Jump to content

"/site/config.php must be writable" < only works with permissions set to 777


sudodo
 Share

Recommended Posts


777 seems excessive - is there something that I'm missing here?

This is a print out of the /site content;

```
total 28
drwxrwxr-x 6 geot geot 4096 Sep  9 13:30 .
drwxrwxr-x 8 geot geot 4096 Sep  9 13:17 ..
drwxrwxr-x 2 geot geot 4096 Sep  6 10:10 assets
-rwxrwxrwx 1 geot geot 1548 Sep  6 10:10 config.php
drwxrwxr-x 3 geot geot 4096 Sep  6 10:10 install
drwxrwxr-x 2 geot geot 4096 Sep  6 10:10 modules
drwxrwxr-x 5 geot geot 4096 Sep  6 10:10 templates
```

I'm sure that I shouldn't have to have permissions so high, but I'm pretty new
to this.


Here's a shot of the setup that I'm currently going through;


http://imgur.com/a/WkhAX


You can see that the error (for site/config.php) is no longer there with these
permissions, but they still 'feel' wrong.

Thanks
 

Link to comment
Share on other sites

@szabesz thanks - i'm still not sure though. Because the permissions are not related to user or group it's the 'other' it that makes the difference to me. 

 

So If i have permissions set to 

 

chmod 006 config.php

 

It works alright, but this isn't what it should be i think

 

thanks

Link to comment
Share on other sites

8 minutes ago, sudodo said:

chmod 006 config.php

You mean 600, right? If so, that should be considered to be secure. If others than the owner can manage to write files set to 600 [rw-------], then it does not matter too much if it is 400 or 600, I suppose.

Link to comment
Share on other sites

23 minutes ago, szabesz said:

You mean 600, right? If so, that should be considered to be secure. If others than the owner can manage to write files set to 600 [rw-------], then it does not matter too much if it is 400 or 600, I suppose.

No 006 ! :P

I'm not sure why it's working this this though

Link to comment
Share on other sites

2 minutes ago, szabesz said:

I see. So you gave r/w permission to "other", in other words to anybody, so probably that is why it does not complain.

yes - but if i set permissions to 660 it doesn't work 

 

  •  /site/config.php must be writable. Please adjust the server permissions before continuing.
Link to comment
Share on other sites

During the installation process ProcessWire needs write access, however, after you have installed PW, it is time to be more strict, and remove as much permission as you can on the server in question.

http://processwire.com/docs/security/file-permissions/#securing-writable-directories-and-files

"If the installer populates 777 and 666 permissions, this translates to directories and files that are readable and writable to everyone, which is not a good scenario in shared environments. But without knowing more about the hosting environment, they may be the only permissions that we know for certain will enable ProcessWire to run. In either case, please read on for more details. In most cases you can further lock down these permissions with a little more information."

  • Like 3
Link to comment
Share on other sites

Ownership appears to be user geot and group geot.  Apache normally runs under another user account like
 'apache' or 'http'.  If you change ownership of config.php to the apache user, you won't need to use the insecure settings allowing anyone to modify the file.

By the way, using chmod 006 doesn't make a lot of sense, you're saying the owner and group of the file won't have access, only some other user.

 

  • Like 2
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Similar Content

    • By JeevanisM
      Hi,
      I have installed 1 year old project backup into the new latest PW version. I used an earlier backup(taken in August 2020) and installed such as :
      1. I downloaded the latest (ProcessWire 3.0.185 dev © 2021) then extracted into htdocs 2. copy pasted the site-profile from my backup. (this has the files/folders same as other site profiles, classic, beginner etc) 3. I chose my backup site profile and installed 4. I am able to login the admin panel  5. My fronted home page shows error as below  Error: Exception: SQLSTATE[42S22]: Column not found: 1054 Unknown column 'page_path_history.language_id' in 'field list' (in wire/modules/PagePathHistory.module line 752) #0 wire/modules/PagePathHistory.module (752): PDOStatement->execute() #1 wire/core/PagesPathFinder.php (1014): PagePathHistory->getPathInfo('/', Array) #2 wire/core/PagesPathFinder.php (222): PagesPathFinder->getPathHistory('/') #3 wire/core/PagesRequest.php (255): PagesPathFinder->get('/', Array) #4 wire/core/Wire.php (414): PagesRequest->___getPage() #5 wire/core/WireHooks.php (951): Wire->_callMethod('___getPage', Array) #6 wire/core/Wire.php (485): WireHooks->runHooks(Object(PagesRequest), 'getPage', Array) #7 wire/modules/Process/ProcessPageView.module (10 This error message was shown because: you are logged in as a Superuser. Error has been logged.
       
      so I removed the line where its selecting language_id from the file wire/modules/PagePathHistory.module line 752
      But this is an ugly fix, so is there any other proper fix for this issue ? Does any one experience same issue when trying to install from a backup site profile ? 

