Script to fix home directory permissions (use at your own risk)

Summary

Here is a script that I borrowed from various sources and added some of my own items to theoretically “fix” permissions in the /home directory for all users. It’s especially useful after uploading a bunch of websites via sftp logged in as root (after you created their accounts of course!). USE AT YOUR OWN RISK - no warranties! FYI I saved mine to $HESTIA/bin/m-fixperms (I use m- for my custom scripts.) Also I don’t use DNS in Hestia so that was not accounted for. And finally this script supresses any errors. You can add them back in by removing the “&>/dev/null” portions.

cd /home/
for i in `ls | grep -v 'lost+found'`; do 
	if id "$i" &>/dev/null ; then
		chattr -i /home/*/conf  &>/dev/null
		chown -R ${i}:${i} /home/$i  &>/dev/null
		chown root:root  /home/$i/conf  &>/dev/null
		chown root:root  /home/$i/conf/*  &>/dev/null
		chown Debian-exim:mail /home/$i/conf/mail/*  &>/dev/null
		chown dovecot:mail /home/$i/conf/mail/*/passwd  &>/dev/null
		chown $i:$i /home/$i/conf/web  &>/dev/null
		chown $i:$i /home/$i/conf/web/*  &>/dev/null
		chown $i:www-data /home/$i/web/*/public_*  &>/dev/null
		chmod -R u=rw /home/$i/web/*/public_html/*  &>/dev/null
		chmod -R go=r /home/$i/web/*/public_html/*  &>/dev/null
		chattr +i /home/$i/conf  &>/dev/null
		echo $i done 
	fi
done 

What is wrong with v-rebuild-users

Um, I didn’t even realize that’s what that did! Somewhat misleading command name IMHO.

It will also restore templates but also fixes the permissions

1 Like

So what does v-rebuild-users exactly do??? I ask because I tried it and now all my websites are offline. nginx isn’t even responding.

Even after reboot, all domains are error 500.

So it will call

This function is also called during upgrade of HestiaCP

That didn’t help. So why am I now getting error 500 on all sites? I had a clean install a week ago, copied in web files and restored databases and everything was working.

Check log files for the cause of the errors.

Also check the current version last version should be 1.2.3…

So interestingly enough, I keep refreshing one website and rerun v-rebuild-users. While its running, I get an nginx error page and then before it finishes it’s back to error 500.

I am 1.2.3.

How the hell would v-rebuild hose the nginx config?!?

Here’s what I’ve found. Please help fix.

2020/08/11 12:44:56 [error] 840123#840123: *91766 FastCGI sent in stderr: "PHP message: PHP Warning:  unlink(/home/webs/web/xxxxxxxxx.net/public_html/wp-content/uploads/bb-theme/editor-5f2c55fcb1728.css): Permission denied in /home/webs/web/xxxxxxxxx.net/public_html/wp-content/themes/bb-theme/classes/class-fl-wp-editor.php on line 119" while reading response header from upstream, client: 10.10.20.10, server: xxxxxxxxx.net, request: "GET /wp-admin/post.php?post=436&action=edit HTTP/1.1", upstream: "fastcgi://unix:/run/php/php7.4-fpm-xxxxxxxxxxx.net.sock:", host: "xxxxxxxxxx.net", referrer: "http://xxxxxxxxxxxxxx.net/wp-admin/edit.php?post_type=page"
2020/08/12 11:07:39 [crit] 1283540#1283540: *125002 open() "/home/webs/web/xxxxxxxxxxx.net/public_html/" failed (13: Permission denied), client: 10.10.20.10, server: xxxxxxxxxxx.net, request: "GET /?sccss=1&ver=5.4.2 HTTP/1.1", host: "xxxxxxxxxxx.net", referrer: "http://xxxxxxxxxxxx.net/"

Running PHP-FPM 751 for public_html and 755 for other folders should be fine.

I agree - so why are my sites down? I can’t identify the issue and I’m kind of hanging this on your head. “oh just run this command - I don’t know everything it does but it should work fine”.

Please help me troubleshoot!

What are the permissions of the files then?

Folders are not accesble

Access Denied: You do not have permission to view this page will fix the rights

find . -type d -exec chmod 755 {} \;
find . -type f -exec chmod 644 {} \;

See the difference

fixed temporarily by running chmod -R 755 /home//web/.

I’m live, now why would the v-rebuild-users be incorrect on permissions and what should they be?

Sorry didn’t see your instructions above…

v-rebuild-users resets the configs and might also fix the ‘home directory permissions’ to the defaults (this was your thread title).
this runs everytime during an upgrade, to make sure global changes are compatible with the default config and default templates.

that is also the reason why you should not change anything in the default templates, as all these changes get overridden.

that v-script does not change the permission on files inside your public_html folder (and that’s not what your topics said anyway)

if your system is borked after running this command you have a bigger problem, because you did something before that is not compatible with how Hestia works.

running chmod recursively already messed up your permissions within the public_html folder and therefore broke your system. chmod -R is bad practise because it simply does not distinguish between folders and files which eventually need different permission sets. especially folder need executable rights which translate into ‘being able to change into that folder’.

sorry to say, but your script is very much not advisable to use.

PS: this again is the wrong approach, as it will make your files executable as well, which they should not be, as this increases the risk to run arbitrary shell code more easily and so on:

2 Likes

v-rebuild-users does not change permissions on files and folder under the public_html path

Looking at your script I suspect the chmod lines are the problem

1 Like