Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HestiaCP Repair Tool #4385

Draft
wants to merge 19 commits into
base: main
Choose a base branch
from
Draft

HestiaCP Repair Tool #4385

wants to merge 19 commits into from

Conversation

tlcd96
Copy link
Contributor

@tlcd96 tlcd96 commented May 13, 2024
edited

a basic notion can be seen in #4330

what this tool will do?

  • Correct HestiaCP dir permissions
  • Integrity check HestiaCP
  • Reinstall Broken Hestia Packages
    • hestia
    • hestia-nginx
    • hestia-php
  • Correct plugins and integrations
  • Reinstalls of packages that might be broken
  • Fancy UI in Bash for all the steps

Fixes the system in case something isn't working

Instead of searching for a fix, this will do an integrity check and permission check on the file system

tlcd96 and others added 11 commits May 13, 2024 14:19
@tlcd96
HestiaCP Repair Tool
be9297e 
Fixes the system in case something isn't working
@tlcd96
created file that will check all system and then fix permissions, hes…
1868152 
…tiaCP dir partially done
@tlcd96
corrected bug
7db9468
@tlcd96
Update
d648c4b
@tlcd96
recursive call for files in sessions dir
66b35c1
@tlcd96
Updated permissions for ssl/mail and ssl/mail/*
96f5806
@tlcd96
done Hestiacp ownership
c80b356
@tlcd96
corrected regex for user:group
ac16486
@tlcd96
update:
afec870 
- added Dependency `debsums`
- check for hestiacp base, php and nginx checksums and on fail, echo reinstall
@tlcd96
Update, corrected file and updated the file to work with the base ins…
c465d16 
…talled now
@tlcd96
corrected chmod, missing -h flag
1d166dd 
`-h, --no-dereference affect each symbolic link instead of any referenced file`
now script is working normally
@tlcd96
Copy link
Contributor Author

tlcd96 commented May 14, 2024

the latest commit works, there isn't a reinstall but there is already a permission check and package integrity check.
it's missing the integrations, plugins and reinstalls in case of a integrity failure. this is not made yet for Hestia packages due to testing. the next commit, there will be a

	echo "reinstall needed: 'hestia'"
	.......
	$(apt update)
	$(apt install --reinstall hestia -y)
	.......
	echo "reinstall needed: 'hestia-php'"
	.......
	$(apt update)
	$(apt install --reinstall hestia-php -y)
	.......

so on and so forth...

@jaapmarcus
Copy link
Member

the latest commit works, there isn't a reinstall but there is already a permission check and package integrity check. it's missing the integrations, plugins and reinstalls in case of a integrity failure. this is not made yet for Hestia packages due to testing. the next commit, there will be a

	echo "reinstall needed: 'hestia'"
	.......
	$(apt update)
	$(apt install --reinstall hestia -y)
	.......
	echo "reinstall needed: 'hestia-php'"
	.......
	$(apt update)
	$(apt install --reinstall hestia-php -y)
	.......

so on and so forth...

No it will not check the permissions with a new install from 1.9.0 as base ...

admin:admin will get changed

@tlcd96
Copy link
Contributor Author

tlcd96 commented May 14, 2024

No it will not check the permissions with a new install from 1.9.0 as base ...

admin:admin will get changed

if admin:admin will be changed, there is, on the script, the chown permissions to change. it can be changed to whatever we need

I can add a parameter to bypass the check of the permissions of the HestiaCP directory. But I don't think that is needed, cause this script is to bypass most of the troubleshooting.

  • if there is a fix on this script, apply it.

now if there isn't, we report to the user, on the script, that the issue is more complicated and that this repair tool cannot fix.

how to do that? simple, checking if there was a change on a global variable on the script, for example: any_fix_done="0"
if that is equal to "0" we report that we couldn't find any problem and if any problem persists, to contact on the forum.

@jaapmarcus
Copy link
Member

No it will not check the permissions with a new install from 1.9.0 as base ...
admin:admin will get changed

if admin:admin will be changed, there is, on the script, the chown permissions to change. it can be changed to whatever we need

I can add a parameter to bypass the check of the permissions of the HestiaCP directory. But I don't think that is needed, cause this script is to bypass most of the troubleshooting.

