Difference between revisions of "Setup:Installation Manual/Security Settings/File System Permissions"

[quality revision][quality revision]
(Tag: 2017 source edit)
(Tag: 2017 source edit)
 


For trouble-free usage of your BlueSpice installation, the web server requires write permissions to several folders of the file system. However, it is recommended to keep the rights for all other files and folders to a minimum. This document shows you the relevant folders and the correct permissions correct permissions setting.

Tips for this Document[edit | edit source]

  • Please, read this manual completely and work through the single installation steps one after another.
  • For editing For editing the configuration files with a text editor, the files must be saved in saved in UTF-8 coding without BOM BOM (Byte Order Mark).
  • The placeholder stands placeholder  stands for the path to your BlueSpice installation, e.g C:\inetpub\wwwroot\bluespice (Windows) or or /var/www/bluespice (Linux).

Affected FoldersAffected Folders[edit | edit source]

The folders, which require write permissions, are: 

  • <installpath-bluespice>/cache
  • <installpath-bluespice>/images
  • <installpath-bluespice>/extensions/BlueSpiceFoundation/config
  • <installpath-bluespice>/extensions/BlueSpiceFoundation/data
  • <installpath-bluespice>/extensions/Widgets/compiled_templates (only BlueSpice only BlueSpice pro)

Assignment of Permissions with Windows[edit | edit source]

Assign "change" rights for this folder for the local user "Everyone".

Setup:Setup windows permissions.jpg

Assignment of Permissions with Linux[edit | edit source]

Here you can assign rights much more strictly, which is also recommended. Transfer the directory directory <installpath-bluespice> recursively  recursively to the user root (CHMOD for Files for Files 644, CHMOD for Directories for Directories 755) and after this, transfer the mentioned directory recursively to the user and the group, under which the Apache Web Server runs (Debian/Ubuntu e.g. "www-data").

In the following, we provide a bash script, which works through this tasks for you with only one command.

To do so, create the file /usr/local/bin/setWikiPerm and copy the following code into this file: 

                #!/bin/bash

WWW_USER="www-data"
WWW_GROUP="www-data"

WWW_HOME=`eval echo ~$WWW_USER`
WWW_CFG=$WWW_HOME/.config

if [ $# -eq 0 ]; then
        echo "You must enter the path of your MediaWiki installation."
        exit
elif [ ! -d $1 ]; then
        echo "$1 does not exist or is no path."
        exit
fi

PATH=`echo "$1" | sed -e 's#/$##'`

/usr/bin/find $PATH -type d -exec /bin/chmod 755 {} \;
/usr/bin/find $PATH -type f -exec /bin/chmod 644 {} \;

/bin/chown -R root:root $PATH

pathes=(
        "$PATH/cache" \
        "$PATH/images" \
        "$PATH/_sf_archive" \
        "$PATH/_sf_instances" \
        "$PATH/extensions/BlueSpiceFoundation/data" \
        "$PATH/extensions/BlueSpiceFoundation/config" \
        "$PATH/extensions/Widgets/compiled_templates" \
)

for i in "${pathes[@]}"; do
        if [ -d $i ]; then
                /bin/chown -R $WWW_USER:$WWW_GROUP $i
        fi
done

if [ ! -d $WWW_CFG ]; then
        /bin/mkdir $WWW_CFG
fi

/bin/chown -R $WWW_USER:$WWW_GROUP $WWW_CFG

/usr/bin/find $PATH/extensions -iname 'create_pygmentize_bundle' -exec /bin/chmod +x {} \;
/usr/bin/find $PATH/extensions -iname 'pygmentize' -exec /bin/chmod +x {} \;
/usr/bin/find $PATH/extensions -name 'lua' -type f -exec /bin/chmod 755 {} \;


            

If needed, replace the content of the variables variables 

WWW_USER="www-data"
WWW_GROUP="www-data"

with the approprate user and group of your distribution.

After this, assign CHMOD 755 to this file. Now you can run the script and let it do the complete permission setting automatically with the following command:  

                setWikiPerm <installpath-bluespice>

            
Hint.jpg
Note that when the update.php is executed on the console, the rights can be partially discarded. For this reason, set the rights to "update.php" again.
{{DISPLAYTITLE:File System Permissions}}
        
        __TOC__
        

        For trouble-free usage of your BlueSpice installation<span class="">, the web server requires write permissions to several folders of the file system.</span> <span class="">However, it is recommended to keep the rights for all other files and folders to a minimum.</span> <span class="">This document shows you the relevant folders and the correct permissions correct permissions setting.</span>
        

        ==Tips for this Document==
        
        * Please, read this manual completely and work through the single installation steps one after another.
        
        * For editing For editing the configuration files with a text editor, the files must be saved in saved in UTF-8 coding without BOM BOM (Byte Order Mark).
        
