Concrete5 and permissions - why do files have to be 777?1 user found helpful
On our Linux server, we often find we have to change permissions on config, files and themes to 777 for things to work properly.
I don't know much about permissions but do know that you want to avoid 777 if possible.
Is this an issue with our host or is that c5 requires?
Anyways, here is the perfect setup...
Let's assume that your ftp account username is ben, and your webserver runs as apache. From a shell, cd to your root concrete directory (in my case httpdocs, could be www or public_html etc.)
Run the following commands:
chown -R ben.apache ./
chmod -R ug+rwX config files updates packages
(themes folder shouldn't be necessary with this, but you can add it if it is)
Now I'll explain...
chown changes both the owner and the group on a set of files / directories.
-R means recursive, i.e. not just the current directory, but the current directory and all subdirectories.
ben.apache sets the owner to ben and the group to apache. If either your owner or group names contain a period, you can substitute the period in that statement for a colon.
./ means start at the current directory.
chmod changes the permissions for the user (u) group (g) and other (o).
+ means to add permissions. You can remove a permission using a -
rwX means add read and write to all files and directories and execute just to directories.
A lower case x adds execute to files and directories. An upper case X is directories only.
You need execute on directories in order to open them, which is why people often end up using 7 (which includes execute) on things, when actually, they only wanted it on the directory, not the files. NO FILE IN A NORMAL C5 SITE NEEDS EXECUTE PERMISSIONS (with the exception of the one for version comparison, I forget which one...)
That was the short version!
Here is the REALLY short version.
Your webserver needs read permissions on all files, plus execute on all directories, plus write on config, files, packages and updates.
If you want any more explanation, or if you just want me to set it up for you, pm me :)
When I run:
$ chown -R root.apache ./
I receive an error: chown invalid user: 'root.apache'
Is this because I connect via SFTP and use my ssh login to do so maybe? Sorry, I have limited terminal experience but I am learning!
Any pointers in the right direction would be much appreciated.
chown -R root:apache ./
unless you have changed directory to your webroot first
IMHO, it's safer to "spell out" your directory path like:
chown -R root:apache /var/www/html
Just my little trick to keep me from messing up real bad :)
Are you sure apache runs as the user "apache"? I have seen some installations use the user "http" or "httpd".
My terminal/linux server experience is limited so I'm not sure what user apache runs under sorry - I just took your commands and changed the user to root.
All I know is that we use root for SSH, SFTP and MySQL.
I'll ask my host what user apache runs as.
# # If you wish httpd to run as a different user or group, you must run # httpd as root initially and it will switch. # # User/Group: The name (or #number) of the user/group to run httpd as. # . On SCO (ODT 3) use "User nouser" and "Group nogroup". # . On HPUX you may not be able to use shared memory as nobody, and the # suggested workaround is to create a user www and use that user. # NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET) # when the value of (unsigned)Group is above 60000; # don't use Group #-1 on these systems! # User apache Group apache
Our host uses Debian Lunix which we've noticed is a bit different from other Linux hosts we've used in the past.
Also, incase it makes a difference, the host is using apache2
I did find an httpd.conf file inside /etc/apache2/ but it's empty
why is httpd.conf empty?
"The Debian and hence Ubuntu apache2 used apache2.cond, not httpd.conf."