Permissions conflict

hi today i faced an issue with all of my virtual servers. when i create a new server and try to access its giving error of

AH00035: access to / denied (filesystem path '/home/dasdasdasd/public_html') because search permissions are missing on a component of the path

i searched this error and try to

chmod 777 /home/dasdasdasd -R

after that i can access .html files but when i try to access php files its showing this error

[pid 19104] (13)Permission denied: AH02454: FCGI: attempt to connect to Unix domain socket /var/php-fpm/167326517610367.sock (*) failed

can any one help me on this problem? thank you

SYSTEM INFORMATION
OS type and version centos7
Webmin version 2.010
Virtualmin version 7.5
Related packages php-fpm / apache

@dreamenemy,

Never give your home directory 777 permission, this means ANYONE accessing the server can go into the that home directory. Big NO NO.

1 Like

i know but i was just testing

@dreamenemy,

It seems like more of a file ownership issue with the “.sock” file. Have you tried restarting php-fpm? Also you should consider upgrading from CentOS 7.

i already try to restarting php-fpm, upgrading from centos is not in context.

@dreamenemy,

Try changing the PHP execution mode from “Server Configuration > PHP Options”, then back. This may fix the problem.

Setting permissions to 777 will cause suexec to fail (I don’t know if php-fpm does the same, but it probably has similar protections against very dangerous permissions). You can literally break a working site by setting permissions to 777. Don’t do that for testing, either, because it isn’t supposed to work with 777.

Hi, when i try to delete 1 domain everything went back to normal. i fix the permissions as you guys told. But when i try to add new virtual server all my domains went down and giving 403 error. When i checked the logs its saying

AH00035: access to / denied (filesystem path '{myPath}') because search permissions are missing on a component of the path

then when i delete a domain everything somehow being fixed.

is there any solution for this problem?

I still don’t know what the problem is. I can’t figure out what you’re doing that triggers the problem.

Are you modifying the path of the domain home? I’m trying to figure out how any one domain could effect others unless you’re somehow convincing Virtualmin to put it into another user’s home…and chowning it to the new one.

How did you install Virtualmin? Where are your domain homes being stored in the file system?

The error is saying / lacks permissions, which doesn’t make sense. I can’t imagine any reason for the permissions on / to have changed such that world x has been removed.

What is happening for you has never happened for anybody, as far as I know. So…solution? I don’t know. Figure out what you did differently, and don’t do that, I guess?

Hi joe thank you for your feedback, i have been troubleshooting 2 days and figured out the problem but dont know what and why its is happening.

When i created a new virtual server let’s call it gb_admin, looks like the virtualmin is adding the apache to the gb_admin group. its working very well until 8. virtual server.

When i create 9. virtual server, apache being added to new group and still everything seems legit. But apache couldn’t access public_html folder due permission error. I have manage the fix this issue with multiple ways.

  • Giving 0755 perm to the gb_admin and public_html folders (gb_admin:gb_admin)
  • Changing user of the gb_admin and public_html folders to the apache (apache:gb_admin)
  • Changing group of the gb_admin and public_html folders to the apache (gb_admin:apache)

Everything worked fine with these methods, but I still couldn’t understand why apache was still giving permission error even though apache was already in gb_admin group. Is this a centos thing?. Thank you all for helps. Im newbie for virtualmin.

Are you running on a very old NFS network storage device?

This sounds like a secondary groups limit. Linux does not have a secondary groups limit you’d ever run into, but some old BSDs and some network storage devices do. Old BSD limit was 16, though, and I thought the old NFS limit was the same, but 8 is just one fewer bits, so maybe that’s it.

Edit: It is definitely not a CentOS 7 thing. No Linux version we’ve ever supported has an unreasonably small secondary groups limit. BSDs did up until a few years ago (and I wrote docs for kernel recompile to fix it). We still get reports about NFS servers every now and then, though.