Web App Installer throwing 503

Hestia v1.8.11 on Debian 11

I get a 503 Internal Server Error when I try to install any app on some users, already checked previous reports:

I meddled in the PHP code to fix the above error, now there is an odd permission error:

│2024/05/30 09:35:19 [error] 115541#0: *953 FastCGI sent in stderr: "PHP message: PHP Notice:  ls: Zugriff auf '/home/5000/web/DOMAIN.eu/public_html/' nicht möglich: Keine Berechtigung                                                               │
│Error: cmd exited with errors in /usr/local/hestia/web/src/app/System/HestiaApp.php on line 46; PHP message: PHP Fatal error:  Uncaught Exception: ls: Zugriff auf '/home/5000/web/DOMAIN.eu/public_html/' nicht möglich: Keine Berechtigung          │
│Error: cmd exited with errors in /usr/local/hestia/web/src/app/System/HestiaApp.php:48                                                                                                                                                                  │
│Stack trace:                                                                                                                                                                                                                                            │
│#0 /usr/local/hestia/web/src/app/System/HestiaApp.php(59): Hestia\System\HestiaApp->run()                                                                                                                                                               │
│#1 /usr/local/hestia/web/src/app/WebApp/AppWizard.php(38): Hestia\System\HestiaApp->runUser()                                                                                                                                                           │
│#2 /usr/local/hestia/web/templates/pages/setup_webapp.php(29): Hestia\WebApp\AppWizard->isDomainRootClean()                                                                                                                                             │
│#3 /usr/local/hestia/web/inc/main.php(202): include('...')                                                                                                                                                                                              │
│#4 /usr/local/hestia/web/add/webapp/index.php(106): render_page()                                                                                                                                                                                       │
│#5 {main}                                                                                                                                                                                                                                               │
│  thrown in /usr/local/hestia/web/src/app/System/HestiaApp.php on line 48" while reading response header from upstream, client: 105.160.86.58, server: _, request: "GET /add/webapp/?app=WordPress&domain=DOMAIN.eu HTTP/2.0", upstream: "fastcgi://un│

$ ls -ld /home/5000
drwxr-xr-x+ 13 root root 4096 31. Jan 12:17 /home/5000

Is there a particular reason the hestia-users are excluded in the facl?

$ getfacl /home/5000
getfacl: Entferne führende '/' von absoluten Pfadnamen
# file: home/5000
# owner: root
# group: root
user::rwx
user:5000:r-x
group::r-x
group:hestia-users:---
mask::r-x
other::r-x

Users shouldn’t contain only numbers to avoid issues with UIDs. Hestia shouldn’t allow to create them, I’ll take a look when I’ll have free time.

1 Like

good point, but the permission issue stands, and is being very odd:

janek@main:~ :) $ getfacl /home/5000 /home/xe477
getfacl: Entferne führende '/' von absoluten Pfadnamen
# file: home/5000
# owner: root
# group: root
user::rwx
user:5000:r-x
group::r-x
group:hestia-users:---
mask::r-x
other::r-x

# file: home/xe477
# owner: root
# group: root
user::rwx
user:xe477:r-x
group::r-x
group:hestia-users:---
mask::r-x
other::r-x

janek@main:~ :) $ sudo -u xe477 ls /home/xe477
conf  mail  tmp  web
janek@main:~ :) $ sudo -u 5000 ls /home/5000
ls: Öffnen von Verzeichnis '/home/5000' nicht möglich: Keine Berechtigung

All users are added to the hestia-users group

But it should not be able to access any thing in the folder

1 Like

@eris already explained the use of hestia-users and regarding the “issue” with perms, that is because user 5000 doesn’t have a shell assigned.

v-change-user-shell 5000 bash

And try again:

sudo -u 5000 ls /home/5000

But changing the user shell should not be needed to install a web app, and the current error I am getting is that permission error - what I posted was just reproducing that issue

Try setting it then to nologin

And the php error is given because 5000 is a int instead of a string …

The PHP error I solved in the code, will make a PR.

But that permission error is persistent - I still cannot find the difference between those two users, neither it is the shell:

$ sudo cat /etc/passwd | grep -E '(5000|477)'
xe477:x:1092:1092:[email protected]:/home/xe477:/sbin/nologin
5000:x:1163:1163:[email protected]:/home/5000:/sbin/nologin

We have removed support for new users containing only numerical values due to the issues you are explaining

Linux is not able to handle only numerical usernames

It is considered a bug in the past …

It will also cause issues with PHP so don’t use numbers only