[Neos] Neos setfilepermissions

nikos nick at jamalade.com
Fri Jul 4 17:54:27 CEST 2014


Hi Marcin

Thanks again your right re debugging by relaxing access. I am making slow progress going down the Web/_Resources file structure and opening the 
permissions along that path .

I think the problem lies in the way the server is set up. It is using mod_suphp and the php user and group are setup to be the same in this case 
rerootco. Whereas the web server user and group are nobody.

I got a little frustrated as I wasn't sure if using the setfilepermissions was correct as when you run it in the case where it is using chmod or 
setfacl this only appends the permissions (at least chmod seems too on OSX) does. However if it falls through to setting permissions per file it 
actually changes the permissions making it tighter. I have now verified that the tighter setup works fine on OSX with user nick webserver user and 
group _www, so I have confirmed that in practice setfilepermissions gives you a working setup!

I just need to figure out how to get this going on my webserver without world access.

Many thanks again

Nikos

On 04/07/2014 13:50, Marcin Ryzycki wrote:
> Hi nikos,
>
> My suggestion to relax permissions was just to help debug the problem. Once you figured out that it works fine on relaxed permissions, you could start
> tightening them again and see when the problem come back. Neos per se doesn't require any extra permissions - it is like with each application: your
> process need to have access to it to serve it and write access to only a few locations (like /Data/).
>
> You might also want to have a look at your php/web server's logs - you'll find there exact information why and what couldn't be read.
>
> M.
>
>
> nikos wrote:
>> Although I could relax the settings and allow world access, I am not
>> sure if this a good idea with regards to having a secure setup, again i
>> thought that was what setfilepermissions was all about.
>>
>> So given that I have ran setfilepermissions should Neos work with just
>> user and group set as in my original posting asuming correct command
>> line user, webserver & webserver group ? Is this what others are running
>> or have they relaxed the filepermissions? If so is there a problem?



More information about the Neos mailing list