Creating a site with 'dev' inside it's domain name fails, o1.ftp can't open it, get's forbidden syntax.

Here is the log of the creation.
http://pastebin.com/YafEMiEb

Creating a symlink makes the site accessible.
With dev in the name it also get's wrong file permissions and ownership.
Is this a feature? Is it documented?

Greetings, Daniel

Comments

omega8cc’s picture

omega8cc CreditAttribution: omega8cc commented
Project: Barracuda » Octopus
Component: Code » Miscellaneous
Status: Active » Postponed (maintainer needs more info)

What you mean by "Creating a site with 'dev' inside it's domain name fails"? Attached task log shows properly provisioned site, without any errors. Using "dev" without the dot has no impact on anything, and your permissions issues are not related here - please provide more details on this.

The path access problem is separate. I guess it is because we have "eval" blacklisted in the limited shell configuration.

Also, please follow bug/support submission guidelines.

danielbeeke’s picture

danielbeeke CreditAttribution: danielbeeke commented

Normally when we create a site the files get owned by the user o1.ftp, when using 'eval' inside the domain name the files get owned by o1 instead of o1.ftp also the group is wrong.

First I thought it was because of dev inside the domain name but it looks it is because of eval.
So the log shows a site that is working fine, but not with the user o1.ftp. That is the bug.

cat octopus_log.txt

Thu Sep 20 18:02:10 CEST 2012 / Debian.squeeze i686 / Aegir BOA-2.0.3 / Octopus BOA-2.0.3 / FPM 5.3 / CLI 5.3
Mon Nov  5 19:29:46 CET 2012 / Debian.squeeze i686 / Aegir HEAD / Octopus BOA-2.0.4-dev / FPM 5.3 / CLI 5.3
Fri Nov  9 08:05:31 CET 2012 / Debian.squeeze i686 / Aegir BOA-2.0.4 / Octopus BOA-2.0.4 / FPM 5.3 / CLI 5.3
Sun Nov 11 22:50:36 CET 2012 / Debian.squeeze i686 / Aegir BOA-2.0.4 / Octopus BOA-2.0.4 / FPM 5.3 / CLI 5.3

cat /var/aegir/config/includes/barracuda_log.txt

Thu Sep 20 17:54:28 CEST 2012 / Debian.squeeze i686 XEN / Aegir BOA-2.0.3 / Barracuda BOA-2.0.3 / Nginx 1.3.0 / PHP 5.2.17 and 5.3.13 / MODERN-YES / FPM 5.3 / CLI 5.3 / MariaDB-5.5.27 localhost / Wildcard YES
Mon Nov  5 19:09:00 CET 2012 / Debian.squeeze i686 XEN / Aegir HEAD / Barracuda BOA-2.0.4-dev / Nginx 1.3.8 / PHP 5.2.17 and 5.3.18 / MODERN-YES / FPM 5.3 / CLI 5.3 / MariaDB-5.5.28 localhost / Wildcard YES
Fri Nov  9 07:59:25 CET 2012 / Debian.squeeze i686 XEN / Aegir BOA-2.0.4 / Barracuda BOA-2.0.4 / Nginx 1.3.8 / PHP 5.2.17 and 5.3.18 / MODERN-YES / FPM 5.3 / CLI 5.3 / MariaDB-5.5.28 localhost / Wildcard YES
Sun Nov 11 22:47:51 CET 2012 / Debian.squeeze i686 XEN / Aegir BOA-2.0.4 / Barracuda BOA-2.0.4 / Nginx 1.3.8 / PHP 5.2.17 and 5.3.18 / MODERN-YES / FPM 5.3 / CLI 5.3 / MariaDB-5.5.28 localhost / Wildcard YES
Tue Dec 18 19:11:40 CET 2012 / Debian.squeeze i686 XEN / Aegir BOA-2.0.4 / Barracuda BOA-2.0.4 / Nginx 1.3.8 / PHP 5.2.17 and 5.3.18 / MODERN-YES / FPM 5.3 / CLI 5.3 / MariaDB-5.5.28a localhost / Wildcard YES
Thu Dec 27 08:33:05 CET 2012 / Debian.squeeze i686 XEN / Aegir BOA-2.0.5 / Barracuda BOA-2.0.5 / Nginx 1.3.9 / PHP 5.2.17 and 5.3.20 / MODERN-YES / FPM 5.3 / CLI 5.3 / MariaDB-5.5.28a localhost / Wildcard YES

cat .o1.octopus.cnf

###
### Configuration created on 120920-1755 with
### Octopus version BOA-2.0.3
###
### NOTE: the group of settings displayed bellow
### will *override* all listed settings in the Octopus script.
###
_USER="o1"
_MY_EMAIL="our@mail.com"
_PLATFORMS_LIST="D7P D7S D7D D6P D6S D6D OAM"
_AUTOPILOT=YES
_HM_ONLY=NO
_O_CONTRIB_UP=NO
_DEBUG_MODE=NO
_MY_OWNIP=
_FORCE_GIT_MIRROR=""
_THIS_DB_HOST=localhost
_DNS_SETUP_TEST=NO
_HOT_SAUCE=NO
_USE_CURRENT=YES
_REMOTE_CACHE_IP=127.0.0.1
_LOCAL_NETWORK_IP=
_PHP_FPM_VERSION=5.3
_PHP_CLI_VERSION=5.3
###
### NOTE: the group of settings displayed bellow will be *overriden*
### by config files stored in the /data/disk/o1/log/ directory,
### but only on upgrade.
###
_DOMAIN="o1.our.hosting.com"
_CLIENT_EMAIL="our@mail.com"
_CLIENT_OPTION="CLASSIC"
_CLIENT_SUBSCR="M"
_CLIENT_CORES="4"
###
### Configuration created on 120920-1755 with
### Octopus version BOA-2.0.3
###
_ALLOW_UNSUPPORTED=NO
_USE_STOCK=NO
omega8cc’s picture

omega8cc CreditAttribution: omega8cc commented
Title: Creating a site with 'dev' inside it's domain name fails, o1.ftp can't open it, get's forbidden syntax. » Too restrictive command filtering in the limited shell may breaks access to sites with restricted string in the name
Component: Miscellaneous » Code
Status: Postponed (maintainer needs more info) » Fixed

It is correct and expected behaviour because Aegir system user is separate, yet, it manages correct permissions and if you will mess them up, the running daily script fixes them and to make it easier, changes also ownership to your SSH/FTPS user, where applicable, but it doesn't mean that Aegir itself is doing anything wrong with permissions/ownership. The "eval" thing is completely unrelated to permissions/ownership.

I'm going to close this issue, because I can't reproduce the permissions problem, while the original problem has been fixed in HEAD: http://drupalcode.org/project/octopus.git/commit/bcec1f1

Feel free to open separate issue if you can provide a list of steps to reproduce the permissions related problem you are experiencing.

Thanks for the report!

omega8cc’s picture

omega8cc CreditAttribution: omega8cc commented
Title: Too restrictive command filtering in the limited shell may breaks access to sites with restricted string in the name » Too restrictive command filtering in the limited shell breaks access to sites with restricted string in their name or path

Fixed the subject.

danielbeeke’s picture

danielbeeke CreditAttribution: danielbeeke commented

Okay, thanks, will try to recreate in head and reopen the ticket if so.

Thanks!

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.