New domain default permissions

SYSTEM INFORMATION
OS type and version Centos7
Webmin version 1.990
Virtualmin version 6.17pro
Related packages SUGGESTED

hi, i have installed new domains on my server and i can see the public_html are 403 forbidden after the server is created. the default virtualmin website is not installed, in the config is this enabled.
/home/user is 750
/home/user/public_html is 750

alot of my domain are working with this permission but the new created are not working they have a 403

Why do you think it is permissions? What’s in the error_log for the new domains?

[Sun Mar 13 23:51:10.412762 2022] [core:error] [pid 26784:tid 140495133067008] (13)Permission denied: [client ip:63423] AH00035: access to / denied (filesystem path ‘/home/user/domains/c.user.dk/public_html’) because search permissions are missing on a component of the path

so i have a 403, when i change the perms to 755 for the user folder and the public_html its working, but why is this perms not as default when i create the server ?

so the /home/user directory has 755 and other user can read the folder, when i only change the public_html to 755 its again 403 permission denied.


the perms on website directory is set to 750

i have domains with 750 on /home/user and /home/user/public_html and this domains are working
but not the new createt domains, why ?

Is this directory owned by the same user as the parent domain? 750 is correct in the general case.

yes the same user and group also in the subdomains

any ideas for this ? i have alot of domain but they cannot run with 755

Is SELinux active? It may have the wrong context for these subdirectories. (Virtualmin normally disables SELinux on installation, as it’s just too confusing and complicated and error-prone for most users.)

is disabled on both servers

I think there pretty much must be at least one of the subdirectories with the wrong group?

Can you check each path leading up to the public_html dir to make sure they’re all group-owned by the domain owner user? That user should be a secondary group for the Apache user, which should allow access all the way up the path. I’m having a hard time seeing any other way for this to happen.

Both servers?
You are testing the same or what trying todo.
Connection between both or?
Only asking , while a error in log noted client acces , so what kind of client. (And what kind of application is that trying to go beyond the paths for example, so setup wrong in paths of aplication itself… )

Sorry to interupt, but i think it should be more clear what he try todo the use case itself. i hope :wink:

Are you doing domain creation with virtual server creation on the box itself and the user for it? I know sorry pro is here somewhat differnt so keep futher my mouth shut.

i check this in the next hours

/home 755 root:root
/home/zero11235813 750 zero11235813:011235813
/home/zero11235813/public_html 750 zero11235813:011235813

the group 011235813 is in the secondary group of apache

Is the domain name really 011235813? I’m not sure how well all system tools handle an all-numeric user or group name. Is this happening only on numeric named domains? (You’d said above “new domains”, but maybe the problem is not that they’re new, but that they have a name that tickles a bug or limitation in the system.)

hm ja i have try with a test domain test.linuxhus.bla and it works. there are no numbers in username and group. I will try to backup a number diomain and recreate the domain with other users and groups

ok have changed the user to ‘nine’ and group ‘nine’ so the domain 011235813.bla have nine:nine and perms 750 but is the same. on my other domain is this working hm :frowning:

i have also domains without numbers they have also the 403, the user and group have no number.

Did you also make sure nine was a secondary group for the Apache user?