Rights problem at installatioin, delete cache, and some strange things over night

Since 5.0.4 i have right problems:
Over night something happend, so had now in the morning a 500 error message.

After

chown -R www-data:www-data /var/www/html/mautic
chmod -R 755 /var/www/html/mautic

all works again.

At installation and deleting cache sometimes also these rights problems.
I have a virtual Ubuntu server 22.04 at hetzner.com
Can anyone give me an idea why that comes?

Btw: Moodle runs on this machine also stable as a tank.
So it must come from Mautic 5 0 4, because 4.4.10 didn’t have these problems.

1 Like

Hi,
how did you do the update? It sounds like the user used for the update is neither www-data nor in the group of www-data.

Did you use a plain Ubuntu Image? Setting up a web server is not a plain vanilla linux server. I recommend using a management panel like Plesk or cpanel, which typically sets up linux in correct way to use it as a webserver.

I use ubuntu 22.04 and admit with the terminal. The linux system was fresh installation, provided from hetzer.com where it’s hosted.

A plain Ubuntu image is not a prepared web server. I would strongly recommend not to use it without any adjustments for hosting and running applications.

Do you have some advice for me? I want to learn it myself

Your error and way to solve it indicate that something ran the web app using a user that is more powerful than www-data and that www-data can’t override it (probably root).

This is a very bad practice and will eventually give you a headache.

Also, inode proper permission set:

Directory: 755
File: 644

Based on what you disclosed, that would fix it all:
find /var/html/www/mautic -type f -exec chmod 644 {} ;
find /var/html/www/mautic -type d -exec chmod 755 {} ;

Lastly;
Don’t use root user when you can avoid it.

1 Like

Hello and thanks in advance for your help:

now i made a new user and added him as here written:

usermod -aG sudo sammy

What steps do i have to do, that Mautic runs under that user?
At the moment, all is running under root.
I’d like to learn that, so it would be very helpful, if you can here support me. My questions:

  1. Do have to install anything new (Apache, php, etc…)?
  2. I think i have to adjust some rights in some directories. What do i have to do and how the rights are correctly?
    My mautic directory is: /var/www/html/mautic/
  3. Do i have to do anything with the database?

Btw: I can make after the steps images of my server - so i can test it without the risk to damage it.

Thanks in advance for your help.
Greetings, Stefan

** You’ll need to be root to perform most of those tasks

Vanilla Ubuntu? Apache runs under www-data

chown www-data: /var/html/www/mautic -R

Next, what is causing your root owned files is probably your cronjobs.

List all your current root owned cronjobs (lowercase L):
crontab -l

remove any mautic related cron if any (there shouldn’t be any). To do so, you may edit the crontab with the following:
(if you dislike vi, you may switch to nano as the VISUAL editor. to do so, execute “export VISUAL=nano” before the next step)
crontab -e

Now that you cleaned up your crontab, let’s give those cronjobs to the Apache user (www-data). To do so, edit the crontab once more. But that time on the behalf of the www-data user:
crontab -u www-data -e

Slap all your Mautic cronjobs there, save and delete once more Mautic cache using the root user (that should be your last time ever doing that under the root user).

Now don’t be root again to manage your Mautic. There is zero advantage of doing anything as root. Really none. And the only extra thing that you may manage to do is extra damage. Bottom line, really, really, really don’t use it. That’s my piece of advice.

To run as, the “su”, “sudo” and “runuser” cmd (not limited to) could help you not using root to manage your installation.

Step by step for Dummies - and thanks for your help:
I have normal ubuntu server 22.04
I connect now as user stefan (not as root) via ssh? right?
ssh stefan@2… right?

stefan@mautic01:~$ sudo chown -R www-data:www-data /var/www/html/mautic
I need here sudo - right? (without i had no permission)

The important change was here, to transfer the cronjob from root to www-data - right? (and that i work not under root - but under my user name)
stefan@mautic01:~$ sudo crontab -u www-data -e

One question: At the moment i saved via script, started by cronjobs under root the mautic directory every week and the database every day.

Should i transfer these cronjobs to my user cronjobs?:
stefan@mautic01:~$ crontab -e
Are there any special permissions need?

btw:
My script mysqldump.sh for backup daily the database under root looks:

#!/bin/sh
mysqldump -p'xxxxx' -u root mautic | gzip > ~/backups/mautic/mautic-database-$(date +%Y%m%d-%H%M%S).sql.gz

How can i make it executable as normal user with root rights (without i don’t have permission to get the database backup)?

The script ist in ~/backups/mautic
I’d like to execute with my cronjob: 0 4 * * * ~/backups/mautic/mysqldump.sh
under my normal user.

You need to do it as a super user.

First thing you’ll need to know is who is running those jobs on mautic

I was assuming root. But that could also be your “stefan” user.

Have you look who was the owner of the files within the cache directory?

If not, do it next time that you’ll face the error. The ownership will tell you who (shouldn’t) runs the jobs.

Once identified, you’ll need to do what was suggested (removing the cronjobs from that user crontab. And add the cronjobs to www-data user tab).

copy the code either in your user home - or in any $PATH (do an “echo $PATH” to know your paths)

chmod a+x /path/to/script

From there you should be to execute it like if it was anything else (the “tab tab” auto-complete will even work)

I would suggest to remove any user/pass hard-coding if putting it within a system path.

