My permissions keep getting reset or something

[BigPete]

I had php nuke running my site before with the coppermine plugin and then my permissions were reset or something and I was getting permission denied when going to my site. Since that happened, I removed everything and installed coppermine by itself. That was working great and now today, I get the same error. I fixed it by putting the proper permissions on the right folders but why does this keep happening? I dont want this to become a regular thing.

[Raven]

Did you open a ticket?

[BigPete]

Nope. I always try to resolve issues through another avenue if I can. If the consensus is that I should open a ticket/contact support then that is what I will do.

My issue isnt exactly an "important" one since I can fix the problem. However it is annoying when I have to keep fixing it for some reason. I know there are people with real issues and if I can fix a problem myself without contacting support then the experience benefits me as well as the other people who might need that support more than myself.

[salewit]

It wasn't just you BigPete. I run Gallery on several domains and I had all my permissions reset as well. I set them correctly and the next day they were reset again. I opened a ticket and they said they'd look into it. It hasn't happened again, but I think it has a lot to do with what Les said in this thread: http://jaguarpc.com/forums/showthread.php?t=12382

[Spathiphyllum]

The permissions reset issue has effected me several times (3 separate incidents so far) over the past 30+ days too. Jag's support staff has investigated and "repaired" the issue on each occasion with various levels of email-tag each time. They were courteous and responsive but never did disclose the reason for this repeated event despite explicit requests, so I cannot shed any light upon our shared experience. Initially, I thought it may have had something to do with the change in the log archiving protocol initiated about thirty days ago but that could just be coincidental. I haven't a clue. I do, however, have a nice running ticket with a good history of the issue to fall back on when the issue repeats.

[Ron]

It wasn't just you BigPete. I run Gallery on several domains and I had all my permissions reset as well. I set them correctly and the next day they were reset again. I opened a ticket and they said they'd look into it. It hasn't happened again, but I think it has a lot to do with what Les said in this thread: http://jaguarpc.com/forums/showthread.php?t=12382

I don't think that his response about a network anomaly has anything to do with a permissions issue (which I don't think he addressed in his response to you, even though you posed the question).

[gerilya]

The permissions reset issue has effected me several times (3 separate incidents so far) over the past 30+ days too. Jag's support staff has investigated and "repaired" the issue on each occasion with various levels of email-tag each time. They were courteous and responsive but never did disclose the reason for this repeated event despite explicit requests, so I cannot shed any light upon our shared experience. Initially, I thought it may have had something to do with the change in the log archiving protocol initiated about thirty days ago but that could just be coincidental. I haven't a clue. I do, however, have a nice running ticket with a good history of the issue to fall back on when the issue repeats.

it's my impression that majority of Jag support staff are lacking necessary experties to get to the bottom of the issues and merely follow some sort of HOWTO when a new ticket is opened.

Whatever the real reason is, though, ignoring requests to provide full and accurate technical details is one of the reasons I rate Jag's support "below the average".

[Spathiphyllum]

gerilya,

It's hard to know to what degree different staffers are credentialed and, as is typical of most hosts, escalations occur depending on the severity of the issue. I understand and accept such a hierarchy given the price structure to which I have subscribed. I understand the frustration of not knowing the source of a problem because, like you and others, I'd like to resolve the problem myself (for expediency) and not waste time with a ticket for every little thing. In this particular case, I wanted the specifics so that I could relay the info to another tech should this occur again a year from now and all of the staff rotate. Should the ticket history disappear, both JaguarPC and I would waste a lot of time resolving an issue that has already been resolved before but without the diagnostic tools.

Besides, I'm always looking to learn about new things to help me expand my knowledge as well as test troubleshooting abilities. I'm not at the point of a "below average" rating since I have experienced other hosts that were infinitely worse. I still feel pretty confident giving them an "above average" rating and, given the price, a "well-above average" is not out of the realm of possibilities. However, remaining ignorant of the problem is a pet peeve of mine too, as you reiterated.

[Brandon]

Hello guys,

I've read all of your posts and you all have very good points that need to be addressed. Your questions on why a problem happens should not go unanswered even if it is fixed. If each of you PM me your ticket numbers that contains the issues, Ill work through them and to the best of my ability get you better answers or at least find someone who can answer the question.

On a larger scale... please also know, that your complaints about less-than-impressive support on certain tickets is being addressed at the highest level. We realize that you guys are our greatest assets here at jaguarpc and we are not taking your issues lightly. We are working to raise the overall quality of the support you are given on the technical side of the house. In coming weeks/months you'll notice a few additions to our support, including adding live technical chat so that you don't have to wait on important issues. If subscribed, you'll start receving a newsletter, keeping you informed on what new products we offer as well as where Jagaur Technologies is headed.

