Page 1 of 3 123 LastLast
Results 1 to 10 of 26
Like Tree12Likes

Thread: Make caching engine use correct permissions on shared linux hosting

  1. #1
    Chris_C's Avatar
    Chris_C is offline Sugar Community Member
    Join Date
    Jun 2011
    Location
    Connecticut
    Posts
    296

    Default Make caching engine use correct permissions on shared linux hosting

    Many other popular PHP web application frameworks - Joomla, Drupal, Wordpress - have caching engines that use correct permissions on shared linux hosting.

    Could the Sugar development team - in the SF Bay Area - make the Sugar caching engine use correct permissions - and finally get Sugar to run correctly out-of-the-box on shared linux hosting ??

  2. #2
    jmertic's Avatar
    jmertic is offline Sugar Community Manager
    Join Date
    Dec 2007
    Posts
    3,996

    Default Re: Make caching engine use correct permissions on shared linux hosting

    Quote Originally Posted by Chris_C View Post
    Many other popular PHP web application frameworks - Joomla, Drupal, Wordpress - have caching engines that use correct permissions on shared linux hosting.

    Could the Sugar development team - in the SF Bay Area - make the Sugar caching engine use correct permissions - and finally get Sugar to run correctly out-of-the-box on shared linux hosting ??
    Could you detail more where the permissions problems are, as in what's getting set with the wrong permissions and how should they be set instead?
    John Mertic
    Sugar Community Manager

  3. #3
    Chris_C's Avatar
    Chris_C is offline Sugar Community Member
    Join Date
    Jun 2011
    Location
    Connecticut
    Posts
    296

    Default Re: Make caching engine use correct permissions on shared linux hosting

    Quote Originally Posted by jmertic View Post
    Could you detail more where the permissions problems are, as in what's getting set with the wrong permissions and how should they be set instead?
    This is my first reply - I will follow up later with more details.

    From the official documentation for 6.3.0:
    Sugar Community Edition Documentation | Open Source Business & Social CRM - SugarCRM

    At the absolute bottom of the page:
    Configuring Default Permissions for Sugar Files on Linux
    If you are running Sugar on Linux platform, you can control ownership and accessibility to all Sugar files and folders by configuring default user and group permissions.
    The following is an example of setting Read, Write, and Execute permissions for the Apache user and the Apache group on Centos operating system:
    'default_permissions' => array(
    'dir_mode' => 02770,
    'file_mode' => 0660,
    'chown' => 'apache',
    'chgrp' => 'apache', ),
    For dir_mode, you may see a value of 1528, which is the decimal equivalent of the octal value 02770. For file_mode you may see a value of 432 which is the decimal equivalent of octal value 0660.
    I installed on Centos linux/apache/mysql shared hosting, and the Sugar installer generated this inside config.php:
    'default_permissions' =>
    array (
    'dir_mode' => 1528,
    'file_mode' => 432,
    'user' => '',
    'group' => '',
    ),
    The user and the group are empty as you can see - this causes serious errors.

    The result of this is - and you can see dozens of posts on this forum - and probably thousands more who didn't bother posting. Newbie users are getting severe http errors while viewing Sugar for the first run - inaccessible css and javascript (?!) - many first time Sugar users have posted, asking for help, saying "css looks messed up after clean install?" I wouldn't be surprised if 1000x more new users have encountered this problem, and simply given up on Sugar entirely and went over to the competition. It's that serious, and should be fixed.

    I posted a PHP script on this forum, allows a user to *temporarily* gets around this permissions problem by setting all Sugar files to 644 and folders to 755 - "miraculous," "amazing," "this should be included with sugar," are some of the comments I received. Some had been frustrated for many days and didn't believe it could be that - after all they right-clicked on the cache folder and 3 others and set it to 755 but it still failed to work - but they were ecstatic to try my PHP script and find it fixed their issue.

