I've just installed Concrete 5 CMS by following the instructions on the website.
The folders application/files/, application/config/, packages/ and
updates/ will need to be writable by the web server process. This can
mean that the folders will need to be "world writable", depending on
your hosting environment. If your server supports running as
suexec/phpsuexec, the files should be owned by your user account, and
set as 755 on all of them. That means that your web server process can
do anything it likes to them, but nothing else can (although everyone
can view them, which is expected.) If this isn't possible, another
good option is to set the apache user (either "apache" or "nobody") as
having full rights to these file. If neither are possible, chmod 777
to files/ and all items within (e.g. chmod -R 777 file/*)
The packages folder has permission 777 and root/tmp folder has permission 755.
I've uploaded a new theme to /packages over FTP. When I try to install the new theme I see the following error:
An unexpected error occurred. fopen(/root/tmp/1419851019.zip) [function.fopen]: failed to open stream:
Permission denied
I have FTP access to the server and access to CPanel. How do I get this working without granting too many permissions which pose a security risk?
My install has the folders application/files, application/config, packages, and updates all set to 755 and it's working just fine.
You get that error because the system is trying to write to /root/tmp, which apparently is the environment configuration for a temp folder when your PHP request is handled.
Try adding the folder application/files/tmp in your file system (within your concrete5 installation). And then make sure that the user can write to that folder that is running PHP in your environment. As explained in the concrete5's own documentation (that you linked originally), it depends on your server which user this is.
Usually in shared hosting environments it's the same as the account you use to login there through SSH or FTP. In these cases, the 755 permissions should be enough if your own user owns the tmp folder you just created.
Related
After successfully mounting the directory (ZFS remote storage) from one of the server, I'm getting an "Operation not permitted" error when I try changing the ownership of the directory. I'm using the following command:
To mount the remote directory:
mount -t nfs 10.1.32.33:/dir/temp/tools /home/materials
After mounting the directory, the contents are belongs to nobody:nobody
I want to change ownership so I can run the installer inside the directory.
I'm using the command below to change ownership but it's not working:
chown -R otm:otm materials/
I can always upload the file to the server without using the ZFS storage, however I want to start making a central installer repository so I don't need to upload the files/installers for future server install. I appreciate your help guys.
NFS servers by default do not allow root access to files - root is normally mapped to "nobody".
See "root squash":
Root squash[2][3] is a reduction of the access rights for the remote
superuser (root) when using identity authentication (local user is the
same as remote user). It is primarily a feature of NFS but may be
available on other systems as well.
This problem arises when a remote file system is shared by multiple
users. These users belong to one or multiple groups. In Unix, every
file and folder normally has separate permissions (read, write,
execute) for the owner (normally the creator of the file), for the
group to which the owner belongs, and for the "world" (all other
users). This allows restriction of read and write access only to the
authorized users while in general the NFS server must also be
protected by firewall.
A superuser has more rights than an ordinary user, being able to
change the file ownership, set arbitrary permissions, and access all
protected content. Even users that do need to have root access to
individual workstations may not be authorized for the similar actions
on a shared file system. Root squash reduces rights of the remote
root, making one no longer superuser. On UNIX like systems, root
squash option can be turned on and off in /etc/exports file on a
server side.
After implementing the root squash, the authorized superuser performs
restricted actions after logging into an NFS server directly and not
just by mounting the exported NFS folder.
In general, you DO NOT want to disable root squash unless you REALLY know what you're doing as there are serious security issues you can create if you do that. And since you didn't even know it exists...
(And that mention of /etc/exports is an extremely limited statement that is wrong on many systems - like Solaris.)
I am setting up a multimedia server on Debian 8.
I installed both Plex and Owncloud. I have set up /var/media as my Owncloud default folder. I decided to create a folder Library at the root of Owncloud. So the folder path is:
/var/media/admin/files/Library
I changed the permissions of media with:
chmod 770 -R /var/media
On top of that, all the files in /var/media are owned by www-data:www-data.
In order to make Plex see my medias, I have added the user plex to the group www-data. I would like to create a library watching my /var/media/admin/files/Library folder but I have a problem, Plex doesn't see neither the files or folders in /var/media. Here is a screenshot:
To finish, I have tried to connect on my server via ssh with the plex user, and it sees files and folders inside /var/media.
What am I doing wrong? Maybe it is not a permission issue?
Thanks
Update
If I change the ownership of /var/media to plex:www-data, it works. But I can't understand why it doesn't work for www-data:www-data. So it is well a permissions issue.
If I launch id plex, I have:
uid=107(plex) gid=33(www-data) groups=33(www-data)
Just to remind, here are the permissions of /var/media folder (full permissions for group...):
drwxrwx--- 4 www-data www-data 4096 Oct 30 09:01 media
I assume from your post that Plex, Linux OS, and your media are all contained on the same machine and that there are no separate computing devices being used here as that would mean additional steps are required.
