Backups fail after updating to Virtualmin 5.0

After updating to Virtualmin 5 my backups won't run anymore.

The following exception is thrown:

Failed to open /home/[DOMAIN]/.virtualmin-src for writing : Permission denied

And after running chmod 0775 /home/* before the backup it turns into:

Failed to open /home/[DOMAIN]/.backup/[DOMAIN]_unix : Permission denied at /usr/share/webmin/web-lib-funcs.pl line 1397, line 1.

The problem seems to be that when setting root as the owner of the Virtualmin server home directory.
This is needed to chroot users using SFTP into their home directories.

Would it be possible to have an option to run backups as root instead of domain owners?

Hope you can help figure out a way to solve this as soon as possible.

Thanks!

Kees-Jan

Status: 
Active

Comments

Howdy -- hmm, what is the output of these commands:


ls -ld /home/DOMAIN
ls -ld /home/DOMAIN/.backup

Also, what is the username of the Virtual Server owner?

For security reasons, the backups run as the Virtual Server owner though. However, that user should have the ability to access the files that are generating an error above.

> ls -ld /home/DOMAIN
drwxr-xr-x 10 root root 4096 Jan 14 00:00 /home/DOMAIN
> ls -ld /home/DOMAIN/.backup
drwxrwxrwx 2 root root 4096 Jan 14 00:00 /home/DOMAIN/.backup

The domain owner is 'domain'. If the directory .backup was not owned by root but by domain it should work.
I assume that .backup is created during the backup process, but because /home/DOMAIN is owned by root, .backup is also owned by root.

Thanks for looking into this!

Ah, it looks like your user's home directory has been changed so that it's owned as the user root, rather than the Virtual Server owner.

That will indeed cause a variety of problems.

What you'd need to do is change the ownership of all the files and directories in /home/USERNAME back to the Virtual Server owner.

You can use Limits and Validation -> Validate Virtual Servers -> Fix Permissions to help with that.

It looks like your using Virtualmin GPL there though... since you aren't seeing a bug, if you had questions on how to change the permissions, or additional questions on the backup process, you'd actually want to use the Forums for support. We monitor the Forums, along with lots of wonderful folks in the community. Thanks!

Hi!

Thanks for your reply!

Yes, I had to change the owner of the home directories to root because otherwise chroot for sftp doesn't work.
This always worked fine up till 4.132.gpl when it stopped working for incremental backups.
Now since version 5.0 it doesn't even work for full backups anymore.

I cannot have my users connecting through sftp and being able to browse all other domains.

I was able to solve the issue by manually creating a .virtualmin-src in each virtual server home directory. It seems that this file is created automatically for all new virtual servers.

Yes, that would work as a work-around