Add standalone script to fix webroot permissions for existing installations

2025-11-04 18:07:10 +08:00 · 2025-11-04 18:07:10 +08:00 · 76bbec7264
parent 932b747621
commit 76bbec7264
2 changed files with 126 additions and 0 deletions
--- a/TROUBLESHOOTING.md
+++ b/TROUBLESHOOTING.md
@ -221,6 +221,37 @@ This script will check all aspects of the user account and provide detailed diag

 ---

+## Quick Fix: Webroot Write Permissions
+
+If users cannot create folders or files in the ROOT directory, run this standalone fix script:
+
+```bash
+# Download and run the fix script
+wget https://deploy-proxy.mightybox.io/addons/add-sftp-user/raw/branch/main/fix-webroot-permissions.sh
+chmod +x fix-webroot-permissions.sh
+sudo ./fix-webroot-permissions.sh
+```
+
+Or manually fix:
+```bash
+# Ensure litespeed group exists
+groupadd -f litespeed
+
+# Set group ownership
+chgrp -R litespeed /var/www/webroot/ROOT
+
+# Add group write permissions
+chmod -R g+w /var/www/webroot/ROOT
+
+# Verify
+ls -ld /var/www/webroot/ROOT
+# Should show: drwxrwxr-x or drwxrwsr-x (group has write)
+```
+
+**Note**: The addon code (version 0.7+) automatically fixes this during installation or when creating new users. If you have an existing installation, either:
+1. Update/reinstall the addon, OR
+2. Run the fix script above
+
 ## Common Issues and Solutions

 ### Issue: "Permission denied" when logging in
--- a/fix-webroot-permissions.sh
+++ b/fix-webroot-permissions.sh
@ -0,0 +1,95 @@
+#!/bin/bash
+
+# ==============================================================================
+# Standalone script to fix webroot permissions for existing installations
+# This ensures /var/www/webroot/ROOT has correct group ownership and permissions
+# ==============================================================================
+
+WEBROOT_DIR="/var/www/webroot/ROOT"
+
+echo "=============================================================================="
+echo "Webroot Permissions Fix Script"
+echo "Fixing permissions for: $WEBROOT_DIR"
+echo "=============================================================================="
+echo
+
+# Check if webroot exists
+if [ ! -d "$WEBROOT_DIR" ]; then
+    echo "ERROR: Webroot directory does not exist: $WEBROOT_DIR"
+    exit 1
+fi
+
+# Check if running as root
+if [ "$EUID" -ne 0 ]; then
+    echo "ERROR: This script must be run as root"
+    echo "Please run: sudo $0"
+    exit 1
+fi
+
+# Check if litespeed group exists
+if ! getent group litespeed > /dev/null; then
+    echo "Creating litespeed group..."
+    groupadd litespeed
+    if [ $? -eq 0 ]; then
+        echo "✓ Created litespeed group"
+    else
+        echo "ERROR: Failed to create litespeed group"
+        exit 1
+    fi
+else
+    echo "✓ litespeed group exists"
+fi
+
+# Check current group ownership
+CURRENT_GROUP=$(stat -c '%G' "$WEBROOT_DIR" 2>/dev/null)
+echo "Current group ownership: $CURRENT_GROUP"
+
+if [ "$CURRENT_GROUP" != "litespeed" ]; then
+    echo "Setting group ownership to litespeed..."
+    chgrp -R litespeed "$WEBROOT_DIR"
+    if [ $? -eq 0 ]; then
+        echo "✓ Set group ownership to litespeed"
+    else
+        echo "ERROR: Failed to set group ownership"
+        exit 1
+    fi
+else
+    echo "✓ Group ownership is already litespeed"
+fi
+
+# Check current permissions
+CURRENT_PERMS=$(stat -c '%a' "$WEBROOT_DIR" 2>/dev/null)
+echo "Current permissions: $CURRENT_PERMS"
+
+# Extract group write bit (second digit)
+GROUP_WRITE_BIT=$(echo "$CURRENT_PERMS" | cut -c2)
+echo "Group permissions bit: $GROUP_WRITE_BIT"
+
+# Check if write bit is NOT set (4=r--, 5=r-x, 1=--x, 0=---)
+if [ "$GROUP_WRITE_BIT" = "4" ] || [ "$GROUP_WRITE_BIT" = "5" ] || [ "$GROUP_WRITE_BIT" = "1" ] || [ "$GROUP_WRITE_BIT" = "0" ]; then
+    echo "Adding group write permissions (current group bit: $GROUP_WRITE_BIT)..."
+    chmod -R g+w "$WEBROOT_DIR"
+    if [ $? -eq 0 ]; then
+        echo "✓ Added group write permissions"
+        NEW_PERMS=$(stat -c '%a' "$WEBROOT_DIR" 2>/dev/null)
+        echo "New permissions: $NEW_PERMS"
+    else
+        echo "ERROR: Failed to add group write permissions"
+        exit 1
+    fi
+else
+    echo "✓ Group already has write permissions"
+fi
+
+echo
+echo "=============================================================================="
+echo "Verification:"
+echo "=============================================================================="
+echo "Directory: $WEBROOT_DIR"
+echo "Ownership: $(stat -c '%U:%G' "$WEBROOT_DIR")"
+echo "Permissions: $(stat -c '%a' "$WEBROOT_DIR") ($(stat -c '%A' "$WEBROOT_DIR"))"
+echo
+echo "=============================================================================="
+echo "Fix complete! Users in the litespeed group should now be able to write."
+echo "=============================================================================="
+