Unable to access root path when using systemd

I’m trying to setup Caddy in Ubuntu 16.04, so I’m following the systemd guidelines from https://github.com/mholt/caddy/tree/master/dist/init/linux-systemd

However, my root is located inside my home directory (/home/yychen) instead of /var/www because it’s linked to a git repository and I’m still developing.

I’ve added www-data to group “yychen” (which is my account) and tried to make sure www-data can read the files. But when I start the service, it gives me the following error:

Oct 05 17:10:26 ymy caddy[3036]: 2016/10/05 17:10:26 /etc/caddy/Caddyfile:2 - Parse error: Unable to access root path '/home/yychen/projects/someweb': stat /home/yychen/projects/someweb: permission denied

I’ve made www-data able to login by changing /usr/sbin/nologin to /bin/bash, and did the following

yychen$ sudo su - www-data
www-data$ stat /home/yychen/projects/someweb
  File: '/home/yychen/projects/someweb'
  Size: 4096            Blocks: 8          IO Block: 4096   directory
Device: 801h/2049d      Inode: 273386      Links: 7
Access: (0775/drwxrwxr-x)  Uid: ( 1000/  yychen)   Gid: ( 1000/  yychen)
Access: 2016-10-05 16:58:58.400168097 +0800
Modify: 2016-10-05 16:58:06.504187055 +0800
Change: 2016-10-05 16:58:06.504187055 +0800
 Birth: -

I even tried starting caddy and it worked

www-data$ cd /etc/caddy
www-data$ /usr/local/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp
Activating privacy features... done.
https://dev.someweb.cc
http://dev.someweb.cc

Is there some kind of bug in the systemd service file? or did I do anything wrong?

The following is my Caddyfile

dev.someweb.cc {
    root /home/yychen/projects/someweb

    rewrite /assets {
        to /frontend/public/{path}
    }

    rewrite /static {
        r (.*)
        to /django/static_collected/{1}
    }

    proxy / localhost:9999 {
        transparent
        except /assets /static /media /frontend /django
    }

    log /var/log/caddy/access.log {
        rotate {
            size 100
            age 14
            keep 10
        }
    }

    errors {
        log /var/log/caddy/errors.log {
            rotate {
                size 100
                age 14
                keep 10
            }
        }
    }
}

Thanks a million!

1 Like

After some further testing, I figured out what’s wrong.

In caddy.service, there’s a line that hides /home, /root, and /run/user

; Hide /home, /root, and /run/user. Nobody will steal your SSH-keys.
ProtectHome=true

Just comment out the ProtectHome and it won’t complain about the permission.

3 Likes

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.