Drupal Folder and File Permissions - drupal

I'm having a craptastic time trying to figure out how I should configure my Drupal folders and files. I've search all over drupal.org but keep coming up with dribble about the www-data needing access to the "sites" and the "files" folder and how "settings.php" needs some awesome permissions.
But what I need is a list like this:
/ = 744 or drwxr-r--
/includes/ = ...
/misc/ = ...
/modules/ = ...
/profiles/ = ...
/scripts/ = ...
/sites/ = ...
/sites/all/ = ...
/sites/default/ = ...
/sites/default/settings.php = 444?
/sites/default/files/ = ...
I don't think I need someone to catalog every single file, folder, and permission settings for me. I'm guessing that I can just set the root folder permissions to "apply to enclosed items" and then fix the few folders and files that need special settings.
I would really appreciate any contributions that can lead me back to sanity! :)
Scott

default install on my local machine has
-rw-r--r-- all php files
drwxr-xr-x directories
drwxrwxr-x files folder
-r--r--r-- settings.php file

I am quite late for the reply,but I ran into this problem and found a way out.
From Drupal's official handbook:
Copy this into a file and name it as "fix-permissions.sh"
#!/bin/bash
if [ $(id -u) != 0 ]; then
printf "This script must be run as root.\n"
exit 1
fi
drupal_path=${1%/}
drupal_user=${2}
httpd_group="${3:-www-data}"
# Help menu
print_help() {
cat <<-HELP
This script is used to fix permissions of a Drupal installation
you need to provide the following arguments:
1) Path to your Drupal installation.
2) Username of the user that you want to give files/directories ownership.
3) HTTPD group name (defaults to www-data for Apache).
Usage: (sudo) bash ${0##*/} --drupal_path=PATH --drupal_user=USER --httpd_group=GROUP
Example: (sudo) bash ${0##*/} --drupal_path=/usr/local/apache2/htdocs --drupal_user=john --httpd_group=www-data
HELP
exit 0
}
# Parse Command Line Arguments
while [ $# -gt 0 ]; do
case "$1" in
--drupal_path=*)
drupal_path="${1#*=}"
;;
--drupal_user=*)
drupal_user="${1#*=}"
;;
--httpd_group=*)
httpd_group="${1#*=}"
;;
--help) print_help;;
*)
printf "Invalid argument, run --help for valid arguments.\n";
exit 1
esac
shift
done
if [ -z "${drupal_path}" ] || [ ! -d "${drupal_path}/sites" ] || [ ! -f "${drupal_path}/core/modules/system/system.module" ] && [ ! -f "${drupal_path}/modules/system/system.module" ]; then
printf "Please provide a valid Drupal path.\n"
print_help
exit 1
fi
if [ -z "${drupal_user}" ] || [ $(id -un ${drupal_user} 2> /dev/null) != "${drupal_user}" ]; then
printf "Please provide a valid user.\n"
print_help
exit 1
fi
cd $drupal_path
printf "Changing ownership of all contents of "${drupal_path}":\n user => "${drupal_user}" \t group => "${httpd_group}"\n"
chown -R ${drupal_user}:${httpd_group} .
printf "Changing permissions of all directories inside "${drupal_path}" to "rwxr-x---"...\n"
find . -type d -exec chmod u=rwx,g=rx,o= '{}' \;
printf "Changing permissions of all files inside "${drupal_path}" to "rw-r-----"...\n"
find . -type f -exec chmod u=rw,g=r,o= '{}' \;
printf "Changing permissions of "files" directories in "${drupal_path}/sites" to "rwxrwx---"...\n"
cd sites
find . -type d -name files -exec chmod ug=rwx,o= '{}' \;
printf "Changing permissions of all files inside all "files" directories in "${drupal_path}/sites" to "rw-rw----"...\n"
printf "Changing permissions of all directories inside all "files" directories in "${drupal_path}/sites" to "rwxrwx---"...\n"
for x in ./*/files; do
find ${x} -type d -exec chmod ug=rwx,o= '{}' \;
find ${x} -type f -exec chmod ug=rw,o= '{}' \;
done
echo "Done settings proper permissions on files and directories"
Now run this script as:
sudo bash fix-permissions.sh --drupal_path=your/drupal/path --drupal_user=your_user_name
Viola! Your permissions are automatically fixed.