Granted there will always be some room for improvement, but our ultimate goal over the course of the next few months is to solidify our current client base and reach out to new clients through more advertising. By having our community grow we'll be able to offer more to our existing, loyal clients.

[JPC-Les]

What I said in the referenced link was not related to permissons. One thing I need to ask is where the permissions world writeable? Right now we are finding lots of problems with worldwriteable directories being abused to upload mailer scripts for SPAM/phishing. It's possible that a world writeable directory could have been chmod'ed if a sweep was ran on the server.

I'll take a closer look into this.

[JPC-Greg]

Quality control is a major personal project of mine. To get to the root of problems and in many cases even know one exists I feel there isnt enough in place to tell me and others in management about whats going on in daily support. Ive been doing extensive research in many areas over the last few months and as Brandon noted above we are making lots of changes , call it Jag 2.0 if you will.

Now from what Ive gathered its clear that clients sometimes need more information than they are being given in support tickets, such as "its been fixed now please try again" type of answers. While we do have a guide in place and policies on informative responses its apparant that without an instant rating system in place I wont hear about them until someone comes here to complain.

If you have any problems or concerns at all, I dont care how small they may be, please make sure to get them to myself, Les, Eric, Ryan, or Brandon. Use our forum pm's if you want or email , just toss an @ jaguarpc.com after the name.

We're listening and we will implement whatever is needed and if justified whatever is requested.

[Spathiphyllum]

Hello gentlemen,

Geez, this sounds like a five-alarm rapid response team effort. Thanks for your prompt attention and intervention. This just reinforces my confidence in maintaining my relationship with Jaguar despite an intermittent hiccup. Not that I was going anywhere, but I still recognize sincere effort when I see it. Nevertheless, I don't think we meant to rattle the cages to such a degree, at least I didn't. Consider it more professional banter among the commmune.


Brandon,

I'll PM the ticket number when it's convenient. It's not an urgent issue right now since my access is back to normal and, ultimately, access trumps all. Everything else is icing, not that there's anything wrong with icing either.


Les,

For reference, my issue was restricted to FTP to the entire space with r and x completely normal. Only w was forbidden... everywhere. Neither software-client nor path mattered. SSL and HTTP(S) were just fine during every episode - fortunately. During one episode, permissions had been improperly assigned to someone else for an undisclosed reason. The other times... I don't know.

As far as an automated script detecting and tagging a directory (from a Jag cron?), that's news to me. Does that mean that any world-writable directories are now vulnerable to server-side admin chmod/chown even if no rogue code exists within the directory? I know it's not a good idea to have such a directory but sometimes it's necessary. Also, if you ever detect such a rogue script in my space, I hope you'll notify me ASAP if it is not your policy to do so anyway. I'm quite particular about what I introduce into my environment, so a misbehaving script will be purged by me as fast as you can say $&!?#!


Jag,

Thanks again for your concern. The rating system sounds potentially useful. Validity may depend somewhat on the client's (technological) experience too, so the input may or may not be useful. I guess if someone scores a 0.1 in a 1.0 to 5.0 rating scale, your confidence that something has gone awry will be well founded. It's good to know that we can contact you and partners-in-crime at any time - so don't plan on doing anything Friday night/Saturday morning. I'll be sure to queue up all the requests for then just to test your theory. Should I put your name in the "Subject" header or will "Attention: available workaholic" do?

[JPC-Greg]

Either subject heading will do . If it seems like we pounded on this issue in force well thats intended. This is a hot topic of ours and one of the largest revamp issues currently underway behind the scenes so I guess its just on the front of all our minds.

[JPC-Les]

No there is no cron job to automaticly change any users permissions that I am aware off. 99% of the world writeable directories that get abused is from a client "playing" around with a mambo installation or similar. When it happens a search is ran on the server to ensure all of the directories are secured. However I was supposing it could be possible that a non-related directories path could have been obtained from the search and included in the loop erroneously.

My suspicion does not seem to apply to your situation. And yes if we find a vulnerable script the policy is to lock it down (chmod 000;chown root.root) and notify the client.

[muks]

happened to me too. i'm running an invision board then one day i went to access my site and then forbidden. i found out that all the folders changed permission to 655. that's the strangest thing i've ever seen. so i went to manually chmod each and every folder to 755.

something definitely went wrong but nobody knew why it happened.