        * The placeholder placeholder <code></code> stands  stands for the path to your BlueSpice installation, e.g <code>C:\inetpub\wwwroot\bluespice</code> (Windows) or or <code>/var/www/bluespice</code> (Linux).
        

        ==Affected FoldersAffected Folders==
        
        The folders, which require write permissions, are: 
            
 
            
* <code>&lt;installpath-bluespice&gt;</code>/cache
        
        * <code>&lt;installpath-bluespice&gt;</code>/images
        
        * <code>&lt;installpath-bluespice&gt;</code>/extensions/BlueSpiceFoundation/config
        
        * <code>&lt;installpath-bluespice&gt;</code>/extensions/BlueSpiceFoundation/data
        
        * <code>&lt;installpath-bluespice&gt;</code>/extensions/Widgets/compiled_templates '''(only BlueSpice only BlueSpice pro)'''
        

        ==Assignment of Permissions with Windows==
        
        Assign "change" rights for this folder for the local user "Everyone".<br /><br />
        

        [[File:Setup:Setup_windows_permissions.jpg|center]]
        

        ==Assignment of Permissions with Linux==
        
        Here you can assign rights much more strictly, which is also recommended. Transfer the directory directory <code>&lt;installpath-bluespice&gt;</code> recursively  recursively to the user root (CHMOD for Files for Files 644, CHMOD for Directories for Directories 755) and after this, transfer the mentioned directory recursively to the user and the group, under which the Apache Web Server runs (Debian/Ubuntu e.g. "www-data").
        

        In the following, we provide a bash script, which works through this tasks for you with only one command.
        

        To do so, create the file /usr/local/bin/setWikiPerm and copy the following code into this file: 
            
 
            
<pre>#!/bin/bash
        

        WWW_USER="www-data"
        
        WWW_GROUP="www-data"
        

        WWW_HOME=`eval echo ~$WWW_USER`
        
        WWW_CFG=$WWW_HOME/.config
        

        if [ $# -eq 0 ]; then
        
                echo "You must enter the path of your MediaWiki installation."
        
                exit
        
        elif [ ! -d $1 ]; then
        
                echo "$1 does not exist or is no path."
        
                exit
        
        fi
        

        PATH=`echo "$1" | sed -e 's#/$##'`
        

        /usr/bin/find $PATH -type d -exec /bin/chmod 755 {} \;
        
        /usr/bin/find $PATH -type f -exec /bin/chmod 644 {} \;
        

        /bin/chown -R root:root $PATH
        

        pathes=(
        
                "$PATH/cache" \
        
                "$PATH/images" \
        
                "$PATH/_sf_archive" \
            
                    "$PATH/_sf_instances" \
        
                "$PATH/extensions/BlueSpiceFoundation/data" \
        
                "$PATH/extensions/BlueSpiceFoundation/config" \
        
                "$PATH/extensions/Widgets/compiled_templates" \
        
        )
        

        for i in "${pathes[@]}"; do
        
                if [ -d $i ]; then
        
                        /bin/chown -R $WWW_USER:$WWW_GROUP $i
        
                fi
        
        done
        

        if [ ! -d $WWW_CFG ]; then
        
                /bin/mkdir $WWW_CFG
        
        fi
        

        /bin/chown -R $WWW_USER:$WWW_GROUP $WWW_CFG
        

        /usr/bin/find $PATH/extensions -iname 'create_pygmentize_bundle' -exec /bin/chmod +x {} \;
        
        /usr/bin/find $PATH/extensions -iname 'pygmentize' -exec /bin/chmod +x {} \;
        
        /usr/bin/find $PATH/extensions -name 'lua' -type f -exec /bin/chmod 755 {} \;
        
</pre>
        

        If needed, replace the content of the variables 
            
variables 
            
WWW_USER="www-data"
        
         WWW_GROUP="www-data"
        

        with the approprate user and group of your distribution.
        

        After this, assign CHMOD 755 to this file. Now you can run the script and let it do the complete permission setting automatically with the following command:  
            
 
            
setWikiPerm <code>&lt;installpath-bluespice&gt;</code>
        

        {{Hint
        
        |text=<b>Note that when the update.php is executed on the console, the rights can be partially discarded. For this reason, set the rights to "update.php" again.</b>
        
        }}
        

        [[en:{{FULLPAGENAME}}]][[de:Setup:Installationsanleitung/Sicherheitseinstellungen/Dateisystemrechte]]
Line 3: Line 3:
  
  
For trouble-free usage of your BlueSpice installation<span class="">, the web server requires write permissions to several folders of the file system.</span> <span class="">However, it is recommended to keep the rights for all other files and folders to a minimum.</span> <span class="">This document shows you the relevant folders and the correct permissions setting.</span>
+
For trouble-free usage of your BlueSpice installation<span class="">, the web server requires write permissions to several folders of the file system.</span> <span class="">However, it is recommended to keep the rights for all other files and folders to a minimum.</span> <span class="">This document shows you the relevant folders and the correct permissions setting.</span>
  
 
==Tips for this Document==
 
==Tips for this Document==
 
* Please, read this manual completely and work through the single installation steps one after another.
 