    But the problem comes back - gradually over time - as the cache engine generates more new files - as it does - but sets the wrong permissions/ownership. When the user goes to access those cached page elements - their browser will be unable to get the file, denied access due to permissions/ownership - when it's a css or js, so the browser ends up rendering the page horribly - unusable - since it's missing some vital js and css.

    Sugar CE should install on linux shared hosting and just work, out of the box- like popular PHP web application Wordpress, Joomla, and Drupal run without showstopper permissions issues, on hundreds of millions of internet sites. The Sugar installer code can and should detect it's running on linux, detect the apache user and group, and automatically plug these values into the default permissions section of the config.php.
    Last edited by Chris_C; 2012-01-22 at 11:39 AM. Reason: clarity
    sipserv likes this.

  4. #4
    Chris_C's Avatar
    Chris_C is offline Sugar Community Member
    Join Date
    Jun 2011
    Location
    Connecticut
    Posts
    296

    Default Re: Make caching engine use correct permissions on shared linux hosting

    Post 2 of ? - Follow up on the permissions / owner/ group on shared linux hosting :

    The upgrade wizard was consistently failing with owner and group set to 'apache' 'apache'.

    The error message was "unable to create temp folder".

    Even running my fix-permissions.php script wasn't giving any joy.

    When I changed the owner and group back to '' and '' - the upgrade wizard finally worked perfectly.

    Upgraded to 6.4.0RC3.



    NOTE: This was while using Angel's "wizard-less uploads" method - which simply skips the upload step 1 by placing the zip and manifest in their expected locations - so the upgrade wizard starts at step 2.

    I had reverted to Angel's wizard-less uploads method because upgrades were failing due to flaky behavior - permissions and ownership suspected as the cause. And indeed they were.
    Angel's Blog: SugarCRM Tips: Wizard-Less Uploads

  5. #5
    jmertic's Avatar
    jmertic is offline Sugar Community Manager
    Join Date
    Dec 2007
    Posts
    3,996

    Default Re: Make caching engine use correct permissions on shared linux hosting

    Can you be sure to file a bug for this at SugarCRM Bug Tracker | Open Source Business & Social CRM - SugarCRM with all the notes above in it. This is great feedback, and I want to be sure to capture it and bring it back into Engineering.

    Thanks!
    Chris_C likes this.
    John Mertic
    Sugar Community Manager

  6. #6
    selfmade64856 is offline Sugar Community Member
    Join Date
    Sep 2011
    Posts
    38

    Default Re: Make caching engine use correct permissions on shared linux hosting

    I am having a similar problem. After creating a Campaign Schedule which is then completed at the specific scheduled time, once the campaign is sent out if I now click on the "View Status" of the campaign I get an incomplete status page and sugar throws me an error popup which is shown here:



    What I have to do to fix this is open my ftp client, navigate to the cache folder and then recursively change all of the cached files to 664. Once I complete this step everything works and looks the way it is supposed to which is shown here:



    I spoke with my host and they said:

    "Unfortunately this is not a server-side problem, PHP scripts should be changed to save files with the correct permissions.
    Alternatively you can set up a cron job which will run once a day and change permissions as needed.
    Cron job command should be similar to this:

    chmod -R 664 /home/sitesire/public_html/crm/cache/"

    So my question is, what do I need to do to get SugarCRM to create these newly cached files with the correct file permissions without having to run another cron job? Thanks.
    Chris_C likes this.

  7. #7
    Chris_C's Avatar
    Chris_C is offline Sugar Community Member
    Join Date
    Jun 2011
    Location
    Connecticut
    Posts
    296

    Default Re: Make caching engine use correct permissions on shared linux hosting

    Quote Originally Posted by selfmade64856 View Post
    So my question is, what do I need to do to get SugarCRM to create these newly cached files with the correct file permissions without having to run another cron job? Thanks.
    John Mertic, selfmade64856,


    I dug into this permissions bug, in the code, on the forum, on the web, in the official Sugar docs, and in the Sugar KB.

    So far, this is what I've uncovered, including reasons why it works like that.

