All apps do not start after update (permission denied)

What type of hardware are you using: VPS bought online
What YunoHost version are you running: 12.0.16
How are you able to access your server: SSH
Are you in a special context or did you perform specific tweaking on your YunoHost instance ?: no

Describe your issue

Upgraded today the system. After this, the services of the installed apps does not start anymore. Log shows Permission denied., same for all apps: forgejo, hedgedoc, minetest, open-web-calendar, wekan
All apps in /var/www have www-data as user and group
I post this here and not in app, as it is a general problem after update of base system

Share relevant logs or error messages

  • Changing to the requested working directory failed: Permission denied
  • forgejo.service: Failed at step CHDIR spawning /var/www/forgejo/forgejo: Permission
    hastebin

wekan.service: Changing to the requested working directory failed: Permission denied
wekan.service: Failed at step CHDIR spawning /opt/node_n/n/versions/node/14/bin/node: Permission denied

Did you chown your www folder?
Some apps have $app:$app ownership.

Actually, all apps have www-data as owner and as group. I did just run the first the system update, after this the update of the apps. This resulted from the update.

You’ll have to check the package repo for every app you have to know which is the right ownership to set.
For example forgejo :

chown -R "$app:$app".

I changed owner/user of forgejo into forgejo:

drwxrwx---+ 3 forgejo forgejo      4096 12 mars  15:38 custom
-rwxrwx---+ 1 forgejo forgejo 109815496  2 mai   19:10 forgejo

But starting the service, I have still the same error:

forgejo.service: Changing to the requested working directory failed: Permission denied
forgejo.service: Failed at step CHDIR spawning /var/www/forgejo/forgejo: Permission denied

/home/yunohost.app/forgejo is on forgejo:forgejo as well

Tried to reinstall webcalendar, as update has deleted the app.
https://paste.yunohost.org/raw/odejoguwam
Friend having his own yunohost checked my system, said, that there is a problem with ACL records for /var/www. Oh, web interface runs, but klick on Groups and permissions hangs

Hi @mavori

…yes:
drwxrwx—+ 3 forgejo forgejo 4096 12 mars 15:38 custom
-rwxrwx—+ 1 forgejo forgejo 109815496 2 mai 19:10 forgejo

What’s the output of getfacl /var/www/forgejo ?

file: var/www/forgejo
owner: forgejo
group: forgejo
user::rwx
user:forgejo:rwx
user:yunomavori:rwx
group::r-x
mask::rwx
other::---
default:user::rwx
default:user:forgejo:rwx
default:user:yunomavori:rwx
default:group::r-x
default:mask::rwx

To add: VPS hoster has changed IP few days ago and said, “they had to reorganize the system” – but no idea, what they did. It’s a VPS with preconfigured Yunohost

Bonjour,

Est-ce que tu as une quelconque erreur ou warning dans les logs de l’upgrade ? Que toutes les apps du dossiers /var/www appartiennent à www-data après la mise à jour est le signe que qqch ne s’est pas bien passé.

Pour forgejo, les droits ont l’air correctement rétablis mais quelque chose bloque encore: soit ce sont les permissions sur /var/www, soit c’est autre chose.
Regarde ce que dit namei -l /var/www/forgejo/*, getfacl /var/www et essaie un démarrage à la main avec l’tulisateur forgejo sudo -u forgejo /var/www/forgejo/forgejoet regarde si c’est bien lui qui est censé exécuter le service: sudo systemctl cat forgejo.service.

f: /var/www/forgejo/custom
drwxr-xr-x root    root    /
drwxr-xr-x root    root    var
drwxrwx--- root    root    www
drwxrwx--- forgejo forgejo forgejo
drwxrwx--- forgejo forgejo custom
f: /var/www/forgejo/forgejo
drwxr-xr-x root    root    /
drwxr-xr-x root    root    var
drwxrwx--- root    root    www
drwxrwx--- forgejo forgejo forgejo
-rwxrwx--- forgejo forgejo forgejo
# file: var/www
# owner: root
# group: root
user::rwx
user:www-data:rwx
user:yunomavori:rwx
group::r-x
group:www-data:rwx
group:all_users:---
mask::rwx
other::---

Démarrage à la main avec l’utilisateur forgejo donne:

forgejo n'est pas autorisé à exécuter sudo sur mavori.

Es-tu en root?

Pour le reste, essaie ceci:
-droits 755 sur le dossier /var/www (sans récursivité) et sur le dossier /var/www/forgejo avec récursivité et essaie de démarrer le service. Ça doit venir de là : le répertoire /var/www n’est pas accessible aux autres.

Halleluja. after setting the rights as you said, service started. So, I have to do the same for the other apps I suppose.

:+1: Yes. I think that 750 rights might be enough for the apps. Check fisrt their rights : may be it’s not worth changing them.

Hedgedoc, Wekan and Minetest runs as well. THANKS A LOT.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.