Jump to content
sluggo

required file and directory permissions

Recommended Posts

Hello all,

 

I am disturbed by what appears to be the required permissions when installing processwire. I am getting this type of error message:

Directory /site/assets/ must be writable. Please adjust the server permissions before continuing.

I changed the perms from 755 to 775 and I don't want to use 777 (I don't even like 775).

% ls -l
total 8
drwxrwxr-x@  3 jtm6  staff    96 Mar 16 10:44 assets

So how do I proceed?

In addition, I am not even sure that I need ProcessWire. I am just trying to get a dev website open and the index.php file errors out. However, the top of this file has this comment:

 * ProcessWire Bootstrap

I am attaching the index.php file.


Anyway, thanks for your time

downloaded-index.php

Share this post


Link to post
Share on other sites

Hello and welcome to the forums! I personally get by using 755 on my local dev environments as well live installs. If you have not looked at it already, I would take a look at the following concerning permissions:

http://processwire.com/docs/security/file-permissions/

As for the comment "* ProcessWire Bootstrap", this enables ProcessWire's API to be used in other php scripts not already stored inside of ProcessWire's file structure. A good read can be found here:

https://processwire.com/api/include/

 

Share this post


Link to post
Share on other sites
2 hours ago, sluggo said:

I am disturbed by what appears to be the required permissions when installing processwire. I am getting this type of error message:

Directory /site/assets/ must be writable. Please adjust the server permissions before continuing.

I changed the perms from 755 to 775 and I don't want to use 777 (I don't even like 775).

ProcessWire shouldn't need 777 at all. You just need to make sure that the web server can write in site/assets, since this is where all dynamically changing data (caches, files, logs) is stored. You probably just need to give ownership to www-data (or whatever the webserver runs as) and can switch to 0750. If you're worried about security: the .htaccess file is quit strict in limiting access there.

 

  • Like 2

Share this post


Link to post
Share on other sites
1 hour ago, BitPoet said:

ProcessWire shouldn't need 777 at all. You just need to make sure that the web server can write in site/assets, since this is where all dynamically changing data (caches, files, logs) is stored. You probably just need to give ownership to www-data (or whatever the webserver runs as) and can switch to 0750. If you're worried about security: the .htaccess file is quit strict in limiting access there.

 

Thank you. I guess the solution was obvious:

sudo chown www assets

actually I used

sudo chown -R www site

Share this post


Link to post
Share on other sites

Is there an overview/cheatsheet anywhere with recommended permissions for each folder and file?

I know permissions are set at installation, but I probably messed things up a bit in a server upgrade or PHP 7.3 has different requirements. I now keep running into permission issues.

Share this post


Link to post
Share on other sites

Thanks wbmnfktr, I had seen that one. That page gives a lot of general, very useful background info on the how and why of permissions, but I was looking for a quick overview/cheatsheet with recommended settings for each processwire directory/file.

Share this post


Link to post
Share on other sites

I looked up what is set here...

folders: 755
files: 644 (config.php 400)

Maybe that's too general as well but it seems as those are the only settings - at least I can't find only those permissions here. It matches the details written here: https://processwire.com/docs/security/file-permissions/#permission-755-for-directories-and-644-for-files - so I'm fine with that for now.

Whenever I have the feeling I messed to much with those permissions I create a site profile, install it totally fresh and start from there. Doesn't happen that often but it happened.

 

What problems are you facing right now and what errors/warnings show up? Maybe it's something totally different.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By snck
      Hey,
      I want my editors to be able to use the page lister, especially the bookmarks. I added the page-lister permission to the editor role, but Page lister ("Find" menu item) does not show. Is there anything else I have to do? Links to bookmarks work for the editors, but I would be glad to show them the menu item as well.
      Maybe this has something to do with the long history of the site (started with ProcessWire 2.4 and upgraded to 3.0.148 over the years)?
      Thanks,
      Flo 
    • By snck
      Hello,
      for a project I have pages with different “content areas“ that can be edited only by specific user roles. In the past I setup a fieldset (tab) containing all the fields that should be available to only one specific group of users and set the fields' view and edit permissions (in the Access tab) accordingly. The result was as expected: Users assigned to the specific role could see the tab, click on it, edit content, users without the role could not see the tab. After updating this installation to 3.0.148 yesterday I wanted to setup another tab following the same principle, but I have no "Access" tab for the fieldset to limit access to the specific role. I even tried cloning an existing (and still working) fieldset. The existing fieldset has some template overrides (screenshot attached) that lead to the desired behaviour, but I am not able to reproduce these settings because there is not "Access" tab for my fieldset in template context either.
      Is this a bug in 3.0.148? Has the fieldset fieldtype changed? Am I missing anything here?
      I am glad to hear from you guys.
      Cheers,
      Flo

    • By fruid
      Hi,
      this is the first time I'm using ProcessWire.
      I thought I get how fields, template and pages work, but when I create a template in the CMS, it doesn't generate any file in site/templates/
      Then I thought I might need to create a blank file myself manually on the FTP (which already seems odd to me).
      Once I did that, I tried to add fields to the template but again, doesn't write to the php file.
      When I create a new page and apply said template to it, the page stay blank.
      AFAIK the mod_rewrite of the apache is on and I went for the worst case scenario described here https://processwire.com/docs/security/file-permissions/ and set all file-permissions for future files to 0666 and folders to 0777 in the config.php
      What am I not getting and what am I doing wrong?
      Help is appreciated, stay save everybody,
      Fred
    • By MarkE
      Having just wasted the best part of a day debugging an access issue because I hadn't realised that page-edit-created negated any related page-edit permissions, could I suggest that a note to this effect is included in the default title. I have amended the title on my system to read:
      Edit only pages user has created (IMPORTANT: This will negate any related page-edit permission - including permissions granted to a user by other roles) ..although it may be possible to make it briefer while not losing clarity and impact.
    • By lenoir
      Is it possible to let people edit a page without having to have a user-role?
      My case is the following:
      Visitors fill in a form (Formbuilder) which is saved to pages. They get a confirmation email which could contain a unique editing link. In case they need to update some information, they can click on this link, edit the fields and save. 
      Am I totally off? Is there a better practice? 
×
×
  • Create New...