User, groups and permissons

#1
Hi there,

I have some questions in regards to the proper configuration of LiteSpeed (and CyberPanel):

1. Default LiteSpeed is running as user(nobody) : group(nobody) - do I need to change this?
2. What is the proper user, group and permission to set to the a web-site folder (xyz.com) including the sub-folder: logs, lscache and public_html to prevent outside intruders?

I'm asking because I have manually been forced to set everything up myself. Meaning I have extracted a complete web-site backup
from CyberPanel and then all these settings got messed up. I needed to extract the backup manually because CyberPanel for some reason
didn't extract all files and folder (even though they exist in the tar.gz achieve file).

Currently the user, group and permissions look like this:

drwxr-xr-x 2 testo8904 nogroup 4096 Dec 29 11:32 logs
drwxrws--- 10 nobody testo8904 4096 Dec 29 13:44 lscache
drwxr-xr-x 31 testo8904 nogroup 4096 Dec 29 12:05 public_html

Folder "src" and file "test.html" in folder public_html - as examples of data inside the one of the folders:
drwxr-xr-x 5 testo8904 testo8904 4096 Dec 28 23:14 src
-rwxr-xr-x 1 testo8904 testo8904 142 Dec 28 23:13 test.html

Thank you so much in advance.
 
#3
1. What exactly do you mean by CyberPanel would be responsible? CyberPanel is just a admin UI tool? It's LiteSpeed which processes all www requests?
2. So I should run "chmod 700/770/750 -R [path]", for the 3 folders?
3. What about the user and group owners? Should I change these as well?
 
#6
Yes thank you: That's is the same as my comment: "chmod 700/770/750 -R [path]".
But this only sets the permissions. But you didn't answer if I should change the user and group for the folders as well?
 

serpent_driver

Well-Known Member
#7
public_html == User: nobody, Group Name: Account Name, File: drwxrws
logs == User: Account Name, Group Name: Account Name, File: drwx
lscache == User: nobody, Group Name: Account Name, File: drwxrws
 
#8
Just to confirm. So according to my setup and to my understanding, this would be the commands I would need to run?

sudo chown nobody:testo8904 /home/xyz.com/public_html
sudo chmod 750 /home/xyz.com/public_html

sudo chown testo8904:testo8904/home/xyz.com/logs
sudo chmod 700 /home/xyz.com/logs

sudo chown nobody:testo8904/home/xyz.com/lscache
sudo chmod 770 /home/xyz.com/lscache
 
#11
Hi again,

Before I asked the question in here I sent the same questions to LiteSpeed technical support and they gave me this answer here:
  1. Default LiteSpeed is running as user(nobody) : group(nobody) - do I need to change this?
    You don't need to change anything that should be run as nobody and nothing wrong in it.
  2. What is the proper user, group and permission to set to the a web-site folder including the sub-folder: logs, lscache and public_html to prevent outside intruders?
    The user should be the user of site like you have a domain name abcd and the domain owner is like ABC then all folder and everything under the website directory has that user. Permission for directories are 755 and for files its 644.

    To me this sound like I need to run: chown testo8904:testo8904 /path/to/public_html or lscache or logs - or maybe I misunderstand?
I also realized that CyberPabel has a "Fix permission" button in their "File manager". So I marked each of the 3 folder separately and clicked the button. It ended up setting this: Logs to 755 (you mentioned 700), LsCache to 770 and public_html to 750. But it did not change the actual owner-user or group on any of the folders or its content.

My site was already working before these changes - due to I had set everything to 775. Again, I just wanted to optimize and ensure I haven't opened up too much.

So the remaining question would now be like:

Should I run this:

Option A:
sudo chown nobody:testo8904 /home/xyz.com/public_html
sudo chown testo8904:testo8904/home/xyz.com/logs
sudo chown nobody:testo8904/home/xyz.com/lscache

or

Option B:
sudo chown testo8904:testo8904/home/xyz.com/ [on_all_3_folders]?

LiteSpeed is running as user(nobody) : group(nobody) but the website CyberPanel set up is running using the user it also created testo8904.
As you can tell I'm not an expert in Linux security, but I also think it's easy to get a bit confused about and maybe it also comes down to personal preferences?

Please let me know what you think :) Thank you so much!
 

serpent_driver

Well-Known Member
#12
Ownership for /lscache may be vary and could, again it could depend on where /lscache directory is located. On most but not all Shared Hostings /lscache dir is located within account dir. On dedicated server it is in /home dir, so ownerships depends on where your /lscache dir is located.

Dedicated server or VPS and if /lscache dir is in /home dir: user(nobody) : group(nobody)
Shared Hosting and if /lscache dir is in account dir: user(nobody) : group(account)
 
#13
In my ubuntu 20.04 server all 3 folders are placed here in the same folder /home/xyz.com/

So the correct choice would still be to execute the commands below, right?

Option A:
sudo chown nobody:testo8904 /home/xyz.com/public_html
sudo chown testo8904:testo8904/home/xyz.com/logs
sudo chown nobody:testo8904/home/xyz.com/lscache
 
#15
I have now executed the 3 commands :) Ah okay - nice to know as well :) I just tried to delete the lscache folder and it got 770 again :) Thank you so much!