A) It is not advisable to give any form of access to the world, even if it is just read access.
B) To give the owner of the file just a read access leads to complicated maintenance process (eg: most recommended, that Settings.php should be readonly to all), this will only increase your tasks whenever you want to modify the settings.
In nutshell:
- World need 0 access - not even to public folder.
- Your web server needs read only access for all files, except the public folder and tmp folder - these will be both read and write.
- Your file owner needs full access to all files - to keep maintenance simple
This however, will work best when file owner and webserver owner are 2 separate users, and you have ssh control over server and are able to modify the file ownership.
The below script will work when you have following directory structure:
Site Folder
Site Folder/conf (containing apache virtual host configuration files for this site)
Site Folder/htdocs (containing the site)
In this scenario: kalpesh is the file owner and daemon is the webservice owner - it may be www-data for your site.
I normally save such script in a .sh file and then add it to cron, so that whenever my team members upload new content on the site or update a module, the sites permission doesn't get compromised by their mistakes. Cron will execute the scripts and repair permissions every 24 hours.
cd ToSiteFolder
sudo chown kalpesh:daemon .
sudo chmod 750 .
sudo chown -R kalpesh_popat:daemon ./conf
sudo find ./conf -type d -exec chmod 750 {} +
sudo find ./conf -type f -exec chmod 640 {} +
sudo chown -R kalpesh_popat:daemon ./htdocs
sudo find ./htdocs -type d -exec chmod 750 {} +
sudo find ./htdocs -type f -exec chmod 640 {} +
sudo find ./htdocs/sites/default/files -type d -exec chmod 770 {} +
sudo find ./htdocs/sites/default/files -type f -exec chmod 660 {} +
sudo find ./htdocs/tmp -type d -exec chmod 770 {} +
sudo chmod 640 ./htdocs/sites/default/settings.php
sudo chmod 750 ./htdocs/sites/default
There is a blog that explains this beautifully and breaks many myths. https://technologymythbuster.blogspot.com/2018/06/misconception-about-file-ownerships-and.html

Related

An error occured in the upload. Please try again later

enter image description hereHow to fix these errors when I'm trying to upload an image.
provide me s solution of this problem
You've got permission errors on your web server. Navigate to your webroot in terminal and change the folder and file permissions
find . -type d -exec chmod 755 {} \;
find . -type f -exec chmod 644 {} \;
Then make sure apache owns the wp-content folder: (Substitute your apache user. Its most often "apache" or "www-data")
chown <apache-user>:<apache-user> wp-content

AWS EC2 Ubuntu File permissions issue

I'm running a EC2 instance with:
Ubuntu 14.04.5 LTS (GNU/Linux 3.13.0-119-generic x86_64)
Bitnami LAMP 5.6.30-5
My problem
I have a Wordpress site that isn't working very well on the backend, so I decided to update and I get an error "Can not create the directory..." when updating. So I did a research and it's related to file permissions. So I get to this conclusion:
I having the following issues with the file permissions:
Can't write files from server
I used is_writable() (PHP) to detect if server can edit and it returns false.
Can edit files from Filezilla
I login to the server with the "bitnami" user and everything works good.
I tried
sudo chown -R bitnami:www-data htdocs/
I added the default user "bitnami" to the www-data group and changed the /htdocs owner.
And, yes the user is in the www-data group.
find htdocs/ -type d -exec sudo chmod 2775 {} +
Changed directory permissions
find /var/www -type f -exec sudo chmod 0664 {} +
Changed the files permissions
How to solve this?
I tried all that and also giving the owner to root:root, www-data:www-data and bitnami:bitnami.
If someone knows the original user and group owner of the /htdocs folder I could try a test, but I forgot.
I would appreciate if anyone can help me to solve this. I just want to be able to write/edit files from server side.
Many thanks.
I solved this by doing the following:
Set htdocs owner to bitnami:bitnami
sudo chown -R bitnami:bitnami htdocs/
Inside /htdocs, changed file and directories owner to bitnami:daemon
sudo chown -R bitnami:daemon
Changed files and directories permissions
sudo find * -type d -print0 | xargs -0 chmod 0755 # for directories
sudo find . -type f -print0 | xargs -0 chmod 0644 # for files
Changed wp-content directories permissions to 775
sudo find wp-content/ -type d -exec chmod 0775 {} \;
And with that now I'm able to edit and upload via FTP and in the WP admin dashboard.

CSS is not working after installation in Magento 2

I have Installed Magento 2.
Everything completed successfully but the CSS is not loading.
I tried these commands
php bin/magento cache:flush
php bin/magento indexer:reindex
php bin/magento setup:static-content:deploy
Please, before doing anything go to magento2 basedir and do:
nano vendor/magento/framework/Filesystem/DriverInterface.php
and change
const WRITEABLE_DIRECTORY_MODE = 0770;
from 0770 to 0775
and
const WRITEABLE_FILE_MODE = 0660;
from 0660 to 0644
The above set 0775 for folders and 0644 for files on generated/cached entities
Then change whole magento2 filesystem to the same permissions
find . -type d -exec chmod 775 {} \; && find . -type f -exec chmod 644 {} \; && chmod u+x bin/magento
Important,
you should execute bin/magento as a common user, and not as root. So if you are in bin/ folder you may use for example:
sudo -u youasuser php -d memory_limit=512M magento setup:upgrade
You need memory_limit=512 as some callings like setup:di:compile needs more memory.
Please check mod_rewrite is enabled on your web server.
First create a magento_user: adduser <username> and give user a password passwd <username> (May have to use sudo, if not already root)
Find your web server group: ps aux | grep apache Typically www-data
Add new user to this group: usermod -g www-data <username>
groups <username> should show the groups that username belongs to.
Restart webserver, so permissions can take effect service apache2 restart
Set ownerships of files in Magento root. chown -R :<your web server group name> .
Finally set permissions find . -type d -exec chmod 770 {} \; && find . -type f -exec chmod 660 {} \; && chmod u+x bin/magento
Reference: Set file system ownership and permissions and Create the Magento file system owner
You should Provide Some permissions
run this command
sudo find . -type d -exec chmod -R 777 {} \;
&& sudo find . -type f -exec chmod -R 777 {} \;
&& sudo chmod u+x bin/magento

UNIX: find the files used by other users

UNIX:
How to find the number of users who have a given file in their home directory??
As in how can we access the files being used by other users.the command required for that.
I tried find command and all extensions of who
Assuming all the users' home directories are under /home and your're trying to find all users that have a file foo.txt, you can use this find command:
find /home -name "foo.txt" -exec bash -c "IFS=/ && read -a arr <<< {} && echo ${arr[2]}" \;
Assuming you have root privilege and assuming foo.txt is in the home directory, not a subdirectory thereof:
sudo find /home -maxdepth 2 -name "foo.txt" | wc -l
will give you the user count and
sudo find /home -maxdepth 2 -name "foo.txt" -printf "%u\n"
will give you a list of their names (assuming each foo.txt is owned by the owner of the home directory it is found in).

What permissions should a wordpress installation have to be secure but functional?

I've already read http://codex.wordpress.org/Hardening_WordPress but I can't get my head around it. What are the permissions that shall be set and by who shall it be owned by? Right now I have set as the result of the following commands:
# reset to safe defaults
find /usr/share/wordpress -exec chown www-data:www-data {} \;
find /usr/share/wordpress -type d -exec chmod 755 {} \;
find /usr/share/wordpress -type f -exec chmod 644 {} \;
# allow wordpress to manage wp-config.php (but prevent world access)
chgrp www-data /usr/share/wordpress/wp-config.php
chmod 660 /usr/share/wordpress/wp-config.php
# allow wordpress to manage .htaccess
chgrp www-data /usr/share/wordpress/.htaccess
chmod 664 /usr/share/wordpress/.htaccess
# allow wordpress to manage wp-content
find /usr/share/wordpress/wp-content -exec chgrp www-data {} \;
find /usr/share/wordpress/wp-content -type d -exec chmod 775 {} \;
find /usr/share/wordpress/wp-content -type f -exec chmod 664 {} \;
After this configuration the installation is unusable. Any tips?
Here's a quick recap of how I manage permissions on my servers:
Anybody can read files and directories
Nobody can write anything outside of the /wp-content/uploads directory
PHP scripts can not be executed inside the /wp-content/uploads directory
PHP scripts can not be executed directly in /wp-includes and /wp-content
So it doesn't matter who owns the .php files, as long as the apache user can read them. Allowing the apache user to modify these files is a risk, even .htaccess. The downside of all of this is that you'll need to provide WordPress with FTP credentials to do things like install or delete a plugin, update a theme or core, etc. That's something I can live with.

Resources