  • if there is a fix on this script, apply it.

now if there isn't, we report to the user, on the script, that the issue is more complicated and that this repair tool cannot fix.

how to do that? simple, checking if there was a change on a global variable on the script, for example: any_fix_done="0" if that is equal to "0" we report that we couldn't find any problem and if any problem persists, to contact on the forum.

We create the new "hestiaweb" user in 1.9

hestiacp/install/hst-install-debian.sh

Lines 1163 to 1168 in 836eaee

# Generate a random password
random_password=$(gen_pass '32')
# Create the new hestiaweb user
/usr/sbin/useradd "hestiaweb" -c "$email" --no-create-home
# do not allow login into hestiaweb user
echo hestiaweb:$random_password | sudo chpasswd -e

@tlcd96
Update
ad09ccd 
add: (permissions ckeck)
- phpmyadmin
- Dovecot
- Cron Tasks
updated:
- session -> hestiaweb:hestiawen
@tlcd96
added reinstall on failed checksum - for packages: 'hestia', 'hestia-…
c394b53 
…php', 'hestia-nginx'
@johnnyq
Copy link

johnnyq commented May 15, 2024

Nice script so far and is much needed, just a suggestion but how about cleaning up old backups especially for backups of users that don't exist anymore and remove all php sessions etc

@sahsanu
Copy link
Contributor

sahsanu commented May 16, 2024

@tlcd96

Regarding this:
check_ownership "/usr/share/phpmyadmin/tmp" "root:hestiamail" "1"

If you use root:hestiamail as owner:group you will see this warning in phpMyAdmin

Warning The $cfg['TempDir'] (/usr/share/phpmyadmin/tmp/) is not accessible. phpMyAdmin is not able
to cache templates and will be slow because of this.

So you should modify it to hestiamail:www-data or hestiamail:hestiamail

@johnnyq
Copy link

johnnyq commented May 16, 2024

@tlcd96

Regarding this: check_ownership "/usr/share/phpmyadmin/tmp" "root:hestiamail" "1"

If you use root:hestiamail as owner:group you will see this warning in phpMyAdmin

Warning The $cfg['TempDir'] (/usr/share/phpmyadmin/tmp/) is not accessible. phpMyAdmin is not able
to cache templates and will be slow because of this.

So you should modify it to hestiamail:www-data or hestiamail:hestiamail

I could be wrong but shouldn't it be hestiaweb:www-data

@tlcd96
Copy link
Contributor Author

tlcd96 commented May 16, 2024

Hestiaweb is not yet available I think, only on version 1.9

@tlcd96
Copy link
Contributor Author

tlcd96 commented May 16, 2024

Just a sec.

@tlcd96
Copy link
Contributor Author

tlcd96 commented May 16, 2024

I'll see that later, not on the pc.

@tlcd96
Copy link
Contributor Author

tlcd96 commented May 16, 2024

@tlcd96

Regarding this: check_ownership "/usr/share/phpmyadmin/tmp" "root:hestiamail" "1"

If you use root:hestiamail as owner:group you will see this warning in phpMyAdmin

Warning The $cfg['TempDir'] (/usr/share/phpmyadmin/tmp/) is not accessible. phpMyAdmin is not able
to cache templates and will be slow because of this.

So you should modify it to hestiamail:www-data or hestiamail:hestiamail

I could be wrong but shouldn't it be hestiaweb:www-data

I've corrected the permissions now.

@tlcd96
Copy link
Contributor Author

tlcd96 commented May 16, 2024

@tlcd96

Regarding this: check_ownership "/usr/share/phpmyadmin/tmp" "root:hestiamail" "1"

If you use root:hestiamail as owner:group you will see this warning in phpMyAdmin

Warning The $cfg['TempDir'] (/usr/share/phpmyadmin/tmp/) is not accessible. phpMyAdmin is not able
to cache templates and will be slow because of this.

So you should modify it to hestiamail:www-data or hestiamail:hestiamail

I could be wrong but shouldn't it be hestiaweb:www-data

As per hestia, 1.9, the web user will be changed to hestiaweb with group hestiaweb. That's why the permissions where changed again. Please do not use alpha/beta code without having sure it won't mess with your installation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@tlcd96 @jaapmarcus @johnnyq @sahsanu