Closed xoddark closed 2 years ago
Facing the same bug.
Same bug :/
Manual fix:
# chown -R my_webapp:www-data /var/www/my_webapp/www
# chmod 750 /var/www/my_webapp
# chmod 755 -R /var/www/my_webapp/www
I cannot replicate the issue on YunoHost v4.3.6.
Can you all share the output of the following commands?
ls -la /var/www/my_webapp
getfacl /var/www
getfacl /var/www/my_webapp
Can you all share the output of the following commands?
# ls -la /var/www/my_webapp__3
drwxrwx---+ 3 root root 4096 Jan 27 18:10 .
drwxr-xr-x+ 10 root root 4096 Jan 27 18:10 ..
drwxrwxrwx 2 my_webapp__3 www-data 4096 Jan 27 18:10 www
# getfacl /var/www
getfacl: Removing leading '/' from absolute path names
# file: var/www
# owner: root
# group: root
user::rwx
group::r-x
group:all_users:---
mask::r-x
other::r-x
# getfacl /var/www/my_webapp__3
getfacl: Removing leading '/' from absolute path names
# file: var/www/my_webapp__3
# owner: root
# group: root
user::rwx
group::rwx
group:www-data:r-x
group:my_webapp__3:r-x
mask::rwx
other::---
@tituspijean I have the same result to command than @rozetkinrobot
@tituspijean : Thank you
Hello,
unfortunately I'm running into a similar problem. When I try to login with the command
sftp -i .ssh/id_rsa my_webapp@myserver.com
I get the following output on the client side:
Debian GNU/Linux 11
client_loop: send disconnect: Broken pipe
Connection closed
and the sshd log on the server says:
pam_unix(sshd:session): session opened for user my_webapp(uid=996) by (uid=0)
User child is on pid 1908005
fatal: bad ownership or modes for chroot directory component "/var/www/"
which is a bit strange because I thought it would maybe complain about bad ownership for /var/www/my_webapp but it complains about the parent directory.
The output of getfacl /var/www/my_webapp
is
getfacl: Removing leading '/' from absolute path names
# file: var/www/my_webapp
# owner: my_webapp
# group: www-data
user::rwx
group::rwx #effective:r-x
group:www-data:r-x
group:my_webapp:r-x
mask::r-x
other::---
and the output of getfacl /var/www
is
getfacl: Removing leading '/' from absolute path names
# file: var/www
# owner: root
# group: root
user::rwx
group::rwx
group:all_users:---
mask::rwx
other::r-x
Do you have any idea what could be wrong here?
What about ls -la /var/www/my_webapp
?
drwxr-x---+ 4 my_webapp www-data 4096 Nov 27 19:14 .
drwxrwxr-x+ 8 root root 4096 Nov 27 19:13 ..
drwxr-xr-x 2 my_webapp www-data 4096 Nov 27 19:15 .ssh
drwxr-xr-x 21 my_webapp www-data 4096 Nov 27 19:15 www
I fixed it! Using chmod 0755 /var/www
Now getfacl /var/www
says
getfacl: Removing leading '/' from absolute path names
# file: var/www
# owner: root
# group: root
user::rwx
group::rwx #effective:r-x
group:all_users:---
mask::r-x
other::r-x
The only difference I can see to before is the mask. Thanks for looking into it though!! :)
Describe the bug
A clear and concise description of what the bug is.
Context
Steps to reproduce
client_loop: send disconnect: Broken pipe
Expected behavior
The connection should work when webapp is installed.
Logs
On the server there is this sshd log :
journalctl 16:23:50 sshd[2856]: Connection from port 38674 on port 22
journalctl 16:23:55 sshd[2856]: Accepted password for my_webapp from 4 port 38674 ssh2
journalctl 16:23:55 sshd[2856]: pam_unix(sshd:session): session opened for user my_webapp by (uid=0)
journalctl 16:23:55 sshd[2856]: User child is on pid 2881
journalctl 16:23:55 sshd[2856]: pam_unix(sshd:session): session closed for user my_webapp
auth.log 16:23:55 xoddark sshd[2856]: Accepted password for my_webapp from port 38674 ssh2
auth.log 16:23:55 xoddark sshd[2856]: pam_unix(sshd:session): session opened for user my_webapp by (uid=0)
auth.log 16:23:55 xoddark systemd-logind[387]: New session 17 of user my_webapp.
auth.log 16:23:55 xoddark systemd: pam_unix(systemd-user:session): session opened for user my_webapp by (uid=0)
auth.log 16:23:55 xoddark sshd[2856]: User child is on pid 2881
auth.log 16:23:55 xoddark sshd[2881]: fatal: bad ownership or modes for chroot directory "/var/www/my_webapp"
auth.log 16:23:55 xoddark sshd[2856]: pam_unix(sshd:session): session closed for user my_webapp
The important line seems to be :
fatal: bad ownership or modes for chroot directory "/var/www/my_webapp"
Manual fix :
When I have take a look on server I see this folder right :
drwxrwx---+ 3 root root 4096 Jan 16 15:05 my_webapp
Removed the group write right fixed the issue. Newdrwxr-x---+ 3 root root 4096 Jan 16 15:05 my_webapp
I supposed than ynh_system_user_create should remove group write access or my_webapp should fix right after home folder creation.