Difference between revisions of "Setup:Installation Guide/Security Settings/File System Permissions"

(Created page with "{{DISPLAYTITLE:File System Permissions}} __TOC__ For trouble-free usage of your BlueSpice installation<span class="">, the web server requires write permissions to several f...")
Tag: 2017 source edit
 
Tag: 2017 source edit
 
Line 8: Line 8:
 
*Please, read this manual completely and work through the single installation steps one after another.
 
*Please, read this manual completely and work through the single installation steps one after another.
 
*For editing the configuration files with a text editor, the files must be saved in UTF-8 coding without BOM (Byte Order Mark).
 
*For editing the configuration files with a text editor, the files must be saved in UTF-8 coding without BOM (Byte Order Mark).
*The placeholder <code></code> stands for the path to your BlueSpice installation, e.g <code>C:\inetpub\wwwroot\bluespice</code> (Windows) or <code>/var/www/bluespice</code> (Linux).
+
*The placeholder <code>&lt;installpath-bluespice&gt;</code> stands for the path to your BlueSpice installation, e.g <code>C:\inetpub\wwwroot\bluespice</code> (Windows) or <code>/var/www/bluespice</code> (Linux).
  
 
==Affected Folders==
 
==Affected Folders==

Latest revision as of 15:34, 22 December 2021


For trouble-free usage of your BlueSpice installation, the web server requires write permissions to several folders of the file system. However, it is recommended to keep the rights for all other files and folders to a minimum. This document shows you the relevant folders and the correct permissions setting.

Tips for this Document[edit | edit source]

  • Please, read this manual completely and work through the single installation steps one after another.
  • For editing the configuration files with a text editor, the files must be saved in UTF-8 coding without BOM (Byte Order Mark).
  • The placeholder <installpath-bluespice> stands for the path to your BlueSpice installation, e.g C:\inetpub\wwwroot\bluespice (Windows) or /var/www/bluespice (Linux).

Affected Folders[edit | edit source]

The folders, which require write permissions, are:

  • <installpath-bluespice>/cache
  • <installpath-bluespice>/images
  • <installpath-bluespice>/extensions/BlueSpiceFoundation/config
  • <installpath-bluespice>/extensions/BlueSpiceFoundation/data
  • <installpath-bluespice>/extensions/Widgets/compiled_templates (only BlueSpice pro)

Assignment of Permissions with Windows[edit | edit source]

Assign "change" rights for this folder for the local user "Everyone".

Setup:Setup windows permissions.jpg

Assignment of Permissions with Linux[edit | edit source]

Here you can assign rights much more strictly, which is also recommended. Transfer the directory <installpath-bluespice> recursively to the user root (CHMOD for Files 644, CHMOD for Directories 755) and after this, transfer the mentioned directory recursively to the user and the group, under which the Apache Web Server runs (Debian/Ubuntu e.g. "www-data").

In the following, we provide a bash script, which works through this tasks for you with only one command.

To do so, create the file /usr/local/bin/setWikiPerm and copy the following code into this file:

#!/bin/bash

WWW_USER="www-data"
WWW_GROUP="www-data"

WWW_HOME=`eval echo ~$WWW_USER`
WWW_CFG=$WWW_HOME/.config

if [ $# -eq 0 ]; then
        echo "You must enter the path of your MediaWiki installation."
        exit
elif [ ! -d $1 ]; then
        echo "$1 does not exist or is no path."
        exit
fi

if [ ! -f $1/LocalSettings.php ]; then
echo "$1 contains no Localsettings.php"
exit
fi


PATH=`echo "$1" | sed -e 's#/$##'`

/usr/bin/find $PATH -type d -exec /bin/chmod 755 {} \;
/usr/bin/find $PATH -type f -exec /bin/chmod 644 {} \;

/bin/chown -R root:root $PATH

pathes=(
        "$PATH/cache" \
        "$PATH/images" \
        "$PATH/_sf_archive" \
        "$PATH/_sf_instances" \
        "$PATH/extensions/BlueSpiceFoundation/data" \
        "$PATH/extensions/BlueSpiceFoundation/config" \
        "$PATH/extensions/Widgets/compiled_templates" \
)

for i in "${pathes[@]}"; do
        if [ -d $i ]; then
                /bin/chown -R $WWW_USER:$WWW_GROUP $i
        fi
done

if [ ! -d $WWW_CFG ]; then
        /bin/mkdir $WWW_CFG
fi

/bin/chown -R $WWW_USER:$WWW_GROUP $WWW_CFG

/usr/bin/find $PATH/extensions -iname 'create_pygmentize_bundle' -exec /bin/chmod +x {} \;
/usr/bin/find $PATH/extensions -iname 'pygmentize' -exec /bin/chmod +x {} \;
/usr/bin/find $PATH/extensions -name 'lua' -type f -exec /bin/chmod 755 {} \;

If needed, replace the content of the variables

WWW_USER="www-data"
WWW_GROUP="www-data"

with the approprate user and group of your distribution.

After this, assign CHMOD 755 to this file. Now you can run the script and let it do the complete permission setting automatically with the following command:

setWikiPerm <installpath-bluespice>
Note:Note that when the update.php is executed on the console, the rights can be partially discarded. For this reason, set the rights to "update.php" again.
No categories assignedEdit

Discussions