When a platform is verified, the sites directory is set to 0750. This makes it inaccessible to non-aegir users coming from /var/aegir/clients.

It's possible that this is more of a provisionacl issue, but I think the point of the clients directory is mostly to allow client access, and so it makes little sense to create a symlink the client cannot access.

I'm fairly certain this used to be different but I can't seem to find the origin of the change. Any pointers in this direction would be helpful.

This bug is solved by giving the sites directory the 0751 permission (giving +x permissions), but I'm uncertain whether this would be a security issue on multi-client servers.

Possibly related to #2883695: Users with the aegir client role not able to see their sites and platforms (but I doubt it).


gboudrias created an issue.