[SOLVED] [BUG] Ghost update fails after standard install, cause folder .config permissions

Developer help
1

Hello,

I proceed with a fresh installation of Ghost (with a ghost super user account) and after create the ‘ghost’ account (procedure is the same like here : #676 ).

Launch ghost and control process with systemctl and all is fine.

But if i want to update ghost, it’s fails, there are somme errors :

ghostuser@zero:/var/www/ghost$ ghost update
:heavy_multiplication_x: Checking folder permissions
:heavy_multiplication_x: Checking file permissions
:heavy_multiplication_x: [Checking content folder ownership

Checking folder permissions
Message: Command failed: /bin/sh -c find ./ -type d ! -perm 775 ! -perm 755
find: ‘./content/.config’: Permission non accordée

./content/.config

Checking file permissions
Message: Command failed: /bin/sh -c find ./ -type f ! -path “./versions/*” ! -perm 664 ! -perm 644
find: ‘./content/.config’: Permission non accordée

Checking content folder ownership
Message: Command failed: /bin/sh -c find ./content ! -group ghost ! -user ghost
find: ‘./content/.config’: Permission non accordée

Debug Information:
OS: Debian, v9.4
Node Version: v8.11.1
Ghost-CLI Version: 1.7.2
Environment: production
Command: ‘ghost update’
Ghost Version (at /var/www/ghost): 1.22.5

The default permission :

ls -al /var/www/ghost/
total 28
drwxrwxr-x 5 ghostuser ghostuser 4096 mai 2 18:40 .
drwxr-xr-x 5 root root 4096 avril 25 23:11 …
-rw-r–r-- 1 ghostuser ghostuser 486 mai 2 18:40 config.production.json
drwxr-xr-x 8 ghost ghost 4096 mai 2 18:37 content
lrwxrwxrwx 1 ghostuser ghostuser 30 mai 2 18:38 current → /var/www/ghost/versions/1.22.5
-rw-r–r-- 1 ghostuser ghostuser 109 mai 2 18:43 .ghost-cli
drwxr-xr-x 3 ghostuser ghostuser 4096 mai 2 18:40 system
drwxr-xr-x 3 ghostuser ghostuser 4096 mai 2 18:38 versions

ls -al /var/www/ghost/content/.config/
total 12
drwx------ 3 ghost ghost 4096 mai 2 18:47 .
drwx------ 9 ghost ghost 4096 mai 2 18:47 …
drwx------ 2 ghost ghost 4096 mai 2 19:03 configstore

ls -al /var/www/ghost/content/.config/configstore/
total 12
drwx------ 2 ghost ghost 4096 mai 2 19:03 .
drwx------ 3 ghost ghost 4096 mai 2 18:47 …
-rw------- 1 ghost ghost 55 mai 2 18:47 update-notifier-npm.json

I proceed some modifications :

ghostuser@zero:/var/www/ghost$ sudo find ./ -type d -exec chmod 775 {} ;
ghostuser@zero:/var/www/ghost$ sudo find ./ ! -path “./versions/*” -type f -exec chmod 664 {} ;
ghostuser@zero:/var/www/ghost$ sudo chown -R ghost.ghostuser /var/www/ghost/content/.config

ls -al content/.config
total 12
drwxrwxr-x 3 ghost ghostuser 4096 mai 2 18:47 .
drwxrwxr-x 9 ghost ghost 4096 mai 2 18:47 …
drwxrwxr-x 2 ghost ghostuser 4096 mai 2 19:03 configstore

ls -al content/.config/configstore/update-notifier-npm.json
-rw-rw-r-- 1 ghost ghostuser 55 mai 2 18:47 content/.config/configstore/update-notifier-npm.json

And retry ghost update :

ghostuser@zero:/var/www/ghost$ ghost update
Running sudo command: systemctl is-active ghost_localhost
? Password [hidden]
:heavy_check_mark: Checking system Node.js version
:heavy_check_mark: Ensuring user is not logged in as ghost user
:heavy_check_mark: Checking if logged in user is directory owner
:heavy_check_mark: Checking current folder permissions
:heavy_check_mark: Checking folder permissions
:heavy_check_mark: Checking file permissions
:heavy_check_mark: Checking content folder ownership
:heavy_check_mark: Checking memory availability
:heavy_check_mark: Checking for available migrations
:heavy_check_mark: Checking for latest Ghost version
All up to date!

I think the default permission folder .config (and subdirectory and file) seems incorrect because if only ‘ghost’ can read and write then the ‘ghost super user’ doesn’t have any access and update failed.

It’s possible i do a error and if yes please indicate me where and how to fix this,
i try twice with fresh install and ghost update and same error.

Best regards.

2

I wonder why your .config folder is located in /var/www/ghost/content - that is not the default location. The default location is ~/ (which is the home directory of your logged in user).

What is the output of echo $XDG_CONFIG_HOME?

3

Thank you Kate for your answer,

Output is empty:
ghostuser@zero:/var/www/ghost$ echo $XDG_CONFIG_HOME

it’s normal because in Debian, the $XDG_CONFIG_HOME is binding with $HOME with the script in /etc/profile.d

for ‘ghostuser’ the $HOME is /home/ghostuser
for ‘ghost’ the $HOME is /var/www/ghost/content

My .config is in /var/www/ghost/content because with debian it’s mandatory to create ‘ghost’ user yourself because the default installation can’t do it (as I indicated in the first line, there is always a open case to fix this: #676).

In the documentation it’s written how to create the account “super user” but not the “ghost” account so I created it in a secure way without it being able to log in and only chroot in the only directory where it must have access : /var/www/ghost/content like this:

groupadd -g 1005 ghost
useradd -u 1005 -g ghost -d /var/www/ghost/content -M -f0 -s /usr/sbin/nologin -c "Ghost user,,," ghost

so if I understand your explanation correctly, is that the problem?
so it is necessary that the user’ghost’ is a default directory in /home?

If this is it then create the user’ghost’ as it should fix the rights problem:

groupadd -g 1005 ghost
useradd -u 1005 -g ghost -d /home/ghost -M -f0 -s /usr/sbin/nologin -c "Ghost user,,," ghost

If you agree with that then I’ll try again.

4

With your explications and after retry (twice with two different ghost account creation), it’s done now.

With Debian 9.4, if i create ‘ghost’ user like this (before installation of ghost):

groupadd -g 1005 ghost
useradd -u 1005 -g ghost -d /home/ghost -M -f0 -s /usr/sbin/nologin -c "Ghost user,,," ghost

or

adduser --system --uid 1005 --group --disabled-login --gecos "Ghost user" ghost

for ‘ghost’ the $HOME is now /home/ghost

Installation is ok (before it’s already ok) and Update is now ok:

ghostuser@zero:/var/www/ghost$ ghost update
Running sudo command: systemctl is-active ghost_localhost
? Password [hidden]                                                                                          
✔ Checking system Node.js version
✔ Ensuring user is not logged in as ghost user
✔ Checking if logged in user is directory owner
✔ Checking current folder permissions
✔ Checking folder permissions                                                                                
✔ Checking file permissions
✔ Checking content folder ownership
✔ Checking memory availability                                                                               
✔ Checking for available migrations                                                                          
✔ Checking for latest Ghost version                                                                          
All up to date!

For now we known that ‘ghost’ user it MUST have its directory in /home and no other chroot is possible elsewhere.

Thank you very much Kate.

5

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.