webroot ownership root-owned issue & fix
sudo tee 쓰면 파일 owner root로 바뀜. 권한 꼬이면 자동 부활 안됨.
webroot files keep becoming root:root
원인: son-pro6000(192.168.1.116)에 있는 publish.py가 문제.
SSH로 접속해서 sudo tee나 sudo mkdir로 파일 쓰면 owner가 root로 박힘.
논문별 서브디렉토리는 chown 해주는데, 정작 thesis/ 폴더나 index.html은 건너뜀.
이러면 hub-daily-cron(son 계정)이 index.html 덮어쓸 때 권한 없어서 터짐.
fix (approach B)
chown -R son:son [webroot_path]
- webroot 전체 son:son으로 소유권 변경.
publish.py수정: sudo 빼고 일반 ssh write (cat > path) 사용하도록 변경._remote_sudo_write->_remote_write(non-sudo)sudo mkdir->mkdir로 퉁침.
SSH config issue fix
SSH_HOST = "aoo"
기존에 IP 직접 박아놔서 ~/.ssh/config에 설정한 IdentityFile(ed25519 key) 못 불러옴.
Permission denied 뜨면서 publishing 다 깨짐. Host 별칭(aoo)으로 바꿔서 해결.
- nginx-snippet/systemd/reload: 이건 root 권한 필요하니까 sudo 유지 (correct)
- backup:
~/prj/thesis/papergen/publish.py.bak.20260531_133103(192.168.1.116)
여기서 배울 것
- SSH로 sudo 써서 파일 쓰면 owner root로 바뀜. 조심.
- SSH config에 key 설정해놨으면 IP 말고 Host 별칭 써야 함.
- 권한 꼬이면 자동화 스크립트(cron) 다 깨짐.
원본 파일 보기 (.claude/projects/-etc-nginx/memory/learn-webroot-reroots.md)
---
name: learn-webroot-reroots
description: "Why /var/www/learn.ericfromkorea.com files keep becoming root-owned, and what re-roots them"
metadata:
node_type: memory
type: project
originSessionId: 3eac8adb-fd0e-4fbc-b45a-9d4cc1700c85
---
`/var/www/learn.ericfromkorea.com/` files periodically revert to **root:root** ownership. The cause is **`papergen/publish.py` on the GPU box son-pro6000 (192.168.1.116)**: it SSHes into this box (son-wtr) as `son` and writes the webroot with `sudo tee` / `sudo mkdir` over SSH (`_remote_sudo_write`, lines ~56-58, 113-114), so the `thesis/` dir and `thesis/index.html` land as root. It only `sudo chown son:son`s the per-paper subdir (line ~101), not `thesis/` itself or `thesis/index.html`.
**Resolved 2026-05-31** (approach B): the whole tree was `chown -R son:son`'d, AND `publish.py` on 192.168.1.116 was edited so webroot writes no longer use sudo — added a non-sudo `_remote_write` (`ssh ... "cat > path"`), and changed `_push_viz_cache`/`regenerate_index` from `sudo mkdir`/`_remote_sudo_write` to plain `mkdir`/`_remote_write`. nginx-snippet + systemd + nginx-reload still use sudo (correctly, root-owned targets). Backup: `~/prj/thesis/papergen/publish.py.bak.20260531_133103` on 192.168.1.116.
Also fixed in the same edit: `SSH_HOST` was `son@192.168.1.121` (direct IP), which does NOT match 116's `~/.ssh/config` `Host aoo` block (the only one specifying `IdentityFile ~/.ssh/son_ed25519_key`), so the key wasn't offered → `Permission denied (publickey)` → publishing was fully broken. Changed `SSH_HOST = "aoo"`. Verified end-to-end: `regenerate_index()` writes son-owned `thesis/index.html`, HTTP 200.
Matters because the [[hub-daily-cron]] generator (running as son) overwrites `index.html` in this dir; if a file there is recreated as root, son loses write access and the hub rebuild breaks for that file.