files/folders permissions

[davidefa]

I found that some blocks/plugins are unzipped ( on my linux server ) with the wrong files/folder permissions ( which on my server should be 644/755 ).
This is only to say if you have problems with blocks/plugins remember to check files/folders permissions.

P.S.
In my ignorance, I even didn't know zip files could preserve permissions

[Julius]

Isn't there an easy script somewhere to run and easily fix and secure permissions for the entire meteotemplate rootdir and everything under it? I once created one for wordpress:

Code: Select all

#!/bin/bash
WP_ROOT=/webx/wordpressrooty # <-- wordpress root directory, current directory by default
WP_OWNER=www-data
WP_GROUP=www-data
WS_GROUP=www-data

# reset to safe defaults
find ${WP_ROOT} -exec chown ${WP_OWNER}:${WP_GROUP} {} \;
find ${WP_ROOT} -type d -exec chmod 755 {} \;
find ${WP_ROOT} -type f -exec chmod 644 {} \;

# allow wordpress to manage wp-config.php (but prevent world access)
chgrp ${WS_GROUP} ${WP_ROOT}/wp-config.php
chmod 660 ${WP_ROOT}/wp-config.php
chmod 765 ${WP_ROOT}/wp-cron.php

# allow wordpress to manage .htaccess
touch ${WP_ROOT}/.htaccess
chgrp ${WS_GROUP} ${WP_ROOT}/.htaccess
chmod 664 ${WP_ROOT}/.htaccess

# allow wordpress to manage wp-content
find ${WP_ROOT}/wp-includes -exec chgrp ${WS_GROUP} {} \;
find ${WP_ROOT}/wp-content -exec chgrp ${WS_GROUP} {} \;
find ${WP_ROOT}/wp-content -type d -exec chmod 775 {} \;
find ${WP_ROOT}/wp-content -type f -exec chmod 664 {} \;

Can someone provide the same for meteotemplate?

[davidefa]

I have two small scripts:
ls_perm ( list files/directories with 'abnormal' permissions, set appropriate permissions in line 48 )
ch_perm ( changes permissions to files/directories, set appropriate permissions in line 48 )
Simply copy the files in a directory and execute the script ( it will recursively travel current directory and subdirectories )

[Julius]

How do I execute these scripts?
When I run them from a browser I get a blank page..
Also, what *should* permissions be?

There needs to be a default script that runs from within MeteoTemplate admin UI,
where you simply set the webserver user (www-data in most cases)
and maybe some special files, if you need access for meteobridge or whatever,
and then the script does the rest for you.

[davidefa]

To execute the scripts simply copy the script in one directory ( for example in the root directory of meteotemplate ) and execute it ( insert the correct url of the script in the address bar of the browser ).
Before executing the script adjust the folders and files permissions in line 48:

Code: Select all

listmod_r(dirname(__FILE__), "0755", "0644");

( The first figure is the folders permission )
Permissions are 'server dependant' ( on a server I have "0755", "0644", on another I have "0755", "0755" )

Sorry, don't understand this part:

There needs to be a default script that runs from within MeteoTemplate admin UI,
where you simply set the webserver user (www-data in most cases)
and maybe some special files, if you need access for meteobridge or whatever,
and then the script does the rest for you.

[Julius]

Sorry, but this does not work. I get a blank page when I run it as you say (did that already)..

What I mean is: Since I, as a user, have no idea what the permissions structure for meteotemplate should be, I should not be setting permissions either. This is asking for trouble. This should be done by config, when setting it up. And re-run after each added block. Something like that needs to be built-in, like wordpress has these days.

[davidefa]

Not sure how I did, but I managed to corrupt the first line of both scripts ( so they don't execute ).
The attached scripts are ok.
Added also two parameters to define directory and files permissions ( without editing scripts ):
- dperm ( defaults to 0755 ) directories permissions
- fperm ( defaults to 0644 ) files permissions
For example:

Code: Select all

https://weer.broekermeer.nl/ls_perm.php?dperm=0777&fperm=0666

What I mean is: Since I, as a user, have no idea what the permissions structure for meteotemplate should be, I should not be setting permissions either. This is asking for trouble. This should be done by config, when setting it up. And re-run after each added block. Something like that needs to be built-in, like wordpress has these days.

Correct, it can be added

[spd2612]

These will not run on my ubunto 22.04 server
Error is i dont have permission to chmod

Anyway to fix this
Web template owner is www-data

Only way i can change permissions is thru
Ftp client or terminal

[davidefa]

I've added a script that changes permissions via ftp ( ch_perm_ftp.php )
Usage is similar to the non ftp version, the only difference:
1) first edit line 13-16 with your ftp data/credentials
2)in line 15 ftp_root refers to the ftp 'landing directory' ( in my test server is '/home/gepnuiib', while meteotemplate resides in '/home/gepnuiib/public_html/template' )

P.S.
It could be slow

[spd2612]

Thanks for all you do for meteotemplate
Im using it on my ubunto server im thinking of moving to Apache2 I have the server running and phpmyadmin and have been able to go thru setup but because i only have it local for now and cant use my domin on it I dont think there is anyway to actually make that site load as I used my active sites id to set it up

[spd2612]

Well permissions in meteotemplate are very finicky I have had to get all of my web server off of windows Iis to linux
As my server fell victim to what is known as the north korean hack I have delt with the fbi and my network providers for over a year and finally decided to just build a new virtual machine in linus all regular php based sites are pretty strait forward but meteotemplate requires a lot of writable files and folders i have used permissions at 755 then just gave write at 775 as needed this has been a very difficult task
It would be very nice if there was something strait forward to tell us which file or folder needs write permissions its been very clear that if its a .txt file it needs 755 and as the wiki says the config file but after that its trail and error
IIS just dont have the flexibility to be as selective as linux I seem to have gotten everything running and I am in PHP 8.1.13
I will tweak this a little more and then list all the many files and folders that need write permissions 755 seams a good base which is read,write and execute for the owner and read and execute for the site or php in linux www-data I will put out the files and folders that need the 775 as soon as i am convinced my site is fully functional and secure
I must add that this changes depending on who the owner is in my case its me a lot of hosting providers seem to be using www-data for both owner and group should be owned by root