Throw your mysql username and password in a dot-my.cnf:

~/.my.cnf

[client]
password="use your mautic mysql password here"
user=mautic-mysql-username

and replace your script content with something like that:

#!/usr/bin/bash

mkdir -p ~/backups/mautic/

mysqldump mautic | gzip > ~/backups/mautic/mautic-database-$(date +%Y%m%d-%H%M%S).sql.gz

Hmmm…Thanks for you help.

My script mysqldump.sh is in that directory
stefan@mautic01:~/backups/mautic$

I tried to make it executable:
stefan@mautic01:~/backups/mautic$ chmod a+x mysqldump.sh
stefan@mautic01:~/backups/mautic$ ./mysqldump.sh
mysqldump: Got error: 1698: “Access denied for user ‘root’@‘localhost’” when trying to connect

With sudo it did not work either
stefan@mautic01:~/backups/mautic$ sudo chmod a+x mysqldump.sh
[sudo] password for stefan:
stefan@mautic01:~/backups/mautic$ ./mysqldump.sh
mysqldump: Got error: 1698: “Access denied for user ‘root’@‘localhost’” when trying to connect

For testing step by step is my question: Can i anyhow make the script executeable with my normal user, to start it via cron jobs?

It may sound silly but this confirm the proper exec bit/exec permission of the script:

mysqldump: Got error: 1698: “Access denied for user ‘root’@‘localhost’” when trying to connect

What it say is…
Scripts works great! But you messed up user and pass. Use the same user that you used for setting up Mautic DB. Info are located in the config/local.php file. This will save you some time

Make sure those info in /home/stefan/.my.cnf are good (update the MySQL user/pass to something that does exist):

[client]
password=HudbIikbfd563eNBnh
user=mautic

In my /config/local.php stands:
‘db_name’ => ‘mautic’,
‘db_user’ => ‘mautic’,
‘db_password’ => ‘xxxxxxxxx’,

I’m very new at the rights of linux…hmm…need an explanation für dummies

How should my script looks that it works? Would very thankful if you explain me that step by step for understanding what and why.

As written, i would like to save under my user “stefan” without root rights via cronjob start the script to save database every day in the home directory of stefan as written above. Thanks in advance for your great help

No worries.

As “stefan”, execute this (execute each of those 2 blocks as a single copy&paste + hit enter style):

echo '[client]
password="xxxxxxxxx"
user=mautic' > ~/.my.cnf

Obviously you want to replace the xxxxxx with your db_password info.

This will create your local mysql client configuration.

Your backup script:

sudo echo '#!/usr/bin/bash

mkdir -p ~/backups/mautic/

mysqldump mautic | gzip > ~/backups/mautic/mautic-database-$(date +%Y%m%d-%H%M%S).sql.gz' > /usr/local/bin/mbackup && sudo chmod a+x /usr/local/bin/mbackup

This will generate a file located at /usr/local/bin/mbackup and give it the exec bit.

The script itself will first attempt to create a directory in the user’s home path (in case of a first run or what ever reason why that directory went awol)

Then it will generate a dump in the designated path using the provided mysql info stored in your local mysql client configuration file - avoiding hardcoding user/pass in a script.

Test it by running the following as stefan:
mbackup

When successful, add the following cronjob to stefan (do it as stefan, not root nor any other user):
0 4 * * * /usr/local/bin/mbackup

EDIT: There was a typo in the second script (missing a / in a path)

Thanks - it works. I made it.

I have also Moodle running on this server. How can i add the Moodle database correctly in the .my.cnf to backup moodle in the same way?

You may need to use a second configuration file for both mysql schemas (and you should consider using a dedicated mysql user which have read only permissions for that - but this would be out of this scope)

My suggested solution:
To specify a config file, you need to add this to your mysqldump cmd: --defaults-file=/path/to/your/file

You could extend your backup script like that (just open the already existing file using sudo and replace its content with this one):

#!/usr/bin/bash

source ~/.${1}.my.cnf >/dev/null 2>&1

mkdir -p ~/backups/${1}

mysqldump --defaults-file=~/.${1}.my.cnf --single-transaction --add-drop-table $database | gzip > ~/backups/${1}/${1}-database-$(date +%Y%m%d-%H%M%S).sql.gz

Then, for each app that you want to backup, create a .(app name).my.cnf file containing the specific app mysql user/pass info.

i.e.

~/.mautic.my.cnf  <= containing Mautic DB info)
~/.moodle.my.cnf <= (containing Moodle DB info)

You’ll also need to add a line inside both of the MySQL client configuration files:

database=your-db-schema-name

i.e. ~/.mautic.my.cnf

[client]
password=HudbIikbfd563eNBnh
user=mautic

[server]
database=mautic

i.e. ~/.moodle.my.cnf

[client]
password=HudbIikbfd563eNBnh
user=moodle

[server]
database=moodle

Then run your backup script like that:

mbackup mautic #This is for backing up Mautic DB
mbackup moodle #This is for backing up Moodle DB

In a crontab:

0 4 * * * /usr/local/bin/mbackup mautic
0 4 * * * /usr/local/bin/mbackup moodle

From there you should be good to go in order to use that quick basic backup script with any other projects that you may have.

EDIT: Forgot to remove the “mautic” reference within the backup script - sorry about it, fixed!

Thanks . Wow.

i adjusted the script and got these error message:
mysqldump: unknown variable ‘defaults-file=~/.mautic.my.cnf’

I checked it more times. Can’t find an error in the files. Any idea?