Skip to main content


Correct CMOD settings for smarty3, subfolders and their users


Just checked all the 13 of 220 folders that were created as belonging to user and group root and that I consider shouldn't exist as owned by root i the folder /smarty3.

In general terms speaking I couldn't find a common property.

They refer to posts or replies by three different users.

Most refer to one specific post.

Two create a page:
Not Found
The requested item doesn't exist or has been deleted.
Request: XYZ

All were created with the theme VIER.

#5 #4 #1 #2 #3 #6 @Hypolite Petovan
@utopiArte @TupambAdmin [stable] Are you by any chance running your Friendica cron jobs as root? It should run as www-data. Same question if you're using the daemon.

Friendica Support reshared this.

Not using daemon but CRON.

I guess that is running as root ..

@Hypolite Petovan

So this is a "tricky" one for me as I have no idea what or how to do this.
In the helpers page:
https://tupambae.org/help/Install#cron+job+for+worker
it only states:

helpers page wrote:

cron job for worker
If you are using a Linux server, run "crontab -e" and add a line like the one shown, substituting for your unique paths and settings:

I did my installation with the help of @hankg's tutorial:
https://www.nequalsonelifestyle.com/2022/07/30/creating-friendica-server-ubuntu/#creating-workers

ubuntu install tutorial wrote:

First log into the server through SSH using your root@<domain> user. Then execute the crontab edit command:
sudo crontab -e


How do I set this so "It should run as www-data."
??

@utopiArte Prepend the php command with su -u friendica and the command will be ran as www-data.

Friendica Support reshared this.

Something like this?

# For more information see the manual pages of crontab(5) and cron(8)
#
# m h dom mon dow command
*/5 * * * * cd /var/www/html; su -u friendica /usr/bin/php bin/worker.php

@utopiArte Looks good to me, you should run it once as root to make sure it doesn't fail horribly.

Friendica Support reshared this.

As off now it was running like this:
*/5 * * * * cd /var/www/html; /usr/bin/php bin/worker.php

Your suggestion:
php command with su -u friendica
*/5 * * * * cd /var/www/html; su -u friendica /usr/bin/php bin/worker.php

What we didn't actually clarified is what friendica stands for.
Like to say, is it a "place holder", a variable for a user or application name?
Is "friendica" defined as such in worker.php?
Or would it actually be www-data?

@utopiArte Sorry, friendica is the name of my local node web server user. You should be writing www-data instead.

Friendica Support reshared this.

@Hypolite Petovan @utopiArte In my case, php software runs with the owners id of that software, so that every application runs with it's own id, this is much more secure than the www-data for everything scheme because in that scheme one application can write over all others or even itself, not good. This way a flaw in an application can only result in damage to that application.

Well, this;
*/5 * * * * cd /var/www/html; su -u www-data /usr/bin/php bin/worker.php
.. didn't work out.

Looks like cron job didn't execute at all.

The last worker execution was on 2023-12-22 16:25:28 UTC. This is older than one hour. Please check your crontab settings.

Still monitoring this and wondering if some setting and changes while moving the server has to do with this.
Right now there are folder structures like the mentioned created and visible in /smarty3 and /storage.

Of the two folders that have root as owner in the /smarty3 folder, there is one subfolder that exists in the /storage folder and one that doesn't.

The one that does exist in /storage and /smarty3 has the same creation date (Nov 28 2023).

It actually points right now to this very answer above:
/display/0ac89072-1165-95dc-31ec-a8a342054692

That folder contains an completely unrelated unknown avatar.

While trying to nano the file contained in the other folder right now the following message came up:
"File root is being edited by root (with nano 6.2, PID 3334); open anyway?"

Opening anyway gave an empty nano editor with something like 1/7.
Trying to leave with [ctrl-X] and [N] wasrejected and an empty nano editor with 1/2 showed up on top.
Closed the SSH window o escape this.

utterly strange

I start getting the feeling that the admin profile has or had the ability to publish as root.

There is specifically one post right now that is public where this profile commented on. That post shows up on the profile page but when this profile tries to open it or even open a notification of an answer on that post done by the admin profile a blank page get's displayed. Occasionally with a code error, occasionally with nothing at all.

This is the link of the latest notification that display a blank page:
https://tupambae.org/display/0ac89072-4065-b25c-c45a-703128708436

🙁
f***, just pulled the whole link into this

😞