[TYPO3-english] Correct file permissions for Typo3

bernd wilke t3ng at pi-phi.tk
Thu Apr 15 18:57:00 CEST 2010


Am Thu, 15 Apr 2010 15:00:50 +0200 schrieb Manfred Palmer:

> Hello all,
> 
> I am trying to install and configure Typo3 4.3.2 and ran into a few
> problems related to file and folder permissions..
> 
> I've already set up another installation recently, but I began getting
> internal server errors and 404's when trying to access certain backend
> areas, so I decided it would be safer to start over.
> 
> To avoid the same problem happening again this time, I am trying to make
> sure that I am defining the correct parameters required by Typo3 and its
> extensions..
> 
> Here are the steps I've taken:
> 
> 1) I've uploaded and extracted the 'typo3_src+dummy-4.3.2' package
> through my webhost's control panel to the server. By default, the
> control panel's file manager automatically set permissions for all
> folders to "755", and "644" for all files.
> 
> 2) Based on suggestions here on these mailing lists and some online
> tutorials, I modified the permissions of...
> 
> /typo3temp
> /typo3/temp
> /typo3conf
> localconf.php
> 
> ..and changed them to "775".
> 
> (all remaining files are still at their default setting "644")

I think this might make problems. as where a 775 for directries is needed 
the files with 644 behave like the directory with 755.


> Are those steps sufficient? I am wondering a bit about all the .php and
> image files, included with Typo3 - Don't they need to be "executable" as
> well? The setting "644" would mean those files would have only 'read'
> and 'write' permissions, but they wouldn't be 'executable'. *ponders*

sufficient depends on your configuration
 
> Apart from that, are any specific group and user ownerships required? I
> noticed some people recommending to change the ownerships to "www-data",
> "apache", or something similar. Now I don't have root access and won't
> be able to do that, but I suppose I could change the user or group ID
> through a regular ftp program, if need be. My group is called "571"
> apparently, so far I don't think any files or folders have that flag set
> or activated.

the problem can occur if differnt (unix-)user create and access files and 
directories.
these different users can be:
+ apache-user (that user, the apache-process is running from. this 
includes normaly the php-scripts - and files and directories created ansd 
accessed by the php-scripts)
+ ftp-user   \   these user(s) can have access to the webserver-space and
+ ssh-user    >  create/ modify files and dirs in conflict with the apache
+ shell-user /   user (php-scripts) (normaly these three (or more
                 access-accounts can be the same user

a good configuration (especially on a shared server with different users 
on one disk-partition with their own space) could be an apache-user which 
shares a group with each 'webspace'-user
a bad way would be to have each webspace-user share the group of apache, 
as then each webspace-user has access to other webspace-user's data.

if you just have two users (apache and shell/ftp-user), as in todays 
ususal webspace configurations, the shared group can be anyone. there 
must be a common group to have full access for each other. if there are 
no further users at all you may share access 'worldwide' (for the world 
of this server) for everyone (777 and 666)

important is the filemask (umask) to create files by default with correct 
settings. This can be done in TYPO3 in install-tool (localconf.php)

for an easy installation and setting of filepermissions you may use:
http://www.pi-phi.de/expand.html?L=1

bernd
-- 
http://www.pi-phi.de/cheatsheet.html


More information about the TYPO3-english mailing list