Composr Tutorial: File permissions

Written by Chris Graham
This tutorial lists the file permissions Composr needs. It is useful when:
  • Installing with the manual installer
  • Moving Composr between servers and manually resetting permissions
  • Fixing permissions if something has broken them (e.g. a webhost making a mistake)

For an explanation of how Linux file permissions work, see the Linux file permissions tutorial. When configuring Windows permissions via FTP/SFTP, Linux file permissions are emulated for you.


Quick installer

If installing with the quick installer you should not need to manually set any of the file permissions in this tutorial. The quick installer will handle it for you.

suEXEC is strongly recommended

In the ideal world you'd be on a suEXEC-style server, which is described in the Webhosting for Composr tutorial. But basically it's where the PHP script is run as your own user.

However, in the real world there are still webhosts that do not use suEXEC, and self-installs of Apache are often configured without it.

If you do have an Apache self install it is best to use suEXEC if you possibly can, or to assign all the file ownerships to the same owner as the Apache user (e.g. nobody or apache, depending on the server).

suEXEC will save you a lot of headaches doing things like addon management, because such an operation potentially needs write access to everything. We do pipe through FTP in this scenario, but it's complicated, slow, and more prone to error if something goes wrong.

Automating permission setting

If you have access to a shell (ask your webhost if you don't know) then you can avoid manually setting permissions, making use of our helper scripts.

The helper_scripts addon will be required, which is kept by default.

On Linux

On Linux a typical shell is brought up using SSH. Set up of SSH is beyond the scope of this tutorial. That said, on a Windows desktop you can use PuTTY to access SSH, and on Linux and Mac an ssh command is built-in.

From the shell, cd to the Composr base directory and run this command:

Code (Bash)

php fixperms.php
 

On Windows

Run php fixperms.php from the Composr base directory.

Permissions required without suEXEC

Image

Tick (check) the highlighted boxes for all the files/folders listed to the left. This screenshot was taken on a Mac using Cyberduck, but the process is similar for other software. Usually to get to a screen like this you right-click on a file/folder and choose something like 'Properties'.

Tick (check) the highlighted boxes for all the files/folders listed to the left. This screenshot was taken on a Mac using Cyberduck, but the process is similar for other software. Usually to get to a screen like this you right-click on a file/folder and choose something like 'Properties'.

(Click to enlarge)

Set the following to 777 (full directory permissions):
  • _compiled
  • adminzone/pages/comcode_custom/<for-each-language>
  • adminzone/pages/html_custom/<for-each-language>
  • caches/http
  • caches/lang/<for-each-language>
  • caches/lang
  • caches/persistent
  • caches/self_learning
  • caches/static
  • cms/pages/comcode_custom/<for-each-language>
  • cms/pages/html_custom/<for-each-language>
  • data_custom/modules/admin_backup
  • data_custom/modules/chat
  • data_custom/modules/web_notifications
  • data_custom/sitemaps
  • data_custom/spelling/personal_dicts
  • data_custom/xml_config
  • exports/*
  • forum/pages/comcode_custom/<for-each-language>
  • forum/pages/html_custom/<for-each-language>
  • imports/*
  • lang_custom/<for-each-language>
  • lang_custom
  • pages/comcode_custom/<for-each-language>
  • pages/html_custom/<for-each-language>
  • temp
  • site/pages/comcode_custom/<for-each-language>
  • site/pages/html_custom/<for-each-language>
  • text_custom/<for-each-language>
  • text_custom
  • themes/<for-each-theme>/css_custom
  • themes/<for-each-theme>/images_custom
  • themes/<for-each-theme>/javascript_custom
  • themes/<for-each-theme>/templates_cached/<for-each-language>
  • themes/<for-each-theme>/templates_custom
  • themes/<for-each-theme>/text_custom
  • themes/<for-each-theme>/xml_custom
  • themes
  • tmp (this is a folder needed only by the quick installer – and you will need to make it and set permissions immediately or wait until the quick installer makes it and then fails due to lack of permissions on it)
  • uploads/attachments
  • uploads/attachments_thumbs
  • uploads/auto_thumbs
  • uploads/banners
  • uploads/captcha
  • uploads/catalogues
  • uploads/cns_avatars
  • uploads/cns_cpf_upload
  • uploads/cns_photos
  • uploads/downloads
  • uploads/ecommerce
  • uploads/filedump
  • uploads/galleries
  • uploads/galleries_thumbs
  • uploads/incoming
  • uploads/personal_sound_effects
  • uploads/repimages
  • uploads/watermarks
  • uploads/website_specific

Set the following to 666 (full read/write permissions):
  • _config.php
  • data_custom/errorlog.php
  • data_custom/firewall_rules.txt
  • themes/map.ini

Permissions with suEXEC

The default 744 (directory) and 644 (file) permissions should be suitable. This grants read access to everyone, and write access just to the hosting account. There's no need to block read access for your files to other users.

The exception is _config.php and _config.php.bak.*, which should be 600 for additional security (because it contains passwords). The installer will set this for you automatically, so you shouldn't need to worry.

CGI servers

It has been reported to us that some Linux CGI-based PHP installations (as opposed to module-based PHP installations) require PHP scripts to be given 'execute' permission. This is a very rare (and insecure) configuration, but if there is this requirement, the following files need to be given execute permission…
  • Any index.php file
  • All PHP files in the root directory, except _config.php
  • All PHP files in the data directory
  • All PHP files in the main directory for a zone (e.g. /, and /adminzone) directories)

The quick installer handles this automatically.

See also


Feedback

Please rate this tutorial:

Have a suggestion? Report an issue on the tracker.