1. I don't know if you can assist me with this as well: LS show this info on/off when I login: https://tinyurl.com/2oyscgy4 I able to setup new web-sites via CyberPanel but only with DNS. CyberPanel just stalls when I try to setup a "Test site" / a site without DNS (it would be nice to be able to setup a new web-site first, tune and test it before connecting DNS in the setup).

2. My site currently get "hit" by the LS cache module I have installed in my PrestaShop site (which to my understand also mean that the crawler is working as well? According to LS docs: As long as I see "hit" both should be working? But now I see you are referring Kitt. in your Bio, would that increase the speed of my PrestaShop even further? :) And is it difficult to setup / would I need to disable something in my existing setup before I install Kitt?

All you help is highly appreciated! :) Thank you
 

serpent_driver

Well-Known Member
#16
I start with 2.) :)

2. My site currently get "hit" by the LS cache module I have installed in my PrestaShop site (which to my understand also mean that the crawler is working as well?
Hit header is like a confirmation that the requested URL has been cached, but it doesn't matter who and what the request does. This is not limited by the crawler. For the case you don't know it, one URL can have unlimited different cache copies. Why? This depends on the use of cache varies. Read more about cache vary in documentation.

would that increase the speed of my PrestaShop even further?
Yes and no. Kitt is a custom cache crawler application. Basically, it does what the LS crawler script does, but only basically. Kitt is up to 50 x faster than the crawler script (200,000 URLs in 1 hour) and causes only half the load. Especiall Kitt comes with completey new cache varies, because the cache varies from the cache plugin for PS are unsufficient and buggy. Kitt also don't know any limits, so Kitt has no timeout if you run it GUI Version, but can also be executed as cron. And yes, with Kitt your page is faster, because you need less time to warmup the cache. And the new cache varies guarantees
that all different kind of visitors get cached pages.

Installation is simple. Kitt has an installer where you only have to enter data for DB access. That's it.

For 1.) You better should ask LS support. I don't know how CyberPanel works. I have cPanel.
 
#18
Hi there :) I have managed to make the "Kitt Cache Crawler Requirement Test" verify 100% green :) But for reasons I currently don't understand. I get error 500 when I try to access: https//xyz.com/kitt_folder.

1. I transferred the .zip file to my server in the tmp folder
2. I extracted the archive
3. I moved the kitt folder to the public_html folder / my prestashop's root dir -> exactly like your guidelines tells me to do:

/app
/bin
/cache
/classes
...
/kitt_directory
/purge.php
/403.shtml
/404.shtml

4. I have changed owners of the kitt folder and the 3 files like this (they were extracted and given the ROOT role):

chown -R testo8904:testo8904 -R /home/xyz.com/public_html/kitt
chown -R testo8904:testo8904 /home/xyz.com/public_html/403.shtml
chown -R testo8904:testo8904 /home/xyz.com/public_html/404.shtml
chown -R testo8904:testo8904 /home/xyz.com/public_html/purge.php

I have even tried to change permission via chmod to 777.

I have even asked ChatGPT if my .htaccess content blocks the path to kitt ...haha... but it didn't seems like there was something wrong...

While I was writing all this a just checked the log file of LiteSpeed (the web-site itself loads fine, but not kitt) - maybe this has something to do with it? If it does please instruct me exactly how to fix it...because right now I have been struggling for way too many hours ;)

2023-01-01 20:51:11.982604ERROR[12277] [T0] [config:scripthandler] Can not find External Application: lsphp56, type: lsapi2023-01-01 20:51:11.982606ERROR[12277] [T0] [config:scripthandler] use static file handler for suffix [php56]2023-01-01 20:51:11.982610ERROR[12277] [T0] [config:scripthandler] Can not find handler with type: 17, name: lsphp70.2023-01-01 20:51:11.982612ERROR[12277] [T0] [config:scripthandler] Can not find External Application: lsphp70, type: lsapi2023-01-01 20:51:11.982614ERROR[12277] [T0] [config:scripthandler] use static file handler for suffix [php70]2023-01-01 20:51:11.982618ERROR[12277] [T0] [config:scripthandler] Can not find handler with type: 17, name: lsphp71.2023-01-01 20:51:11.982620ERROR[12277] [T0] [config:scripthandler] Can not find External Application: lsphp71, type: lsapi2023-01-01 20:51:11.982622ERROR[12277] [T0] [config:scripthandler] use static file handler for suffix [php71]2023-01-01 20:51:11.984545ERROR[12277] [T0] [/usr/local/lsws/conf/vhosts/xyz.com/vhost.conf:34] Listener for _default_ is not available.2023-01-01 20:51:11.984545ERROR[12277] [T0] [/usr/local/lsws/conf/vhosts/xyz.com/vhost.conf:34] Listener for _default_ is not available.
[Sun Jan 1 20:51:11 2023] [notice] Finish reading Apache configuration, server configured -- resuming normal operations
 
Top