Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve the Stricter Permissions page #236

Open
alanmels opened this issue Sep 6, 2024 · 1 comment
Open

Improve the Stricter Permissions page #236

alanmels opened this issue Sep 6, 2024 · 1 comment

Comments

@alanmels
Copy link

alanmels commented Sep 6, 2024

As I understand the https://docs.backdropcms.org/documentation/stricter-permissions is a shorter summary of https://www.drupal.org/node/244924, however unlike before on Drupal 7 we now have configuration files within the files directory, so the documentation must always take that fact into consideration. One important problem when you attribute the ownership of the directory to Apache user like the pages recommends:

drwxrwxr-x  8 kris     kris      4.0K Aug 27 08:43 core/
drwxrwxr-x 14 www-data www-data  4.0K Aug 14 17:52 files/
-rw-rw-r--  1 kris     kris      5.9K Jul 22 16:47 .htaccess
-rwxrw-r-x  1 kris     kris       578 Aug 27 08:43 index.php
drwxrwxr-x  2 kris     kris      4.0K May 24 21:44 layouts/
drwxrwxr-x 19 kris     kris      4.0K Aug  2 10:11 modules/
drwxrwxr-x  5 kris     kris      4.0K Aug 27 08:43 profiles/
-rw-rw-r--  1 kris     kris      3.9K Aug 26 14:40 README.md
-rw-rw-r--  1 kris     kris      1.2K May 24 21:44 robots.txt
-rw-rw-r--  1 kris     kris       15K Aug 27 08:43 settings.php
drwxrwxr-x  3 kris     kris      4.0K May 24 21:44 sites/
drwxrwxr-x  2 kris     kris      4.0K May 24 21:44 themes/

then you are not able to operate modules on command line with bee. Simple disabling some modules with bee gives:

ConfigStorageException: Failed to write configuration file: ./files/config_d99f7d5215c03b91fc5398641b0df6aa/active/user.role.anonymous.json in ConfigFileStorage->write() (line 1723 of /home/homiebees/www/test.homiebees.com/public_html/core/includes/config.inc).

and you can't do anything, but go to UI. Changing anything in configuration files via UI operations is ok, because that way Apache is triggered. However, unless you enable bash for www-data and sudo as www-data any other user like kris in the documentation example can't do anything to configuration files, or for, that matter, any file in the files directory. So I believe the documentation page must change or at least properly describe this problem.
@alanmels
Copy link
Author

alanmels commented Sep 6, 2024

The above described issue could be addressed by setting this ownership:

drwxrwxr-x 14 www-data kris  4.0K Aug 14 17:52 files/

and adding user kris user to www-data group and, likewise, user www-data to kris group.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@alanmels