1 Topic by fdj (edited by fdj 2017-05-26 03:37:24)

  • fdj
  • Member
  • Offline
  • Registered: 2017-02-15
  • Posts: 14

Topic: [SOLVED] Roundcube permissions

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.6 MARIADB edition
- Linux/BSD distribution name and version: CentOS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
====

I made a mistake running a command, this command:

chmod -R nginx:nginx /var/www/roundcubemail/*

Now I can't access my RoundCube webmail. I get the following error when trying to access it from the internet:

Access denied.

I have tried fixing the ownership as following:
1. All files owned by root
2. "temp" and "logs" owned by nginx
3. Files in config directory owned by nginx

However, I still can't access the webmail. Does anyone know how to properly set the ownership (I couldn't find anything else than the above)?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: [SOLVED] Roundcube permissions

Any error in /var/log/maillog after you trying to login to Roundcube?

3 Reply by fdj (edited by fdj 2017-05-22 20:09:30)

  • fdj
  • Member
  • Offline
  • Registered: 2017-02-15
  • Posts: 14

Re: [SOLVED] Roundcube permissions

Thank you for the answer.

I should have been explaining myself more clearly, I cannot even get access to the website. It is when I try to go to mail.[mydomain].com, which is where I normally access Roundcube, that my browser, firefox, says "Access denied.".

It happened after ruining my permissions for Roundcube by running the command as mentioned in my last message. I think the solution just would be to set the standard ownership in Roundcube, as I have not changed anything else. May I ask what the standard ownerships is, because I have changed the ownerships to the ones mentioned in the last message, but that does not solve the problem, even though I thought those were the standard ownerships of the files and folders for Roundcube.

I have below listed the output I get regarding the permissions and ownership of the Roundcube installation if that helps pinpointing the problem(s), as I do not know what else to do to solve the problem, as it were the command that changed the ownership of the installation that made the RoundCube webmail inaccessible.

[root@mail user]# ls -la /var/www/roundcubemail
lrwxrwxrwx 1 root root 28 Mar 19 02:18 /var/www/roundcubemail -> /var/www/roundcubemail-1.2.4

[root@mail user]# ls -la /var/www/roundcubemail/
total 276
drwxr-xr-x 13 root  root    4096 Mar 19 02:19 .
drwxr-xr-x  6 root  root    4096 Mar 19 02:19 ..
drwxr-xr-x  2 root  root    4096 Mar 19 02:18 bin
----------  1 root  root  139705 Mar 10 17:40 CHANGELOG
-rw-r--r--  1 root  root    1353 Mar 10 17:40 composer.json-dist
drwxr-xr-x  2 root  root    4096 Mar 19 02:19 config
-rw-r--r--  1 root  root    2015 Mar 19 02:19 .htaccess
-rw-r-----  1 root  root   12412 Mar 10 17:40 index.php
----------  1 root  root    9954 Mar 10 17:40 INSTALL
d---------  3 root  root    4096 Mar 19 02:18 installer
----------  1 root  root   35147 Mar 10 17:40 LICENSE
drwxr-xr-x  2 nginx nginx   4096 Mar 19 02:18 logs
drwxr-xr-x 37 root  root    4096 May 21 22:06 plugins
drwxr-xr-x  8 root  root    4096 Mar 19 02:18 program
drwxr-xr-x  3 root  root    4096 Mar 19 02:18 public_html
----------  1 root  root    3736 Mar 10 17:40 README.md
-rw-r--r--  1 root  root      26 Mar 10 17:40 robots.txt
drwxr-xr-x  4 root  root    4096 Mar 19 02:18 skins
d---------  7 root  root    4096 Mar 19 02:18 SQL
drwxr-xr-x  2 nginx nginx   4096 Mar 21 20:25 temp
----------  1 root  root    3403 Mar 10 17:40 UPGRADING
drwxr-xr-x  8 root  root    4096 Mar 10 17:41 vendor

Any suggestions or help would be happily appreciated.

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: [SOLVED] Roundcube permissions

Dear @fdj,

Did you get any related error log in Nginx log file? It's helpful to help troubleshoot and understand what the real problem is.

5 Reply by fdj

  • fdj
  • Member
  • Offline
  • Registered: 2017-02-15
  • Posts: 14

Re: [SOLVED] Roundcube permissions

Thank you for the answer.

I have reviewed the log of Nginx in /var/mail/roundcubemail/logs/, and there were nothing. Secondly, I have also been looking in /var/log/maillog, and also there were nothing of interest to the problem (it was just emails rejected and so forth).

I tried reinstalling iRedMail on a new machine, and now have the same ownership and permission on the Roundcube files on the server as a new installation, but still gets the same error when trying to access Roundcube through the web browser:

Access denied.

6 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: [SOLVED] Roundcube permissions

*) Nginx log file is /var/log/nginx/*.log.
*) Do you have any firewall device in front of your mail server?

7 Reply by fdj

  • fdj
  • Member
  • Offline
  • Registered: 2017-02-15
  • Posts: 14

Re: [SOLVED] Roundcube permissions

Thank you, now I see some errors useful to solve the problem.

I get the following errors in the nginx log files:

[root@mail nginx]# gunzip error.log-20170524.gz && cat error.log-20170524
2017/05/23 18:35:17 [error] 2108#0: *1 FastCGI sent in stderr: "PHP message: PHP Fatal error:  Class 'Httpful\Bootstrap' not found in /var/www/roundcubemail-1.2.4/plugins/carddav/carddav_common.php on line 25" while reading response header from upstream, client: 159.148.186.25, server: mail.[domain].com, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm/php-fpm.socket:", host: "mail.[domain].com"
2017/05/23 20:11:00 [error] 2108#0: *5 FastCGI sent in stderr: "PHP message: PHP Fatal error:  Class 'Httpful\Bootstrap' not found in /var/www/roundcubemail-1.2.4/plugins/carddav/carddav_common.php on line 25" while reading response header from upstream, client: 213.152.161.35, server: mail.[domain].com, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm/php-fpm.socket:", host: "mail.[domain].com"
2017/05/23 20:52:31 [error] 14621#0: *2 FastCGI sent in stderr: "PHP message: PHP Warning:  Unknown: failed to open stream: Permission denied in Unknown on line 0
Unable to open primary script: /var/www/roundcubemail/index.php (Permission denied)" while reading response header from upstream, client: 109.202.107.15, server: mail.[domain].com, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm/php-fpm.socket:", host: "mail.[domain].com"
2017/05/23 20:52:35 [error] 14621#0: *2 FastCGI sent in stderr: "PHP message: PHP Warning:  Unknown: failed to open stream: Permission denied in Unknown on line 0
Unable to open primary script: /var/www/roundcubemail/index.php (Permission denied)" while reading response header from upstream, client: 109.202.107.15, server: mail.[domain].com, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm/php-fpm.socket:", host: "mail.[domain].com"
2017/05/23 20:56:38 [error] 14621#0: *5 FastCGI sent in stderr: "PHP message: PHP Warning:  Unknown: failed to open stream: Permission denied in Unknown on line 0
Unable to open primary script: /var/www/roundcubemail/index.php (Permission denied)" while reading response header from upstream, client: 109.202.107.15, server: mail.[domain].com, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm/php-fpm.socket:", host: "mail.[domain].com"
2017/05/23 20:56:39 [error] 14621#0: *5 FastCGI sent in stderr: "PHP message: PHP Warning:  Unknown: failed to open stream: Permission denied in Unknown on line 0
Unable to open primary script: /var/www/roundcubemail/index.php (Permission denied)" while reading response header from upstream, client: 109.202.107.15, server: mail.[domain].com, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm/php-fpm.socket:", host: "mail.[domain].com"
2017/05/23 21:01:54 [error] 15660#0: *1 FastCGI sent in stderr: "PHP message: PHP Warning:  Unknown: failed to open stream: Permission denied in Unknown on line 0
Unable to open primary script: /var/www/roundcubemail/index.php (Permission denied)" while reading response header from upstream, client: 109.202.107.15, server: mail.[domain].com, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm/php-fpm.socket:", host: "mail.[domain].com"
2017/05/23 21:01:55 [error] 15660#0: *1 FastCGI sent in stderr: "PHP message: PHP Warning:  Unknown: failed to open stream: Permission denied in Unknown on line 0
Unable to open primary script: /var/www/roundcubemail/index.php (Permission denied)" while reading response header from upstream, client: 109.202.107.15, server: mail.[domain].com, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm/php-fpm.socket:", host: "mail.[domain].com"
2017/05/23 21:02:17 [error] 15660#0: *5 FastCGI sent in stderr: "PHP message: PHP Warning:  Unknown: failed to open stream: Permission denied in Unknown on line 0
Unable to open primary script: /var/www/roundcubemail/index.php (Permission denied)" while reading response header from upstream, client: 109.202.107.15, server: mail.[domain].com, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm/php-fpm.socket:", host: "mail.[domain].com"
2017/05/23 21:05:38 [error] 16050#0: *1 FastCGI sent in stderr: "PHP message: PHP Warning:  Unknown: failed to open stream: Permission denied in Unknown on line 0
Unable to open primary script: /var/www/roundcubemail/index.php (Permission denied)" while reading response header from upstream, client: 109.202.107.15, server: mail.[domain].com, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm/php-fpm.socket:", host: "mail.[domain].com"
2017/05/23 21:06:12 [error] 16050#0: *4 FastCGI sent in stderr: "PHP message: PHP Warning:  Unknown: failed to open stream: Permission denied in Unknown on line 0
Unable to open primary script: /var/www/roundcubemail/index.php (Permission denied)" while reading response header from upstream, client: 109.202.107.15, server: mail.[domain].com, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm/php-fpm.socket:", host: "mail.[domain].com"
2017/05/24 01:55:34 [error] 16050#0: *18 directory index of "/var/www/html/" is forbidden, client: 106.75.90.187, server: _, request: "GET / HTTP/1.0", host: "185.177.23.21:443"
2017/05/24 08:22:43 [emerg] 16050#0: open() "/var/log/nginx/access.log" failed (13: Permission denied)
2017/05/24 08:22:43 [emerg] 16050#0: open() "/var/log/nginx/error.log" failed (13: Permission denied)

I will try to experiment with changing the permissions, but could you help me understand how to set the permissions correctly?

8 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: [SOLVED] Roundcube permissions

fdj wrote:

2017/05/23 18:35:17 [error] 2108#0: *1 FastCGI sent in stderr: "PHP message: PHP Fatal error:  Class 'Httpful\Bootstrap' not found in /var/www/roundcubemail-1.2.4/plugins/carddav/carddav_common.php on line 25" while reading response header from upstream, client: 159.148.186.25, server: mail.[domain].com, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm/php-fpm.socket:", host: "mail.[domain].com"

So you're using a third-party Roundcube plugin "carddav" and it doesn't find required module/library.
Please try to disable this plugin first in Roundcube config file, then access Roundcube again. If it doesn't work, show us the NEW error log please.

9 Reply by fdj

  • fdj
  • Member
  • Offline
  • Registered: 2017-02-15
  • Posts: 14

Re: [SOLVED] Roundcube permissions

Thank you for the help once again, as disabling the plugin and then changing the permissions of index.php solved this problem. I just didn't suspect the plugin, as it hadn't given me any trouble before.