Setup:Installation Guide/Security Settings/File System Permissions: Difference between revisions

No edit summary
No edit summary
Tag: 2017 source edit
 
Line 65: Line 65:
         "$PATH/_sf_instances" \
         "$PATH/_sf_instances" \
         "$PATH/extensions/BlueSpiceFoundation/data" \
         "$PATH/extensions/BlueSpiceFoundation/data" \
        "$PATH/extensions/BlueSpiceFoundation/config" \
         "$PATH/extensions/Widgets/compiled_templates" \
         "$PATH/extensions/Widgets/compiled_templates" \
)
)

Latest revision as of 11:40, 25 July 2023

For trouble-free usage of your BlueSpice installation, the web server requires write permissions to several folders of the file system. However, it is recommended to keep the rights for all other files and folders to a minimum. This document shows you the relevant folders and the correct permissions setting.

Tips for this Document

  • Please, read this manual completely and work through the single installation steps one after another.
  • For editing the configuration files with a text editor, the files must be saved in UTF-8 coding without BOM (Byte Order Mark).
  • The placeholder <installpath-bluespice> stands for the path to your BlueSpice installation, e.g C:\inetpub\wwwroot\bluespice (Windows) or /var/www/bluespice (Linux).

Affected Folders

The folders, which require write permissions, are:

  • <installpath-bluespice>/cache
  • <installpath-bluespice>/images
  • <installpath-bluespice>/extensions/BlueSpiceFoundation/config (only until BlueSpice v. 4.2.x)  -v4.2.x
  • <installpath-bluespice>/extensions/BlueSpiceFoundation/data
  • <installpath-bluespice>/extensions/Widgets/compiled_templates (only BlueSpice pro)

Assignment of Permissions with Windows

Assign "change" rights for this folder for the local user "Everyone".

Setup:Setup windows permissions.jpg

Assignment of Permissions with Linux

Here you can assign rights much more strictly, which is also recommended. Transfer the directory <installpath-bluespice> recursively to the user root (CHMOD for Files 644, CHMOD for Directories 755) and after this, transfer the mentioned directory recursively to the user and the group, under which the Apache Web Server runs (Debian/Ubuntu e.g. "www-data").

In the following, we provide a bash script, which works through this tasks for you with only one command.

To do so, create the file /usr/local/bin/setWikiPerm and copy the following code into this file:

#!/bin/bash

WWW_USER="www-data"
WWW_GROUP="www-data"

WWW_HOME=`eval echo ~$WWW_USER`
WWW_CFG=$WWW_HOME/.config

if [ $# -eq 0 ]; then
        echo "You must enter the path of your MediaWiki installation."
        exit
elif [ ! -d $1 ]; then
        echo "$1 does not exist or is no path."
        exit
fi

if [ ! -f $1/LocalSettings.php ]; then
echo "$1 contains no Localsettings.php"
exit
fi


PATH=`echo "$1" | sed -e 's#/$##'`

/usr/bin/find $PATH -type d -exec /bin/chmod 755 {} \;
/usr/bin/find $PATH -type f -exec /bin/chmod 644 {} \;

/bin/chown -R root:root $PATH

pathes=(
        "$PATH/cache" \
        "$PATH/images" \
        "$PATH/_sf_archive" \
        "$PATH/_sf_instances" \
        "$PATH/extensions/BlueSpiceFoundation/data" \
        "$PATH/extensions/Widgets/compiled_templates" \
)

for i in "${pathes[@]}"; do
        if [ -d $i ]; then
                /bin/chown -R $WWW_USER:$WWW_GROUP $i
        fi
done

if [ ! -d $WWW_CFG ]; then
        /bin/mkdir $WWW_CFG
fi

/bin/chown -R $WWW_USER:$WWW_GROUP $WWW_CFG

/usr/bin/find $PATH/extensions -iname 'create_pygmentize_bundle' -exec /bin/chmod +x {} \;
/usr/bin/find $PATH/extensions -iname 'pygmentize' -exec /bin/chmod +x {} \;
/usr/bin/find $PATH/extensions -name 'lua' -type f -exec /bin/chmod 755 {} \;

If needed, replace the content of the variables

WWW_USER="www-data"
WWW_GROUP="www-data"

with the approprate user and group of your distribution.

After this, assign CHMOD 755 to this file. Now you can run the script and let it do the complete permission setting automatically with the following command:

setWikiPerm <installpath-bluespice>
Note:Note that when the update.php is executed on the console, the rights can be partially discarded. For this reason, set the rights to "update.php" again.



To submit feedback about this documentation, visit our community forum.