Results 1 to 6 of 6

Thread: Read, write, execute to everyone on every Sugar file?

  1. 2007-03-01, 05:48 AM #1
    jmugauri
    jmugauri is offline Sugar Community Member
    Join Date
    Feb 2007
    Location
    Lusaka, Zambia
    Posts
    29

    Unhappy Read, write, execute to everyone on every Sugar file?

    Been trying to use the upgrade function in SugarCRM, and it's list of files with bad permissions contains pretty much every file in the Sugar directory which is not already chmod 777 after installing application and various modules.

    Is this right? What are the security implications on an apache server?
    Reply With Quote Reply With Quote
  2. 2007-03-01, 08:42 AM #2
    sanjaykatiyar1's Avatar
    sanjaykatiyar1
    sanjaykatiyar1 is offline Sugar Community Member
    Send a message via Yahoo to sanjaykatiyar1
    Join Date
    Feb 2006
    Location
    Bangalore
    Posts
    600

    Default Re: Read, write, execute to everyone on every Sugar file?

    Instead of given 777 to each file and directories just change the ownership of sugar folder to
    apache (or webserver user)
    Sanjay Katiyar
    iPhone and Android solutions http://www.apptility.com
    Reply With Quote Reply With Quote
  3. 2007-03-01, 12:54 PM #3
    jmugauri
    jmugauri is offline Sugar Community Member
    Join Date
    Feb 2007
    Location
    Lusaka, Zambia
    Posts
    29

    Default Re: Read, write, execute to everyone on every Sugar file?

    Done that, which is an excellent idea..

    But the upgrade wizard still won't proceed past the checks, because it's finding files with bad permissions.. Can't we just put a check condition here which only does the file permission check AFTER verifying that apache is not the owner of the files (and hence Sugar will have no access to them)?
    Reply With Quote Reply With Quote
  4. 2007-03-01, 01:18 PM #4
    chrisky
    chrisky is offline Sugar Community Member
    Join Date
    Aug 2006
    Location
    Trondheim, Norway
    Posts
    293

    Default Re: Read, write, execute to everyone on every Sugar file?

    Quote Originally Posted by jmugauri
    Done that, which is an excellent idea..

    But the upgrade wizard still won't proceed past the checks, because it's finding files with bad permissions.. Can't we just put a check condition here which only does the file permission check AFTER verifying that apache is not the owner of the files (and hence Sugar will have no access to them)?
    Spectacular idea! And you sure can add such condition, and it'll probably work beautifully in preventing further permissions issues..
    Reply With Quote Reply With Quote
  5. 2007-03-01, 01:51 PM #5
    andydreisch's Avatar
    andydreisch
    andydreisch is offline Sugar Team Member
    Send a message via AIM to andydreisch Send a message via Yahoo to andydreisch
    Join Date
    Apr 2005
    Location
    San Jose
    Posts
    2,080

    Default Re: Read, write, execute to everyone on every Sugar file?

    jmugauri, I'll ask the Dev team to comment on this.

    Andy
    Andy Dreisch
    Vice President, Online Team


    Check out our Podcasts!
    Sugar University for training
    Sugar Wiki for developer and user help
    SugarForge for modules, themes, lang packs
    SugarExchange for production-ready extensions
    Enter/view bugs via the Sugar bug tracker
    Reply With Quote Reply With Quote
  6. 2007-03-01, 04:14 PM #6
    sugarchris's Avatar
    sugarchris
    sugarchris is offline Sugar Community Member
    Send a message via Yahoo to sugarchris
    Join Date
    Sep 2005
    Location
    San Francisco, CA
    Posts
    861

    Default Re: Read, write, execute to everyone on every Sugar file?

    Even if file/folder owner is apache (recommended way to run Sugar), there is an edge-case where the permissions are set in a way that apache cannot write/overwrite the file. This will cause the upgrade wizard to fail mid-upgrade, hence the full check on every upgrade.

    The test we run is is_writeable() which doesn't care who owns the file, just that PHP via web server can overwrite the file.

    Basic web-admin best-practices is the chown the entire folder structure to the apache user. This does not guarantee that apache can actually *create*, *delete* and/or overwrite files. We have to check for it regardless.
    Chris Nojima
    Ex-SugarCRM Software Engineer

    FAQ: InboundEmail Day-to-Day Usage
    FAQ: InboundEmail Setup Issues
    FAQ: Schedulers Setup & Usage
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Sugar Events - programing hooks
    By gasparz in forum Developer Help
    Replies: 8
    Last Post: 2011-08-24, 07:55 AM
  2. HELP - Act import (field mapping)
    By smelamed in forum Help
    Replies: 32
    Last Post: 2010-12-15, 05:39 PM
  3. Cannot write to the .htaccess file
    By ramv in forum Help
    Replies: 2
    Last Post: 2008-08-22, 05:40 AM
  4. sugar forums - can't read posting
    By nabilbloggs in forum Help
    Replies: 0
    Last Post: 2007-01-03, 09:42 AM
  5. Rebuild Relationships gives Fatal Error after update 4.0.0 -> 4.0.1
    By saaz in forum General Discussion
    Replies: 3
    Last Post: 2006-02-17, 05:12 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules