Web update permissions access

[paul-mesnilgrente]

Hello everyone,

I have used your script in the README to install FreshRSS last week. The only difference is that I have placed the symlink in /var/www instead of /var/www/html/ and I use an apache virtualhost :

<VirtualHost *:80>
    ServerName ...
    DocumentRoot /var/www/FreshRSS

    ErrorLog ${APACHE_LOG_DIR}/freshrss_error.log
    CustomLog ${APACHE_LOG_DIR}/freshrss_access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =...
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerName ...
    DocumentRoot /var/www/FreshRSS

    ErrorLog ${APACHE_LOG_DIR}/freshrss_error.log
    CustomLog ${APACHE_LOG_DIR}/freshrss_access.log combined
SSLCertificateFile /etc/letsencrypt/live/...
SSLCertificateKeyFile /etc/letsencrypt/live/...
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>

</IfModule>

The problem is that when I click on "Check the updates", an error message prints that /usr/share/FreshRSS is not accessible by the HTTP user.

So I have run again that line sudo chown -R :www-data . && sudo chmod -R g+r . && sudo chmod -R g+w ./data/ but the problem is not solved. If you have an idea...

Thank you very much.

PS: I am on ubuntu, with FreshRSS 1.5

[subic]

You also have to chmod g+w on the application folder (/usr/share/FreshRSS in your case) to allow the webuser group write access to the installation directory. I personally only do this while upgrading and reduce the privileges after (chmod g-w on the application folder).

[paul-mesnilgrente]

This work fine, but this not only on the /usr/share/FreshRSS but recursively too.
So the script is

sudo chmod -R g+w .
# make the update with the web interface
sudo chmod -R g-w .
sudo chmod -R g+w ./data/

[Alkarex]

@paul-mesnilgrente can you please show the rights of /var/www/FreshRSS and /usr/share/FreshRSS ?

[Alkarex]

And depending on your Apache config, see also FollowSymlinks https://httpd.apache.org/docs/2.4/mod/core.html

[paul-mesnilgrente]

The problem was solved with the script I gave... But if you want it :

rwxrwxrwx  1 root     root   21 oct.  23 14:28 FreshRSS -> /usr/share/FreshRSS/p/
drwxr-xr-x   11 root www-data  4096 nov.   4 15:49 FreshRSS/

[Alkarex]

Ah, ok, very good :-)

[subic]

I think the problem is when installing FreshRSS in the share folder and only symlinking the "p" directory the application folder in usr is not group writable. The referenced installation instructions presume that the web user has access to the whole directory (as would be the case when installing the whole app in web directory but is not when using symlink to /usr/).

[Alkarex]

Sorry, I read a bit too fast earlier today and I did not see the fact that the problem was for updates. Indeed, a Web update requires setting the rights as you did. Another thing we should document better...

[Alkarex]

I have made a little update in the read-me. Comments welcome #1356