       

       
       thanks
       
    • By Joachim
      Long time user and huge fan of PW, but this time I can't find an answer to my question this time:
      For my social media buttons, I have a Repeater field called var_link_web with two fields: one is for the URL, and the other is an Images field containing two images that are used as a background-image for a <div>, of which the second is the ':hover' version (although activated through JavaScript here). 
      There are four instances of this Repeater, of which two are 'turned off'.
      I use the following PHP in my _main.php to call them, wrapped in <p><?php == ?></p>:
      $s_m_button = $variables->var_link_web; foreach($s_m_button as $button){ $button_image = $button->var_link_image->first->height(80); $button_image2 = $button->var_link_image->eq(1)->height(80); echo " <a href='$button->var_link_url'> <div class='image_link' style='background-image:url({$button_image->url})' onMouseOver='this.style.backgroundImage=url({$button_image2->url})' onMouseOut='this.style.backgroundImage=url({$button_image->url})'> </div> </a>"; }; ($variables leads to an unpublished page with several fields I want to have easy access to, and is defined in _init.php.)
      However, this gives me the following result:

      I have no idea where the extra <p>'s come from. The URL field has the 'HTML Entity Encoder' turned on. What's even weirder is that the HTML source file seemingly renders correctly:
      <p> <a href='https://www.facebook.com/'> <div class='image_link' style='background-image:url(/site/assets/files/1045/icons-facebook-square.0x80.png)' onMouseOver='this.style.backgroundImage="url(/site/assets/files/1045/icons-facebook-square2.0x80.png)"' onMouseOut='this.style.backgroundImage="url(/site/assets/files/1045/icons-facebook-square.0x80.png)"'> </div> </a> <a href='https://www.instagram.com/'> <div class='image_link' style='background-image:url(/site/assets/files/1046/icons-instagram-square.0x80.png)' onMouseOver='this.style.backgroundImage="url(/site/assets/files/1046/icons-instagram-square2.0x80.png)"' onMouseOut='this.style.backgroundImage="url(/site/assets/files/1046/icons-instagram-square.0x80.png)"'> </div> </a> </p> Removing the JavaScript has no effect. I'm probably missing something obvious, but am at a loss here.
       
      Thank you in advance!
    • By spercy16
      I was hoping to be able to do this entirely in PHP but was having all kind of issues getting it to see my values as numbers instead of strings (got error messages because my PW debugging is currently set to true). I currently have about 10 cards that PW is generating that include thumbnails, descriptions, donation amounts (raised amounts and goal amounts), and donate buttons. What I was trying to do was take the goal amount divide it by the raised amount (using PHP) and simply insert that value into the Progress element's Value attribute. Sounded simple enough but I couldn't get PHP to simply divide those two fields. First I tried dividing the goal value by the raised value and inserting it into the value attribute, like so:
      <? php $raised = $page->get("raisedAmount$count"); $goal = $page->get("goalAmount$count"); $percent = $goalNum / $raisedNum; ?> <progress value="<?php echo $percent; ?>" max="100"></progress> Which gave me this error message:
      Uncaught TypeError: Unsupported operand types: string / string
      Then I tried converting the two strings to integers because apparently PHP couldn't detect they were numbers and do it, like so:
      <?php $raised = $page->get("raisedAmount$count"); $goal = $page->get("goalAmount$count"); $goalNum = (int) $goal; $raisedNum = (int) $raised; if ($raisedNum != 0) : $percent = $goalNum / $raisedNum; else: $percent = 0; endif; ?> <progress value="<?php echo $percent; ?>" max="100"></progress> but all of the progress bars remain at zero percent (not shown), even when I have values in some of the $raised variables.
      Please note, if I add this code:
      <?php echo $percent; ?> below the Progress element, it shows 0 on every single card, so the $percent is never calculated (as per the $percent = $goalNum / $raisedNum;) even though $raisedNum should not equal 0 during that iteration of the loop (the original code includes a loop, which I omitted to keep the code sections above smaller, notice the $count at the end of the $raised and $goal variable declarations). When the loop goes over "raisedAmount1" there is a value in there; however, after typecasting it to an integer ($raisedNum) the value is 0 for someodd reason instead of 40,000, which is what is in the $raisedAmount1 field in Processwire...
      I'm new to relatively new to PHP and Processwire and could really use some help on this one. Thanks in advance for any helpful replies!
    • By Marvin
      Hello, excuse me
      I'm new at processwire, i want to ask about a master detail system (Inheritance system) using a processwire. Can we create a Inheritance table using a processwire, and how we create it? Thank you for the help
    • By Marvin
      Hi,
      I'm still new at processwire, i want to ask, i was create a website with sign in system, but i want to add a access roles/permission for each user at my website. For now, i just can create a login user without any permission and the user data became as a pages in my processwire.
      Here i attach my code for login
      <?php $note = $note2 = $hidden =""; if($input->get->id == "logout") { $session->remove('login_id'); } if($input->post->submit) { $email = $sanitizer->email($input->post->email); $pass = $sanitizer->text($input->post->pass); $result = $pages->find("email=$email, text_1=$pass"); if(!$email || !$pass) { $note = "Data belum lengkap"; } else { if($result->count > 0) { $session->login_id = "$result"; $hidden = "style = 'diplay:none'"; $url=$pages->get("/files/")->httpUrl; header("Location:$url"); die(); } else { $note = "Akun tidak ditemukan"; } } } ?> And this code for login form
      <div class="frow-container"> <div class="frow centered mt-50"> <div class="col-md-1-3"> <div class="box p-40 shadow-light"> <h2 class="mb-20 text-center" <?=$hidden?>>Database Partitur<br>GII HIT</h2> <form method="post" <?=$hidden?>> <label>Username <input type="text" name="email"></label> <label>Password <input type="password" name="pass"></label> <input type="submit" name="submit" value="Masuk"> </form> <p class="notif"><?=$note;?></p> <div class="text-center"><?=$note2;?></div> </div> </div> </div> </div> Just for remember, my user data now is a pages, and i cannot give any permission to user data.
      Thank you very much for help.
×
×
  • Create New...