Hestia v1.8.11 on Debian 11
I get a 503 Internal Server Error when I try to install any app on some users, already checked previous reports:
I meddled in the PHP code to fix the above error, now there is an odd permission error:
│2024/05/30 09:35:19 [error] 115541#0: *953 FastCGI sent in stderr: "PHP message: PHP Notice: ls: Zugriff auf '/home/5000/web/DOMAIN.eu/public_html/' nicht möglich: Keine Berechtigung │
│Error: cmd exited with errors in /usr/local/hestia/web/src/app/System/HestiaApp.php on line 46; PHP message: PHP Fatal error: Uncaught Exception: ls: Zugriff auf '/home/5000/web/DOMAIN.eu/public_html/' nicht möglich: Keine Berechtigung │
│Error: cmd exited with errors in /usr/local/hestia/web/src/app/System/HestiaApp.php:48 │
│Stack trace: │
│#0 /usr/local/hestia/web/src/app/System/HestiaApp.php(59): Hestia\System\HestiaApp->run() │
│#1 /usr/local/hestia/web/src/app/WebApp/AppWizard.php(38): Hestia\System\HestiaApp->runUser() │
│#2 /usr/local/hestia/web/templates/pages/setup_webapp.php(29): Hestia\WebApp\AppWizard->isDomainRootClean() │
│#3 /usr/local/hestia/web/inc/main.php(202): include('...') │
│#4 /usr/local/hestia/web/add/webapp/index.php(106): render_page() │
│#5 {main} │
│ thrown in /usr/local/hestia/web/src/app/System/HestiaApp.php on line 48" while reading response header from upstream, client: 105.160.86.58, server: _, request: "GET /add/webapp/?app=WordPress&domain=DOMAIN.eu HTTP/2.0", upstream: "fastcgi://un│
$ ls -ld /home/5000
drwxr-xr-x+ 13 root root 4096 31. Jan 12:17 /home/5000
Is there a particular reason the hestia-users are excluded in the facl?
$ getfacl /home/5000
getfacl: Entferne fĂĽhrende '/' von absoluten Pfadnamen
# file: home/5000
# owner: root
# group: root
user::rwx
user:5000:r-x
group::r-x
group:hestia-users:---
mask::r-x
other::r-x
Users shouldn’t contain only numbers to avoid issues with UIDs. Hestia shouldn’t allow to create them, I’ll take a look when I’ll have free time.
1 Like
good point, but the permission issue stands, and is being very odd:
janek@main:~ :) $ getfacl /home/5000 /home/xe477
getfacl: Entferne fĂĽhrende '/' von absoluten Pfadnamen
# file: home/5000
# owner: root
# group: root
user::rwx
user:5000:r-x
group::r-x
group:hestia-users:---
mask::r-x
other::r-x
# file: home/xe477
# owner: root
# group: root
user::rwx
user:xe477:r-x
group::r-x
group:hestia-users:---
mask::r-x
other::r-x
janek@main:~ :) $ sudo -u xe477 ls /home/xe477
conf mail tmp web
janek@main:~ :) $ sudo -u 5000 ls /home/5000
ls: Öffnen von Verzeichnis '/home/5000' nicht möglich: Keine Berechtigung
All users are added to the hestia-users group
But it should not be able to access any thing in the folder
1 Like
@eris already explained the use of hestia-users and regarding the “issue” with perms, that is because user 5000 doesn’t have a shell assigned.
v-change-user-shell 5000 bash
And try again:
sudo -u 5000 ls /home/5000
But changing the user shell should not be needed to install a web app, and the current error I am getting is that permission error - what I posted was just reproducing that issue
Try setting it then to nologin
And the php error is given because 5000 is a int instead of a string …
The PHP error I solved in the code, will make a PR.
But that permission error is persistent - I still cannot find the difference between those two users, neither it is the shell:
$ sudo cat /etc/passwd | grep -E '(5000|477)'
xe477:x:1092:1092:[email protected]:/home/xe477:/sbin/nologin
5000:x:1163:1163:[email protected]:/home/5000:/sbin/nologin
We have removed support for new users containing only numerical values due to the issues you are explaining
Linux is not able to handle only numerical usernames
It is considered a bug in the past …
It will also cause issues with PHP so don’t use numbers only