[Neos] Neos setfilepermissions

nikos nick at jamalade.com
Thu Jul 3 20:26:24 CEST 2014 

Hi Marcin

Thanks for your reply. I am pretty sure that my (local) webserver user is running under user nick and group _www and that the PHP user group would be 
the same as the webserver (apache) or commandline user, right? On my host all three are one and the same that is rerootco.

As to guessing the permissions I am just going by the Neos and Flow documentation on how to set up proper file permissions once you establish, 
commandline, webserver user & group ie. running the set file permissions script.

Although I could relax the settings and allow world access, I am not sure if this a good idea with regards to having a secure setup, again i thought 
that was what setfilepermissions was all about.

So given that I have ran setfilepermissions should Neos work with just user and group set as in my original posting asuming correct command line user, 
webserver  & webserver group ? Is this what others are running or have they relaxed the filepermissions? If so is there a problem?

many thanks

nikos



On 03/07/2014 18:31, Marcin Ryzycki wrote:
> Nikos,
>
> Seems like you're guessing a bit what the permission might be instead of understand what they should be ;-)
>
> First figure out what is the webserver user/group, then figure out what's the PHP user/group (if you're running PHP-FPM). Your current setup is
> correct *only if* your webserver and PHP processes are running as _www group (not user).
>
> You might also start with higher than needed permissions and then lower them as you figure out your setup.
> chmod 775 $(find /path/to/neos/root -type d)
> chmod 664 $(find /path/to/neos/root -type f)
>
> M.
>
>
> nikos wrote:
>> Hi all
>>
>> I have recently moved from a shared host without shell access to a cloud
>> server where I have full shell access !!!
>>
>> I first tarballed my existing neos website from the shared host and got
>> it running ok on the cloud server.
>>
>> Now I have installed composer and want to run installs from it so that I
>> can test new features in a dev area upgrade my mains site directly.
>> Getting composer and installing Neos 1.1 has been no problem but I have
>> been unable to get going using the usual set setup. I get "Forbidden 403"
>>
>> So I run "sudo ./flow core:setfilepermissions rerootco rerootco
>> rerootco" (which I had forgotten to, btw command line, webuser and group
>> are the same on the server). I noticed that neither chmod or setfacl
>> worked for setting ACL's and it dropped through to setting individual
>> files. After completion I still could not run setup. I have spent time
>> with my hosts who think that the setfacl should work and pointed out
>> that the chmod is for Mac OSX.
>>
>> My dev box, a non hosted box, is a Mac so I thought I'd run the same
>> file permissions as were run on the server ie. where chown and chmod are
>> set on individual files ie. if ACLS don't work and setfacl doesn't work
>> in the typo3.Flow/Scripts/setfilepermissions.sh
>>
>> This gave me exactly the same permission on my Mac OSX dev machine as on
>> the server and also has shut me out from my localy hosted website with
>> "Forbidden 403"!!!
>>
>> Even when I re-run the scripts running the first part of the script ie.
>> set acl's using chmod I still get the same permissions. It seems to me
>> that the only reason my site was working is because of pre-existing
>> acl's from the composer/git repository which include world rights. Now I
>> have no world rights/access and things don't work. This is what my
>> permissions look like, this is the same as the server:
>>
>> drwxrws--- 17 nick _www 578 27 May 11:16 .
>> drwxr-xr-x 38 nick _www 1292 27 May 11:08 ..
>> -rw-rw---- 1 nick _www 374 27 May 11:09 .gitignore
>> drwxrws--- 9 nick _www 306 27 May 11:26 Build
>> drwxrws---+ 10 nick _www 340 27 May 11:36 Configuration
>> drwxrws---+ 5 nick _www 170 27 May 11:36 Data
>> drwxrws---+ 6 nick _www 204 27 May 11:16 Packages
>> -rw-rw---- 1 nick _www 742 2 Jul 11:11 Readme.txt
>> drwxrws--- 3 nick _www 102 27 May 11:09 Tests
>> -rw-rw---- 1 nick _www 5408 2 Jul 11:11 Upgrading.txt
>> drwxrws--- 6 nick _www 204 27 May 11:35 Web
>> drwxrws--- 5 nick _www 170 2 Jul 11:11 bin
>> -rw-rw---- 1 nick _www 1455 27 May 11:09 build.xml
>> -rw-rw---- 1 nick _www 1255 2 Jul 11:08 composer.json
>> -rw-rw---- 1 nick _www 73292 2 Jul 11:11 composer.lock
>> -rwxrwx--- 1 nick _www 828 27 May 11:16 flow
>> -rw-rw---- 1 nick _www 270 27 May 11:16 flow.bat
>>
>>
>> I am now somewhat at a loss as to what permissions that I should have as
>> I have used the script and this is what I am left with. Any help welcome!!
>>
>> Also my hosts pointed out that is strange that setfacl is not working as
>> they think it should, the server is running CentOS 6.5.
>>
>> Thanks in advance
>>
>> Nikos
>>
>>

More information about the Neos mailing list