Edward Posted March 3, 2014 Share Posted March 3, 2014 I wanted to ask what should the files permissions be for both the Assets and Runtime folder? I have set both of mine to 777 which allows the Yii Application to run. But is this correct? I am working with a new vps server and getting new errors so i may as a few different questions this week. Link to comment Share on other sites More sharing options...
Jonathon Posted March 3, 2014 Share Posted March 3, 2014 http://www.yiiframework.com/wiki/275/how-to-write-secure-yii-applications/#hh18 1 Link to comment Share on other sites More sharing options...
Edward Posted March 4, 2014 Author Share Posted March 4, 2014 Thanks Jonathon, this is a useful thread and checklist for me to go through. Can i ask what did you set the permissions to on your server for the two folders. The strange thing is i didn't get problem on another server when i uploaded the files but on the new server i am getting an error message showing up, so i had to set it to 777 for the Yii app to run. Seriously i know nothing about servers and this kind of IT technician stuff, i am an Airhead when it comes to this sort of stuff. Link to comment Share on other sites More sharing options...
Jonathon Posted March 4, 2014 Share Posted March 4, 2014 I'm similar, I'll have to go and check because I did change a few and it broke. Link to comment Share on other sites More sharing options...
Edward Posted March 4, 2014 Author Share Posted March 4, 2014 Okay i am going through problem after problem right now trying to get things running on a server. May be Larry will have a conslusive answer for this problem. It's sad but i may have to end up purchasing the Dummy's Guide to Servers. Or Larry, "Can you right a Geek to English book on servers?" Just kidding...hehe!! Link to comment Share on other sites More sharing options...
Jonathon Posted March 5, 2014 Share Posted March 5, 2014 Mine are set to 755 for every folder by default on my server. But I am looking to update these to make sure they are safe. Looking at the article I wasn't actually sure what the writeable folders and the rest (read only from the webserver) permissions should be. Link to comment Share on other sites More sharing options...
Edward Posted March 5, 2014 Author Share Posted March 5, 2014 I tried to set mine back to 755 that all my other folders on the server are configured to but got this error again. CExceptionApplication runtime path "/home/edward/public_html/protected/runtime" is not valid. Please make sure it is a directory writable by the Web server process. Link to comment Share on other sites More sharing options...
Larry Posted March 5, 2014 Share Posted March 5, 2014 If it need to be writable, you'd want to use 766 for those folders. 1 Link to comment Share on other sites More sharing options...
Edward Posted March 6, 2014 Author Share Posted March 6, 2014 I set them to 766 and now receive this error PHP warning mkdir() [<a href='function.mkdir'>function.mkdir</a>]: Permission denied I will leave this at 777 for now until i figure out a solution. I have been working on other stuff now like removing the responsiveness from Bootstrap 3. My website is really too big for me alone without working on independent mobile layouts so i just do standard for now. Also i found that if i ever go to eBay or other mobile apps i find them to be crappy and just leave me switching over to the normal site view anyway. I think the responsive crap seems to be a waste of time for sites like Amazon and eBay they don't even work properly or show all the product listings. But if you were using this on the other hand with blogs sites and so i think it would be useful. Sorry for talking a lot I just releasing some of my development pressure. Link to comment Share on other sites More sharing options...
Edward Posted March 8, 2014 Author Share Posted March 8, 2014 766 is not workin arrggghhh! PHP warning mkdir() [<a href='function.mkdir'>function.mkdir</a>]: Permission denied /home/user/framework/utils/CFileHelper.php(307) 295 * @param array $options newDirMode element used, must contain access bitmask296 * @param boolean $recursive whether to create directory structure recursive if parent dirs do not exist297 * @return boolean result of mkdir298 * @see mkdir299 */300 private static function mkdir($dst,array $options,$recursive)301 {302 $prevDir=dirname($dst);303 if($recursive && !is_dir($dst) && !is_dir($prevDir))304 self::mkdir(dirname($dst),$options,true);305 306 $mode=isset($options['newDirMode']) ? $options['newDirMode'] : 0777;307 $res=mkdir($dst, $mode);308 @chmod($dst,$mode);309 return $res;310 }311 } Is this about the user not having authority to make directories on the server? Link to comment Share on other sites More sharing options...
Edward Posted March 8, 2014 Author Share Posted March 8, 2014 My server company are struggling with this, the query is now on hold till someone more technical comes in to handle this. Are you sure its 766? They asked me to confirm where i got this information from. I saw some other people on the Yii forums saying 777 but if you put 777 as opposed to 766, then the files are executable by both Group and the World. File Permissions Read - 4 Write - 2 Execute - 1 User - The owner of the file. Group - Other files which are in the same folder or group. World - Everyone else. I think it may be 776 im just guessing though. Nope just tried it doesn't work either. Arrgghhh its going to be one of these days! Update: Got this fixed for now but server company are not sure if errors could come up again. Link to comment Share on other sites More sharing options...
Larry Posted March 10, 2014 Share Posted March 10, 2014 777 is guaranteed to work, it may just be more open than is necessary. On some systems, 755 could work, on others, 766. Really depends upon the permissions and owners and groups in use. Glad it's working, though! 1 Link to comment Share on other sites More sharing options...
