or fix it:
Try this.
Edit file /usr/local/hestia/web/fm/configuration.php and replace this:
shell_exec("sudo chmod o+x " . quoteshellarg("/home/" . basename($v_user) . "/.ssh"));
by this:
shell_exec("sudo /usr/local/hestia/bin/v-change-fs-file-permission " . quoteshellarg(basename($v_user)) . " " . quoteshellarg("/home/" . basename($v_user) . "/.ssh" . " 0755"));
1 Like
I forgot to mention that 755 should not be used for .ssh but to use 700, the script v-add-user-sftp-key must be modified to set a new acl:
sed -i.ori -e '/^AUTHKEY_FILE=.*authorized_keys/a SSH_DIR="$HOMEDIR/$user/.ssh"' -e '/^chown "hestiaweb": "${PRVKEY_FILE}"/a \\nsetfacl -m u:hestiaweb:--x "${SSH_DIR}" > /dev/null 2>&1' /usr/local/hestia/bin/v-add-user-sftp-key
If you already modified /usr/local/hestia/web/fm/configuration.php you must also edit it and remove the modification.
If you didn’t modify it yet, you can execute this command:
sed -i.ori '/\/\/ filemanager also requires .ssh chmod o+x/{N;N;d}' /usr/local/hestia/web/fm/configuration.php
So you can change .ssh perms to 700.
chmod 700 /home/*/.ssh
1 Like