In all likelyhood, plex won't be able to list your files because the mode 777 is required to list files in a directory even if the files themselves are set more restrictively than 777 e.g. 750. From what I can tell, your chmod command has set all the directory permissions to 770 which would break the listing capability. As it happens I've just yesterday written a guide over on Tech-KnowHow that covers this, and within that I have described how to set all your folders to 777 and your files to something else. That way it works with plex (and other systems for that matter). I've essentially chosen the same solutions as you in that I use the group to assign the permissions and make sure the everyone / other mode is set to apply no permissions.
There's a direct link to the article below, you'll need to click on the implementation page and look for the find command under the 'Apply correct modes' heading. I've also included how to keep your ownership consistent through samba which is useful when copying new files across. Let me know how that goes in the comments and I'll help you out where I can while it's still fresh in my mind. Good luck!
https://www.tech-knowhow.com/2016/03/how-to-plex-permissions-linux/
I know it is an old post, but I had the same issue and this was my solution :
After a
sudo service plexmediaserver status
I found the file used to launch the plex service /lib/systemd/system/plexmediaserver.service. This file contains the user and group which are used by plex.
So we can change the line Group=plex by your group.
PS: do not forget to restart the plex service with
sudo service plexmediaserver restart
I need some suggestions about Joomla's files and folders ownership.
I'm working with a Joomla 2.5 website, hosted on a linux-apache server which hasn't suPHP module.
After one year of usage some files are owned by apache-user, and others by the ftp user.
I request to give the ownership of all files to the ftp user, but joomla (the apache user, after all) can't update system, install extensions or upload images.
How can i set the ownership of files?
Thank You
You will either need to talk to your hosting provider to change the file/folder ownership for you (which they should do), else if you are managing the server yourself , then you can do this using the following SSH command:
chgrp -R OWNER FOLDER
-R means recursive so it will also change the ownership for any sub directories and files
OWNER is the name of the server which you will need to add
FOLDER is simply the name of the folder you wish to apply this change to.
As for the command line tool, I like to use Putty
Hope this helps
Our server is running under CentOS 6 and handled over Panel Plesk 10.4.4. Structure of folders and files is created using php script. Then, when accessing through FTP we are unable to modify these folder contents previously created. When accessing it over Apache web user works without exception but not over ftp. Folders and files have 755 and 644 rights respectively. How to enable ftp acces? Thank you
EDIT: problem is that file owner and ftp are not the same but I do not know exactly how and where to attach it.
File and folders owner is psacln (gid 502) and group is apache (gid 503). Ftp users are not the same.
We add a login ftp user (also system one) to the group owner of files and folders "psacln" using usermod -a -G psacln ftpusername. Same procedure with apache group but problem persists.
The problem here would be that you probably run your site in mod_php mode. In this mode scripts are operated under Apache privileges, so all files and directories created are owned by Apache. This way the files cannot be accessed by your FTP user unless you set up 777 or 666 permissions.
I think your options could be
switch to FastCGI mode of PHP. Depending on your Plesk account privileges, you can either do it yourself in Plesk UI or will have to ask hosting provider for that.
This way your script will be operated under user privileges (same as FTP user) and there will be no problems with accessing these files through FTP. Also this option is often considered more secure.
make PHP script setting 777 permissions on your folders and 666 permissions on your files. It means you allow to modify them by everyone (so called "others"). So FTP user can modify these files as well. While this may sound insecure, but practically these files are already can be accessed from any other site on that system (if it is shared hosting server). So I don't think it will be any more insecure than the current status.
Regards
I have not used phing before, but would like to use it to automate my deployment process. Currently I log in under myuser, Apache runs under www-data. All my application code is owned by myuser, but other (cache) files are generated by www-data.
I currently solve this by using sudo to remove these files. I would like to keep the application code owned by myuser, because it's easier to access the files via ssh. I wouldn't like phing to run with super powers, because at this moment I don't trust this automated tool yet.
What is the best practice to use phing with limited file permissions?
I had the same issue. Apache is running as www-data.www.data and files created by the webserver are 644 and directories 755.
I solved it by:
adding the user running phing to the www-data group
adding umask 002 to the /etc/apache2/envvar file, see link
Phing is now able to remove the directories and files created by the apache
As I understand it the problem is that phing can't do anything with the cache files since they were created by your Apache user (www-data) and you are running phing as myuser. It sounds to me like you just need to change the permissions on the cache files so that myuser has full permissions. How to do this will depend on how your application is written, but something along the lines of chmod/chowning'ing the files after creation or creating them with a umask allowing myuser permissions.