Open plutocrat opened 5 years ago
Skamasle
commented
5 years ago Hi
I not understand the issue
If you add new domain it comes with correct permissions ?
VestaCP not change permissions by default if domain alredy exists you can fix it just with chmod
In any case try add new domain an check if this come with correct permissions.
plutocrat
commented
5 years ago Hmm, OK, maybe I wasn't clear. And it could be a change in the underlying OS of course.
Previously (before approx 8 months ago), if you created a domain then the permissions of the folder inside ~/web/ were dr-xr-x--x 9 webdev webdev 4.0K Aug 21 2017 olddomain.com
Now, if you create a domain (on the same machine), the permissions are drwxr-x--x 9 webdev webdev 4.0K Jun 21 14:46 newdomain.com
This was brought to my attention by a user who was unable to delete a file in ~/web/olddomain.com/, which they owned: without the write permission on the enclosing directory, they werent' able to do so.
My question was, which of these is correct? I wondered if there was a decision by vestapcp developers to change the permissions (to solve a problem perhaps?). If so, then perhaps the old directories should be changed also. If, on the other hand, it was inadvertent, perhaps because of a change in the OS, then perhaps that has opened up a security problem (the user can now rename directories, add new ones etc)
Operating System (OS/VERSION):
Ubuntu 16 64bit
VestaCP Version:
0.9.8.24
Steps to Reproduce:
run v-add-web-domain user domain.com
It seems the directory permissions of ~/web/domain.com have changed. Older domains are dr-xr-x--x whereas newer ones have owner-write permission added. eg
This creates a scenario where sometimes users can add/delete files within the domain directory and sometimes can't. What should be the correct permissions? Should we change them all to be the same? It seems the permissions changed around 8 months ago, as my best guess.