    I'm close to having a solution... almost.


    There's a setting in config.php (this holds all the basic configuration data for your Sugar instance, and is located in the root of your Sugar install).

    This setting controls the default permissions AND ownership, that Sugar will use when creating folders and files (such as the cache files - which Sugar's constantly creating - as it should).

    The part of Sugar's config.php that we have to modify, looks like this, out of the box, on a fresh Sugar 6.3 instance, on a shared linux (RHEL/CentOS 5) server:

    Code:
      'default_permissions' => 
      array (
        'dir_mode' => 1528,
        'file_mode' => 432,
        'user' => '',
        'group' => '',
      ),
    As you can clearly see, out of the box Sugar is setting files and folders like so:
    a) Directory permissions to 1528 decimal, or octal 02770, or rwxrws---.
    b) File permissions of 432 decimal, or octal 0660, or rw-rw----.
    c) GUID on,
    d) User owner and Group owner to nothing.
    (A link to a good explanation of the general meaning of linux permissions and ownership, if you're scratching your head wondering what on earth this is:
    Linux permissions )

    The reason Sugar's defaults are no good for linux shared hosts, is because, for high security reasons:
    1) the username that the apache process runs under (apache, www-data, www, or nobody) is a different username from your shared hosting account username, and
    2) this "apache user" MAY belong to a different GROUP than your actual shared hosting account user's GROUP.

    While you use Sugar, browse/create/update records, go from page to page, Sugar constantly generates cache files - stores them in the cache folder, and creates other files, storing them elsewhere in the folders under your Sugar instance's document root.

    For example - when you upload your custom company logo, during the Sugar install - it saves your GIF on the linux shared host's filesystem, in an uploads folder somewhere under the Sugar document root.
    This file has the wrong permissions and ownership, so apache cannot serve it to your browser!
    When Sugar goes to show you your logo on the next screen, in place of the log is a big empty box with the symbol for "broken link" showing instead of the image. (!!!)

    Same, very serious, problem for business Documents that you upload to Sugar, to associate with Sugar Accounts and Opportunities.
    The uploaded Documents get saved with the wrong default permissions, and are inaccessible by your browser - at least until the permissions are fixed somehow !!
    But fixing the permissions like this, even with a cron job script, is a less than ideal workaround:
    a) because you can't be running the script ever minute - that's a crazy waste of disk IO - and
    b) you're usually going to want to use your uploaded file within seconds, not up to a minute later..

    Due to incorrect (for the shared linux hosting environment) permissions and/or ownership, users suffer from Sugar messing up the pages, and experiencing inappropriate, unexpected error messages - for example, the popup that says "undefined" instead of "loading", or css, javascript, and images that fail to load at all - making the page practically unusable.

    I haven't completed the analysis of this - as of this moment - let alone gotten the full solution to it.

    My script fix-permissions.php (attached below - to run it, put it in the root of your sugar instance and run it by entering the URL to the script in your browser) fixes this temporarily by recursively setting all directories to 755 (rwxr-xr-x) and all files to 644 (rw-r--r--). These are popular, standard, middle of the road, security permissions, that work reliably well on a public facing website hosted on centos linux.

    More to come...

    Chris
    Attached Files Attached Files
    Last edited by Chris_C; 2012-01-28 at 05:11 AM. Reason: Clarity on the details
    LaFortuna likes this.

  8. #8
    Chris_C's Avatar
    Chris_C is offline Sugar Community Member
    Join Date
    Jun 2011
    Location
    Connecticut
    Posts
    296

    Default Re: Make caching engine use correct permissions on shared linux hosting

    Quote Originally Posted by jmertic View Post
    Can you be sure to file a bug for this at SugarCRM Bug Tracker | Open Source Business & Social CRM - SugarCRM with all the notes above in it. This is great feedback, and I want to be sure to capture it and bring it back into Engineering.

