[Solution] Yunohost incompatible to DietPi software installer (admin panel not working, wrong permissions in /var/www)

hey there,

after the installation of samba and a reboot I’ve several problems - (yes - just the installation of samba, nothing else)

  • my nextcloud instance complains about a not-writable config-directory
  • the login to the admin-panel doesn’t work. It just states that my password is wrong, which is not possible. I haven’t changed it and it’s saved in my password manager.
  • SSO works and I can login to the userinterface
  • TinyTinyRSS and Linux-Dash works as well
  • Wallabag just shows a blank page

It happened before (that’s my second try, the last one was several weeks ago) but I just installed everything from scratch. I want to avoid that - really!

My system: XU4 with a Cloudshell, Dietpi based on Debian - Kernel 3.x

EDIT: If I take a look in the access-log of my domain there’s something fishy in here:
xx - 0x0000001 [10/Dec/2017:19:20:04 +0000] “GET /wallabag/ HTTP/1.1” 500 5 “-” "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0"
xx - - [10/Dec/2017:19:20:04 +0000] “POST /wallabag/oauth/v2/token HTTP/1.1” 500 5 “-” "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0"
xx - - [10/Dec/2017:19:20:04 +0000] “GET /favicon.ico HTTP/1.1” 302 154 “-” "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0"
xx - 0x0000001 [10/Dec/2017:19:20:04 +0000] “GET /yunohost/sso/ HTTP/1.1” 200 1141 “-” “Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”

It seems, that my SSO is somewhat defective (error 500 while accessing wallabag), what’s strange, that I’m still able to access other apps and the user-interface…

EDIT2: Ok - now I’m definitely sure, that the dietpi-software installer (dietpi has a beautiful interface for installing “optimized” software, which is pretty neat) messes around with the permissions of the www folder…
How can I correct this?

Here the error-log:
error-log

crossreference to the dietpi-forums thread to this topic:
thread on dietpi-forums

Well yup, trying to understand problems and fixing them instead of reinstalling is the good attitude :thumbsup: :sweat_smile:

As far as I understand, the issue is with the permission of the www folder (as your edit message says ?)

So what does this command says ?

ls -ld /var/www

Thanks for your - pretty fast - reply.
And yes I’m fed up with reinstalling because of such a simple thing like a softwareinstallation.

Well - I’ve to correct the first post (once again! :D)
the permissions seem ok - it’s still writable by the user www-data
drwxrwxr-x 7 www-data www-data 4096 Dec 6 17:39 /var/www

So the permissions aren’t the problem - but why does wallabag and nextcloud complain about the permission if they’re ok?

Hmmm that might be the issue : on two of my instances, I have the following permissions for /var/www :

 > ls /var/www -dl
drwxr-xr-x 11 root root 1024 May 11  2017 /var/www

(though ‘other’ still has rx permissions so that should be fine anyway :/)
(EDIT : ah ! but that should explain the non-writable config directory!)
(EDIT2 : hm actually nope)

And nextcloud has :

 > ls /var/www -l
drwxr-xr-x 14 nextcloud nextcloud 1024 May 11  2017 nextcloud

After having problems with logging in to the forums, finally an answer and why this all happened. But I still need some help to solve the last remaining issue.

The solution for one of my problems: (thanks to aleks - some apps have a specific user for their respective directories - user nextcloud for the nextcloud directory and the user wallabag for the wallabag directory.

A simple chown -R user:user directory and chmod -R 755 directory brought my nextcloud and wallabag back to life.

But first the answer from the main developer of dietpi about the permission issue in the /var/www folder:
grabbed from here!

Quote:

When running dietpi-software and installing any software title (regardless of nextcloud), DietPi will set www-data permissions to /var/www:
https://github.com/Fourdee/DietPi/blob/master/dietpi/dietpi-software#L8585-L8587
This is generally considered “standard Linux practice”. Ensuring restricted permissions to web applications.
As yunohost uses a different user for NextCloud, this would render it incompatible. (yunohost.app, from what I can work out in their installer script)

In regards to the yunohost install script, it appears its a closed and highly customized one use system that is designed to operate with their methods of installation/configuration.

We do something similar in DietPi, however, we focus on ensuring a stock Linux experience (eg: www-data for web apps), and standard Linux changes are compatible.

I think the only way DietPi (+ manual stock Linux installs) and yunohost would be compatible, is if yunohost could accommodate existing installs of the supported applications, instead of requiring a non-standard custom installation via their install scripts.

As it stands at the moment, there is simply too much customization of yunohost’s installation, outside of the standard of Linux, for us to support.
yunohost’s installer is by no means a bad thing, ensures the software operates as intended, however, it can limit use of other software outside its scope.

The next thing is that I’m still not able to login to the admin panel - SSO is working as usual. It still just says “Wrong password” (which isn’t the case - I’ve saved the password in a passwordmanager and never changed it since installation)

the nginx error log doesn’t have any entries. The access log just says error 401, which is ok. But after a login it should be 200 for a successful login. It doesn’t even seem to check the password, it just fails.

A reset of the adminpassword helped to get access to the adminpanel again, see here:

I’m now very happy about having a working yunohost server again :wink: