octoleo/octojoom
21
6
Fork 0
Code Issues 5 Pull Requests Projects Releases Wiki Activity

Forbidden access after performing Fix Joomla Permissions #2

New Issue
Open
opened 2024-03-11 13:45:17 +00:00 by oxido · 3 comments
oxido commented 2024-03-11 13:45:17 +00:00
Copy Link

Octojoom v3.4.6
As it can be visible in screenshot, all the files and folder are unwritable.
I'm not 100% sure that the problem is caused by octojoom, but for sure is not capable to fix this problem.

Octojoom v3.4.6 As it can be visible in screenshot, all the files and folder are unwritable. I'm ~~not 100%~~ sure that the problem is caused by octojoom, ~~but for sure is not capable to fix this problem~~.
Screenshot of System Information - JcbBeta - Administration.jpg
68 KiB
steps 2-5.jpeg
109 KiB
steps 6-9.jpeg
116 KiB
Screenshot of System Information - JcbBeta - Administration.jpg steps 2-5.jpeg steps 6-9.jpeg
Llewellyn commented 2024-03-11 14:28:04 +00:00
Owner
Copy Link

Hmm interesting...

How much did you tweak the setup of this website? I mean did you change the entry-point?

Can you give me the docker-composer file of this system?

I can give you a quick fix... but then again knowing what went wrong is more profitable for both of us.

This is not hard to fix.... if you like connect with me on Telegram and I can try to fix this for you. But if that is to hard... then I would need to get some more info from you regarding your setup.

Hmm interesting... How much did you tweak the setup of this website? I mean did you change the entry-point? Can you give me the `docker-composer` file of this system? I can give you a quick fix... but then again knowing what went wrong is more profitable for both of us. This is not hard to fix.... if you like [connect with me on Telegram](https://t.me/llewellynvdm) and I can try to fix this for you. But if that is to hard... then I would need to get some more info from you regarding your setup.
oxido commented 2024-12-29 03:24:28 +00:00
Author
Copy Link

Hi, back again regarding this situation.
One of the problems after using "fix permissions" in octojoom is with the file ".htaccess", this file permissions are not the good ones.
"-r-------- 1 oxido oxido 6900 Dec 26 11:16 .htaccess"
(owner oxido : access - read-only), (group oxido : access - None), (others "empty" : access - None).
The permissions for "htaccess.txt" are right, so the website is working with this one.

A second problem (at least for me, now), are the group and user id set by the "fix permissions" withc by default are 1000 & 1000 and all the folders are "Unwritable" (checking this in joomla: System > System information > folder permissions tab.

If I check in terminal "id oxido" I get this: uid=1000(oxido) gid=1000(oxido) groups=1000(oxido)
If I check for "id www-data" I get this: uid=33(www-data) gid=33(www-data) groups=33(www-data)

So it will be the right choice to use 33:33 instead of 1000:1000 when I try to "fix permissions" from octojoom?
Or hould I add my user to the group 33?

Hi, back again regarding this situation. One of the problems after using "fix permissions" in octojoom is with the file ".htaccess", this file permissions are not the good ones. "-r-------- 1 oxido oxido 6900 Dec 26 11:16 .htaccess" (owner oxido : access - read-only), (group oxido : access - None), (others "empty" : access - None). The permissions for "htaccess.txt" are right, so the website is working with this one. A second problem (at least for me, now), are the group and user id set by the "fix permissions" withc by default are 1000 & 1000 and all the folders are "Unwritable" (checking this in joomla: System > System information > folder permissions tab. If I check in terminal "id oxido" I get this: uid=1000(oxido) gid=1000(oxido) groups=1000(oxido) If I check for "id www-data" I get this: uid=33(www-data) gid=33(www-data) groups=33(www-data) So it will be the right choice to use 33:33 instead of 1000:1000 when I try to "fix permissions" from octojoom? Or hould I add my user to the group 33?
Llewellyn commented 2024-12-29 20:47:10 +00:00
Owner
Copy Link

Managing File Permissions in OctoJoom:

Understanding Advanced Features

OctoJoom simplifies Docker-based Joomla deployments, offering advanced features for managing file permissions between the container and the host system. This document explains how these features work, the scenarios where they apply, and provides clarity for troubleshooting permission-related issues.

Understanding the Expert Mode in OctoJoom

OctoJoom has two user modes:

  • Basic Mode: Default mode with essential features for straightforward deployments.
  • Expert Mode: Adds enhanced configuration options for power users.

To enable Expert Mode:

  1. Start the application.
  2. Navigate to the Octojoom Settings menu.
  3. Switch to expert mode.

When Expert Mode is enabled, additional options for permission management become available.

How OctoJoom Handles File Permissions

1. Default Permissions

By default, Docker containers run as the www-data user (UID: 33, GID: 33). This ensures the web server user has the correct permissions inside the container.

2. Expert Mode Permissions

When Expert Mode is active, OctoJoom offers a feature to match the container’s user and group IDs to the host system's local user. This feature is useful for ensuring seamless file access and editing from the host system.

How It Works:

  • During the creation of a new container, OctoJoom prompts you to choose whether to align container permissions with the host user's UID and GID.
  • If enabled, the container:
    • Adjusts the Apache web server's internal user to match the host user's UID/GID.
    • Automatically updates permissions on all mounted files within the container.

This ensures that files mounted to the host system have the correct permissions, allowing the host user to edit files without restrictions.

3. Fixing Permissions

If permission issues arise (e.g., incorrect UID/GID assignments), OctoJoom provides a Fix Permissions feature:

  • This feature is only accessible in Expert Mode.
  • During the fix process, OctoJoom prompts you to specify the UID and GID to use.
  • By default, the local user ID is suggested (e.g., 1000:1000), but you can specify other values (e.g., 33:33 for www-data) based on your requirements.

Common Use Cases

Case 1: Host User Needs File Access

  • Scenario: Files need to be edited directly on the host system by the host user.
  • Solution: Enable Expert Mode and match the container’s permissions with the host user’s UID/GID.

Case 2: Default Permissions Required

  • Scenario: Files should remain accessible only to the container’s www-data user.
  • Solution: Use Basic Mode or decline the option to match permissions during container creation.

Case 3: Permission Issues After Fixing Permissions

  • Scenario: The user reports files are inaccessible after running the Fix Permissions feature.
  • Likely Cause: Expert Mode is not enabled, so the user wasn’t prompted to specify UID/GID during the fix process.
  • Solution: Enable Expert Mode, re-run Fix Permissions, and specify the correct UID/GID.

User Responsibility

  1. Advanced Features Require Expert Mode
    The ability to set custom UID/GID mappings is only available when Expert Mode is enabled. Without this, OctoJoom defaults to basic container permissions (www-data).

  2. Compatibility with Other Containers
    OctoJoom’s permission management assumes the use of its official containers or the official Joomla Docker containers. Using non-standard containers may result in unpredictable behavior, which falls outside OctoJoom’s scope.

Docker Context: Mounting Files and Permissions

When files are mounted between a container and the host system, Docker relies on UID/GID values to determine access permissions. Without OctoJoom’s advanced features, files mounted from a container may retain www-data ownership, making them inaccessible to the host user.

OctoJoom’s advanced permission-handling feature simplifies this by dynamically reconfiguring the container's web server user to match the host user’s UID/GID. This eliminates common issues like:

  • Files being "read-only" for the host user.
  • Joomla reporting folders as "unwritable" in System > System Information > Folder Permissions.

Recommendations for the User

Based on the information provided:

  1. Enable Expert Mode in OctoJoom
    This allows access to UID/GID customization features.

  2. During Container Creation:
    Choose to match container permissions with the host user (1000:1000 in this case) for seamless file access.

  3. Fixing Permissions:

    • If files remain inaccessible, ensure Expert Mode is active.
    • Re-run the Fix Permissions process and specify the correct UID/GID based on your needs:
      • Use 1000:1000 for host user access.
      • Use 33:33 for www-data defaults.

  4. Consider Adding Your User to www-data Group
    If using default www-data permissions, add your local user to the www-data group for file access:

    sudo usermod -aG www-data oxido

Conclusion

OctoJoom’s advanced permission-handling feature resolves a common Docker issue of mismatched file permissions between containers and host systems. By correctly using Expert Mode and the Fix Permissions feature, users can ensure their files are accessible and writable as needed.

For further assistance, refer to the official documentation or contact support.

# Managing File Permissions in OctoJoom: > Understanding Advanced Features **OctoJoom** simplifies Docker-based Joomla deployments, offering advanced features for managing file permissions between the container and the host system. This document explains how these features work, the scenarios where they apply, and provides clarity for troubleshooting permission-related issues. --- ## **Understanding the Expert Mode in OctoJoom** OctoJoom has two user modes: - **Basic Mode:** Default mode with essential features for straightforward deployments. - **Expert Mode:** Adds enhanced configuration options for power users. To enable Expert Mode: 1. Start the application. 2. Navigate to the **Octojoom Settings** menu. 3. Switch to **expert mode**. When Expert Mode is enabled, additional options for permission management become available. --- ## **How OctoJoom Handles File Permissions** ### 1. **Default Permissions** By default, Docker containers run as the `www-data` user (UID: 33, GID: 33). This ensures the web server user has the correct permissions inside the container. ### 2. **Expert Mode Permissions** When Expert Mode is active, OctoJoom offers a feature to match the container’s user and group IDs to the host system's local user. This feature is useful for ensuring seamless file access and editing from the host system. **How It Works:** - During the creation of a new container, OctoJoom prompts you to choose whether to align container permissions with the host user's UID and GID. - If enabled, the container: - Adjusts the Apache web server's internal user to match the host user's UID/GID. - Automatically updates permissions on all mounted files within the container. This ensures that files mounted to the host system have the correct permissions, allowing the host user to edit files without restrictions. ### 3. **Fixing Permissions** If permission issues arise (e.g., incorrect UID/GID assignments), OctoJoom provides a **Fix Permissions** feature: - This feature is only accessible in Expert Mode. - During the fix process, OctoJoom prompts you to specify the UID and GID to use. - By default, the **local user ID** is suggested (e.g., `1000:1000`), but you can specify other values (e.g., `33:33` for `www-data`) based on your requirements. --- ## **Common Use Cases** ### Case 1: **Host User Needs File Access** - Scenario: Files need to be edited directly on the host system by the host user. - Solution: Enable Expert Mode and match the container’s permissions with the host user’s UID/GID. ### Case 2: **Default Permissions Required** - Scenario: Files should remain accessible only to the container’s `www-data` user. - Solution: Use Basic Mode or decline the option to match permissions during container creation. ### Case 3: **Permission Issues After Fixing Permissions** - Scenario: The user reports files are inaccessible after running the **Fix Permissions** feature. - Likely Cause: Expert Mode is not enabled, so the user wasn’t prompted to specify UID/GID during the fix process. - Solution: Enable Expert Mode, re-run **Fix Permissions**, and specify the correct UID/GID. --- ## **User Responsibility** 1. **Advanced Features Require Expert Mode** The ability to set custom UID/GID mappings is only available when Expert Mode is enabled. Without this, OctoJoom defaults to basic container permissions (`www-data`). 2. **Compatibility with Other Containers** OctoJoom’s permission management assumes the use of its official containers or the official Joomla Docker containers. Using non-standard containers may result in unpredictable behavior, which falls outside OctoJoom’s scope. --- ## **Docker Context: Mounting Files and Permissions** When files are mounted between a container and the host system, Docker relies on UID/GID values to determine access permissions. Without OctoJoom’s advanced features, files mounted from a container may retain `www-data` ownership, making them inaccessible to the host user. OctoJoom’s advanced permission-handling feature simplifies this by dynamically reconfiguring the container's web server user to match the host user’s UID/GID. This eliminates common issues like: - Files being "read-only" for the host user. - Joomla reporting folders as "unwritable" in **System > System Information > Folder Permissions**. --- ## **Recommendations for the User** Based on the information provided: 1. **Enable Expert Mode in OctoJoom** This allows access to UID/GID customization features. 2. **During Container Creation:** Choose to match container permissions with the host user (`1000:1000` in this case) for seamless file access. 3. **Fixing Permissions:** - If files remain inaccessible, ensure Expert Mode is active. - Re-run the **Fix Permissions** process and specify the correct UID/GID based on your needs: - Use `1000:1000` for host user access. - Use `33:33` for `www-data` defaults. 4. **Consider Adding Your User to `www-data` Group** If using default `www-data` permissions, add your local user to the `www-data` group for file access: ```bash sudo usermod -aG www-data oxido ``` --- ## **Conclusion** OctoJoom’s advanced permission-handling feature resolves a common Docker issue of mismatched file permissions between containers and host systems. By correctly using Expert Mode and the Fix Permissions feature, users can ensure their files are accessible and writable as needed. For further assistance, refer to the official documentation or contact support.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
  
bug

Something is not working

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
help wanted

Need some help

  
invalid

Something is wrong

  
question

More information is needed

  
wontfix

This won't be fixed

No Label
bug
duplicate
enhancement
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: octoleo/octojoom#2
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?