Make caching engine use correct permissions on shared linux hosting

[selfmade64856]

I was able to fix this problem permanently for my Linux shared hosting environment, meaning I no longer have to set folder and file permissions each and every time I run a e-Mail Campaign so that I can view all the stats without the "FAIL" pop up harassing me. I had errors popping up for everything....not any more.

For those that know there way to the files, I did this:

First set the proper permissions to all of your folders and files recursively,

Next edit the appropriate section of the config.php file to read this:
array (
'dir_mode' => 1517,
'file_mode' => 420,
'user' => 'yourusername',
'group' => 'yourusername',

and then edit the appropriate section of the utils.php to read this:
'dir_mode' => 02770,
'file_mode' => 0660,
'chown' => 'yourusername',
'chgrp' => 'yourusername',

I created a video for those that are in doubt of what to do because video's for me are much easier to understand then someone just writing it out. Just do a search in you tube with the quotes for "SugarCRM - Linux Default Permissions FIXIT HD". I show step by step what to do.

Since doing this everything works very nicely and I have went from errors at least 20 times a day to 0 errors at all.

Two weeks worth of researching in a 14 minute video.....wish someone had created one 2 weeks ago

Thanks for your assistance Chris!!!

Courtney L Bostdorff

[Chris_C]

I was able to fix this problem permanently, meaning I no longer have to set folder and file permissions each and every time I run a e-Mail Campaign so that I can view all the stats without the "FAIL" pop up harassing me. I had errors popping up for everything....not any more.

For those that know there way to the files, I did this:

First set the proper permissions to all of your folders and files recursively,

Next edit the appropriate section of the config.php file to read this:
array (
'dir_mode' => 1517,
'file_mode' => 420,
'user' => 'yourusername',
'group' => 'yourusername',

and then edit the appropriate section of the utils.php to read this:
'dir_mode' => 02770,
'file_mode' => 0660,
'chown' => 'yourusername',
'chgrp' => 'yourusername',

I created a video for those that are in doubt of what to do because video's for me are much easier to understand then someone just writing it out. Just do a search in you tube with the quotes for "SugarCRM - Linux Default Permissions FIXIT HD". I show step by step what to do.

Since doing this everything works very nicely and I have went from errors at least 20 times a day to 0 errors at all.

Two weeks worth of researching in a 14 minute video.....wish someone had created one 2 weeks ago

Thanks for your assistance Chris!!!

Courtney L Bostdorff

Thank you, Courtney! Great work!

This is very cool.

One question:
It would be great to have an explanation - to make some sense out of it.
What's the reasons for the 4 different sets of permissions ?

1)
0775 folders and 0664 files, (recursively):
./cache,
./custom,
./data,
./modules.
./config.php
./config_override.php
./sugarcrm.log

2)
0755 folders, 0644 files (recursively):
all other folders and files.

3)
in ./include/utils.php
default_permissions array variables:
'dir_mode' => 02770,
'file_mode' => 0660,
'chown' => 'yourusername',
'chgrp' => 'yourusername',


4)
in ./config.php
default_permissions array variables :
'dir_mode' => 02755 (same as 1517 decimal)
'file_mode' => 0644 (same as 420 decimal)
'user' => 'yourusername',
'group' => 'yourusername',


-Chris

[selfmade64856]

Thank you, Courtney! Great work!

This is very cool.

One question:
It would be great to have an explanation - to make some sense out of it.
What's the reasons for the 4 different sets of permissions ?

Hi Chris, to be honest I have no idea and it most likely won't matter either way.

I was searching the SugarCRM for "shared hosting linux default file permissions" or something like that and came across a few posts each with their own solution. I tried all of them but the files were still not being saved with the correct permissions by default. So then I figured I would try combining two of the solutions to see what would happen, and it worked

I have no idea what I am doing

[morrighu]

I have a sneaking suspicion that different things are working for different folks because hosting providers don't have identical configurations. That will mean changes the PHP.ini, the apache config, chroot jail, etc.

Problem #1 You are using the SETUID and SETGID functions of chmod even though the default behaviour can vary widely. This is even mentioned specifically on the chmod man page. Best not to do that at all since this stuff is getting rolled out in environments that neither you nor the end user control.

Solution - You would be much better off using chown for this and simply leaving the file permissions at 770 or 660. Using 2 commands would probably do the trick.
chmod -R 755 <list of files/directories>
chmod -T 644 <list of files/directories>
chown -R <apache-user-name>:<apache-group-name> *

755 and 644 are simply the most permissive file and directory permissions that you would want to allow for a web app. Some hosting providers require more restrictive permissions. The "nutshell" version of Unix file permissons... First digit represents the rights for the user who owns the file or directory. The second digit represents the rights for the group. The third digit represents the rights for "world". So if the permissions are 754. The owner has read, write and excute. The group has read & execute but not write. World would be left with read only meaning no execution or writing. Read gets you 4 "points". Write is 2 "points" and Execute is 1 "point". So if you want 666 that's read (4) + write (2) for user, group, and world. You can read more here and here.

As a rule, your webserver's user should (should be extremely operative) "own" at least its own "root" directory that it is serving out of. Most *nixes use "www-data" or "nobody" as the Apache user and group as a default. In shared hosting all that changes. The apache user is just as likely to be "bobuser" or "susieuser" or what ever the user name for the hosting account is. So I think a detect to see what user the Apache is running as in order. Along with check of user & group that owns the www or public_html directory, depending on the distro. That should help you determine what to set for the user & group in the config file during the install. And you can always test it by trying a few combinations to see what works during the install process. Adding some lines of code to make directories and attempt to write files with the various user permissions should be sufficient to tell you what will work and what won't.

I'd strongly suggest that you guys take a look at ZenCart, Drupal, Lime Survey and some of the other PHP apps out there to see how they're detecting the environment and setting things up during the install. No need to reinvent the wheel if someone else has already built a really nice one.