Concrete5 and permissions - why do files have to be 777?

Permalink 1 user found helpful
Hi There,

On our Linux server, we often find we have to change permissions on config, files and themes to 777 for things to work properly.

I don't know much about permissions but do know that you want to avoid 777 if possible.

Is this an issue with our host or is that c5 requires?



View Replies:
jbx replied on at Permalink Reply
ok - this is quite a long discussion to explain properly - maybe I'll write a howto about it sometime...

Anyways, here is the perfect setup...
Let's assume that your ftp account username is ben, and your webserver runs as apache. From a shell, cd to your root concrete directory (in my case httpdocs, could be www or public_html etc.)
Run the following commands:
chown -R ben.apache ./
chmod -R ug+rwX config files updates packages
(themes folder shouldn't be necessary with this, but you can add it if it is)

Now I'll explain...
chown changes both the owner and the group on a set of files / directories.
-R means recursive, i.e. not just the current directory, but the current directory and all subdirectories.
ben.apache sets the owner to ben and the group to apache. If either your owner or group names contain a period, you can substitute the period in that statement for a colon.
./ means start at the current directory.
chmod changes the permissions for the user (u) group (g) and other (o).
+ means to add permissions. You can remove a permission using a -
rwX means add read and write to all files and directories and execute just to directories.

A lower case x adds execute to files and directories. An upper case X is directories only.

You need execute on directories in order to open them, which is why people often end up using 7 (which includes execute) on things, when actually, they only wanted it on the directory, not the files. NO FILE IN A NORMAL C5 SITE NEEDS EXECUTE PERMISSIONS (with the exception of the one for version comparison, I forget which one...)

That was the short version!

Here is the REALLY short version.
Your webserver needs read permissions on all files, plus execute on all directories, plus write on config, files, packages and updates.

If you want any more explanation, or if you just want me to set it up for you, pm me :)

cmscss replied on at Permalink Reply
Thanks for that answer Jon - Just a few questions:

When I run:
$ chown -R root.apache ./

I receive an error: chown invalid user: 'root.apache'

Is this because I connect via SFTP and use my ssh login to do so maybe? Sorry, I have limited terminal experience but I am learning!

Any pointers in the right direction would be much appreciated.


Mnkras replied on at Permalink Reply
Its an invalid user, is your ssh login username root?
cmscss replied on at Permalink Reply
nteaviation replied on at Permalink Reply
Try using a ":" (colon) instead of a "." (period). Also, I don't think you want to run the command
chown -R root:apache ./

unless you have changed directory to your webroot first
cd /var/www/html

IMHO, it's safer to "spell out" your directory path like:
chown -R root:apache /var/www/html

Just my little trick to keep me from messing up real bad :)
nteaviation replied on at Permalink Reply
Retract the ":" colon part of the previous post. I just tested it on one my linux boxes and it works with either a ":" or a "."
Are you sure apache runs as the user "apache"? I have seen some installations use the user "http" or "httpd".
cmscss replied on at Permalink Reply
Hey matey,

My terminal/linux server experience is limited so I'm not sure what user apache runs under sorry - I just took your commands and changed the user to root.

All I know is that we use root for SSH, SFTP and MySQL.

I'll ask my host what user apache runs as.


nteaviation replied on at Permalink Reply
If you look in your apache config file (something like /etc/httpd/conf/httpd.conf for a CentOS OS), look at this section:
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
# User/Group: The name (or #number) of the user/group to run httpd as.
#  . On SCO (ODT 3) use "User nouser" and "Group nogroup".
#  . On HPUX you may not be able to use shared memory as nobody, and the
#    suggested workaround is to create a user www and use that user.
#  NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET)
#  when the value of (unsigned)Group is above 60000;
#  don't use Group #-1 on these systems!
User apache
Group apache
cmscss replied on at Permalink Reply
Hmm, I don't have an /httpd directory in my /etc directory.

Our host uses Debian Lunix which we've noticed is a bit different from other Linux hosts we've used in the past.

Also, incase it makes a difference, the host is using apache2

I did find an httpd.conf file inside /etc/apache2/ but it's empty
nteaviation replied on at Permalink Reply
Debian does things funny. I use CentOS and Fedora so I am definitely no expert. I did find this:
why is httpd.conf empty?
nteaviation replied on at Permalink Reply
I found this also:
"The Debian and hence Ubuntu apache2 used apache2.cond, not httpd.conf."