Jonathon Posted March 10, 2014 Share Posted March 10, 2014 My server company are struggling with this, the query is now on hold till someone more technical comes in to handle this. Are you sure its 766? They asked me to confirm where i got this information from. I saw some other people on the Yii forums saying 777 but if you put 777 as opposed to 766, then the files are executable by both Group and the World. File Permissions Read - 4 Write - 2 Execute - 1 User - The owner of the file. Group - Other files which are in the same folder or group. World - Everyone else. I think it may be 776 im just guessing though. Nope just tried it doesn't work either. Arrgghhh its going to be one of these days! Update: Got this fixed for now but server company are not sure if errors could come up again. What settings did you use for the 3 folders with write permissions and the others that only needed read out of curiosity. Link to comment Share on other sites More sharing options...
Edward Posted March 11, 2014 Author Share Posted March 11, 2014 I know of the two folder assets and runtime that need write permissions, i set those at what Larry said at 766 but my server company said there may be problem on other scripts with what they done to achieve this, so i can't confirm this will be stable yet. All my other folders on the server are set as 755 and php files are at 644. So what do you have and what is the third writeable folder we need to be concerned with? Link to comment Share on other sites More sharing options...
Edward Posted March 11, 2014 Author Share Posted March 11, 2014 I am actually have real problem with 766. Now i am not getting errors with 766 but now the current javascript on the pages doesn't work. Also when i deleted a folder in assets like d99df and cleared all folders out, for some reason the server couldn't write back to that folder with the assets required for Yii. When i changed the folder settings back to 777 it worked again, this mystery doesn't seem to unravel easily like what i thought it would. But i agree with what Larry is saying if we can get it to 766 i would go with that as we don't really need executes on those files and limiting actions would be best by simple common sense. I am now a little concerned for the security of my website. Link to comment Share on other sites More sharing options...
Larry Posted March 12, 2014 Share Posted March 12, 2014 The thing to keep in mind is that the permissions restrict who *on the server* can do what. A 777 doesn't literally mean anyone online can do anything with that folder. Only users with access to the server would be able to manipulate such a folder. Not to be complacent about these permissions but... 1 Link to comment Share on other sites More sharing options...
Edward Posted March 13, 2014 Author Share Posted March 13, 2014 I think i may have a vision into the future, just before i opened up this forum i just thought exactly as you wrote. Yes only those who have server access would be able to operate on the forum. So that means if we are on a dedicated server or a lower cost Virtual Private Server (VPS) we would be suffice. Suffice it not really a word i like to use(it sounds a bit weird to me) but i saw you and some others using it here so i thought id give it a shot this time. Thanks for your help...Larry I think im going to just leave this at 777 because me and my server team are getting problems with it. Talking of a vision into the future i may be slightly wrong on that, it may be that we are all connected to a spiritual grid and its possible that one could connect to another person on the grid telepathically. Like i connected directly to your memory Larry. However there is one problem i need to wait for you to write the post before i can connect to it, haha. Seriously though i am not kidding with you here, something strange happened before i opened this post. Link to comment Share on other sites More sharing options...
sandy Posted April 25, 2014 Share Posted April 25, 2014 I ran into this too and had to chmod them to 777 them. BUT I think the problem might also be related to owner and groups to use anything other then 777. I'm not a Linux hack, but Larry might chime in with more insight, but I can't remember if I changed them www-data:www-data or something like that and less then 777 for the access. I'm just moving stuff to Amazon Web Services and just set a few of the directories to 777 to get things going will experiment with it and if it's anything different then 777 will tell the tail Sandy 1 Link to comment Share on other sites More sharing options...
Edward Posted April 26, 2014 Author Share Posted April 26, 2014 I found that the php functions Yii used did not work unless it was 777. Thanks for your comments 'sandy'. Link to comment Share on other sites More sharing options...
Edward Posted April 30, 2014 Author Share Posted April 30, 2014 Thanks for your comments sandy. I think 777 is fine as long as you have a standard VPS this is pretty much the same as a dedicated server so in other words no one can access your files. Also you can validate any files being uploaded with chile manger just check the mimeType of the file and you can be sure what it is. Link to comment Share on other sites More sharing options...
sandy Posted April 30, 2014 Share Posted April 30, 2014 Yes, I don't think it a huge deal. I'm working on AWS and it's not a huge issue as far as I can tell. I have not tried anything other then 777 yet, if I do get some time I'll try other setting but it may be pointless on the VPC Sandy Link to comment Share on other sites More sharing options...
Edward Posted April 30, 2014 Author Share Posted April 30, 2014 I tried everything else including 766 but 777 was the only thing I could get to work. The Php functions need 777 in order to operate. Well glad you could get it to work. I think if you got a VPS everything will be okay. Link to comment Share on other sites More sharing options...
Jonathon Posted May 6, 2014 Share Posted May 6, 2014 I just got set up with DigitalOcean and am going through this now, I'm working on my server ip and my css folders + assets don't want to display, that being said, I did alter their permissions to 777 and they still won't come through. I'm working to try fix that though. Link to comment Share on other sites More sharing options...
Larry Posted May 6, 2014 Share Posted May 6, 2014 Let us know if you need any help or have any questions. Please do also share your experience with Digital Ocean (perhaps in another thread). Link to comment Share on other sites More sharing options...
Jonathon Posted May 6, 2014 Share Posted May 6, 2014 Thanks Larry I "think" mine was a problem with using my .htaccess file when accessing through the server IP. Although I definately did need to change some permissions and I did end up setting most of my folders like protected and public to 777. I read your point to Edward too about it only being people on that server. It;s only me with access to my own VPS. So I feel like I should still be secure. I hope at least. Link to comment Share on other sites More sharing options...
Recommended Posts