* Please, read this manual completely and work through the single installation steps one after another.
* For editing the configuration files with a text editor, the files must be saved in UTF-8 coding without BOM (Byte Order Mark).
+
* For editing the configuration files with a text editor, the files must be saved in UTF-8 coding without BOM (Byte Order Mark).
* The placeholder <code></code> stands for the path to your BlueSpice installation, e.<code>C:\inetpub\wwwroot\bluespice</code> (Windows) or <code>/var/www/bluespice</code> (Linux).
+
* The placeholder <code></code> stands for the path to your BlueSpice installation, e.g <code>C:\inetpub\wwwroot\bluespice</code> (Windows) or <code>/var/www/bluespice</code> (Linux).
  
==Affected Folders==
+
==Affected Folders==
The folders, which require write permissions, are: 
+
The folders, which require write permissions, are:  
  
 
* <code>&lt;installpath-bluespice&gt;</code>/cache
 
* <code>&lt;installpath-bluespice&gt;</code>/cache
Line 17: Line 17:
 
* <code>&lt;installpath-bluespice&gt;</code>/extensions/BlueSpiceFoundation/config
 
* <code>&lt;installpath-bluespice&gt;</code>/extensions/BlueSpiceFoundation/config
 
* <code>&lt;installpath-bluespice&gt;</code>/extensions/BlueSpiceFoundation/data
 
* <code>&lt;installpath-bluespice&gt;</code>/extensions/BlueSpiceFoundation/data
* <code>&lt;installpath-bluespice&gt;</code>/extensions/Widgets/compiled_templates '''(only BlueSpice pro)'''
+
* <code>&lt;installpath-bluespice&gt;</code>/extensions/Widgets/compiled_templates '''(only BlueSpice pro)'''
  
 
==Assignment of Permissions with Windows==
 
==Assignment of Permissions with Windows==
Line 25: Line 25:
  
 
==Assignment of Permissions with Linux==
 
==Assignment of Permissions with Linux==
Here you can assign rights much more strictly, which is also recommended. Transfer the directory <code>&lt;installpath-bluespice&gt;</code> recursively to the user root (CHMOD for Files 644, CHMOD for Directories 755) and after this, transfer the mentioned directory recursively to the user and the group, under which the Apache Web Server runs (Debian/Ubuntu e.g. "www-data").
+
Here you can assign rights much more strictly, which is also recommended. Transfer the directory <code>&lt;installpath-bluespice&gt;</code> recursively to the user root (CHMOD for Files 644, CHMOD for Directories 755) and after this, transfer the mentioned directory recursively to the user and the group, under which the Apache Web Server runs (Debian/Ubuntu e.g. "www-data").
  
 
In the following, we provide a bash script, which works through this tasks for you with only one command.
 
In the following, we provide a bash script, which works through this tasks for you with only one command.
  
To do so, create the file /usr/local/bin/setWikiPerm and copy the following code into this file: 
+
To do so, create the file /usr/local/bin/setWikiPerm and copy the following code into this file:  
  
 
<pre>#!/bin/bash
 
<pre>#!/bin/bash
Line 57: Line 57:
 
         "$PATH/cache" \
 
         "$PATH/cache" \
 
         "$PATH/images" \
 
         "$PATH/images" \
 +
        "$PATH/_sf_archive" \
 
         "$PATH/_sf_instances" \
 
         "$PATH/_sf_instances" \
 
         "$PATH/extensions/BlueSpiceFoundation/data" \
 
         "$PATH/extensions/BlueSpiceFoundation/data" \
Line 81: Line 82:
 
</pre>
 
</pre>
  
If needed, replace the content of the variables 
+
If needed, replace the content of the variables
  
 
  WWW_USER="www-data"
 
  WWW_USER="www-data"
Line 88: Line 89:
 
with the approprate user and group of your distribution.
 
with the approprate user and group of your distribution.
  
After this, assign CHMOD 755 to this file. Now you can run the script and let it do the complete permission setting automatically with the following command:  
+
After this, assign CHMOD 755 to this file. Now you can run the script and let it do the complete permission setting automatically with the following command:
  
 
  setWikiPerm <code>&lt;installpath-bluespice&gt;</code>
 
  setWikiPerm <code>&lt;installpath-bluespice&gt;</code>

Attachments

Discussions