    Thanks!
    John,

    As you requested, I posted this feature request on the Sugar Bug Tracker. Here is the link:

    SugarCRM Bug Tracker | Open Source Business & Social CRM - SugarCRM

    Chris
    Last edited by Chris_C; 2012-01-29 at 04:13 AM.

  9. #9
    selfmade64856 is offline Sugar Community Member
    Join Date
    Sep 2011
    Posts
    38

    Default Re: Make caching engine use correct permissions on shared linux hosting

    Quote Originally Posted by Chris_C View Post
    John Mertic, selfmade64856,
    My script fix-permissions.php (attached below - to run it, put it in the root of your sugar instance and run it by entering the URL to the script in your browser)
    Hi Chris, tired your fix but only received this error when opening the script in my browser:

    "Fixing SugarCRM File Permissions...

    mode of `./config.php' retained as 0644 (rw-r--r--)

    Warning: _system() [function.-system]: Permission Denied in /home/360tours/public_html/crm/fix-permissions.php on line 37

    Warning: _system() [function.-system]: Permission Denied in /home/360tours/public_html/crm/fix-permissions.php on line 38

    Warning: _system() [function.-system]: Permission Denied in /home/360tours/public_html/crm/fix-permissions.php on line 39

    Warning: _system() [function.-system]: Permission Denied in /home/360tours/public_html/crm/fix-permissions.php on line 40

    Fixing SugarCRM Directory Permissions...

    Warning: _system() [function.-system]: Permission Denied in /home/360tours/public_html/crm/fix-permissions.php on line 46

    Warning: _system() [function.-system]: Permission Denied in /home/360tours/public_html/crm/fix-permissions.php on line 47

    Warning: _system() [function.-system]: Permission Denied in /home/360tours/public_html/crm/fix-permissions.php on line 48

    Warning: _system() [function.-system]: Permission Denied in /home/360tours/public_html/crm/fix-permissions.php on line 49"

    That was it. Any ideas?

    Thanks!!
    Last edited by selfmade64856; 2012-01-29 at 03:49 AM.

  10. #10
    Chris_C's Avatar
    Chris_C is offline Sugar Community Member
    Join Date
    Jun 2011
    Location
    Connecticut
    Posts
    296

    Default Re: Make caching engine use correct permissions on shared linux hosting

    Quote Originally Posted by selfmade64856 View Post
    Hi Chris, tired your fix but only received this error when opening the script in my browser:

    "Fixing SugarCRM File Permissions...

    mode of `./config.php' retained as 0644 (rw-r--r--)

    Warning: _system() [function.-system]: Permission Denied in /home/360tours/public_html/crm/fix-permissions.php on line 37

    Fixing SugarCRM Directory Permissions...

    Warning: _system() [function.-system]: Permission Denied in /home/360tours/public_html/crm/fix-permissions.php on line 49"

    That was it. Any ideas?

    Thanks!!
    Your shared hosting provider is denying use of the system() PHP function - security reasons.

    I'll attach a version 2 of the fix-permissions that will work.

    By the way, which shared hosting company are you using?
    Attached Files Attached Files
    Last edited by Chris_C; 2012-01-29 at 07:57 AM. Reason: add fix-permissions-v2.php

Page 1 of 3 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 2 users browsing this thread. (0 members and 2 guests)

Similar Threads

  1. installation on godaddy shared linux hosting
    By Hathorne in forum Installation and Upgrade Help
    Replies: 2
    Last Post: 2012-02-10, 12:28 PM
  2. Replies: 3
    Last Post: 2010-11-08, 11:56 AM
  3. Hosting SugarCRM: Professional with a 3rd Party Linux Hosting Company
    By MikeAtJenark in forum General Discussion
    Replies: 1
    Last Post: 2009-03-20, 11:56 AM
  4. Need correct Permissions
    By imserv in forum Help
    Replies: 8
    Last Post: 2005-07-11, 07:20 PM
  5. What are the correct permissions?
    By yellowsc2 in forum Help
    Replies: 1
    Last Post: 2005-04-21, 11:16 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •