Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
Re: chmod madness, enlightened advice welcome
That’s gold info, Bloke. Thanks.
Quickly I just did a look on the production server at WebFaction…
For the Flarum install, for example, from the install root down, all directories are…
rwxrwsr-x 4 username username ...
and all files are
rw-r--r-- 1 username username ...
That seems to be 775 for directories and 644 for files ¯\_(ツ)_/¯, where “username” is my username for the web host account.
So I guess that would be the equivalent of destry/destry (or _www/_www) on my local setup, where username
has been added as member of the group?
Offline
Re: chmod madness, enlightened advice welcome
Bloke wrote #300027:
Assuming you’re averse to world-writable files (I am) now comes the dilemma. You want to be able to copy files in as “yourself” (destry/staff) but you also want the web server to be able to read and write content as “apache” (_www/_www). The easiest thing I find is to simply add yourself to the
_www
group.
This one-liner for Mac worked, where USER_NAME is, for example, ‘destry’:
sudo dseditgroup -o edit -a USER_NAME -t user _www
Before trying that, though, I ran:
groups root
I get:
wheel daemon kmem sys tty operator procview procmod everyone staff certusers localaccounts admin com.apple.sharepoint.group.1 _appstore _lpadmin _lpoperator _developer com.apple.access_ftp com.apple.access_screensharing com.apple.access_ssh
Presumably that’s all existing groups on Mac (because… ‘root’). But there’s no _www
listed there, which I presume is because that’s being named in Apache context only (in the httpd-conf file). So how could I add user ‘destry’ to a non-existing group (non-existing outside of Apache context)?
The answer seems to be that the group is created when the user is added to it, because by running this one-liner…
sudo dseditgroup -o edit -a destry -t user _www
And looking at groups via this dscl
command, shows explicit groups (those the user has been specifically assigned to), as defined in that dscl link you shared, Bloke:
dscl . search /Groups GroupMembership destry | grep = | awk '{print $1}'
_appserveradm
_appserverusr
_lpadmin
admin
com.apple.sharepoint.group.1
_www
There’s also the effective groups (those under which a given user can operate):
groups destry
staff com.apple.sharepoint.group.1 everyone localaccounts _www _appserverusr admin _appserveradm _lpadmin _appstore _lpoperator _developer com.apple.access_ftp com.apple.access_screensharing com.apple.access_ssh
I’m not sure what’s implied there by “can operate”.
And there’s also the recognized inferred groups (the groups that remain when the explicit groups are removed from the effective list):
staff everyone localaccounts _appstore _lpoperator _developer com.apple.access_ftp com.apple.access_screensharing com.apple.access_ssh
Only the explicit groups really makes sense to me. For example, I would have thought I should have added ‘destry’ to the ‘staff’ group too as an explicit assignment, but the destry user seems to be already assigned as an effective user. I don’t know what that difference means, exactly.
In any case, I now have ‘destry’ assigned to group ‘_www’, so I should be able to try using a more strict permissions setting? And if that still doesn’t work, I should explicitly add ‘destry’ to the ‘staff’ group?
I guess I have the tools and clues at this point to conduct experiments. ;)
Offline
Re: chmod madness, enlightened advice welcome
Destry wrote #300050:
This one-liner for Mac
Nice!
I would have thought I should have added ‘destry’ to the ‘staff’ group too as an explicit assignment, but the destry user seems to be already assigned as an effective user. I don’t know what that difference means, exactly.
Me neither. Apple have done some pretty crazy things with ACLs, most of which are beyond my comprehension because I’ve simply not had to delve into them (yet).
One other spanner to be aware of, btw, is the sticky bit and setuid/setgid. Sometimes you’ll see an ‘s’ or ‘S’ instead of an ‘x’ when you list a directory contents: that setting governs which user/group files run as at execution time and can have an impact on how things like apache behave. So keep an eye out for any such files and directories as they’re easy to miss, and can cause serious head-scratching.
I guess I have the tools and clues at this point to conduct experiments. ;)
Yes indeed. And I would be interested to know any relevant findings.
The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.
Txp Builders – finely-crafted code, design and Txp
Offline
Re: chmod madness, enlightened advice welcome
A propos of nothing, I used to develop directly on OS X but the now-yearly OS bump just broke too many things and I lost a whole glob of time fixing ‘em. In the end I opted for a Raspberry Pi (Raspbian) attached to my router (powered off USB, ethernet to the router) and I’m indescribably pleased with the way it works. No need to fix Apache each year, no mucking around with modules that Apple decide to disable for reasons unknown.
Offline
#17 2016-07-02 02:23:14
- gomedia
- Plugin Author
- Registered: 2008-06-01
- Posts: 1,373
Re: chmod madness, enlightened advice welcome
gaekwad wrote #300104:
… but the now-yearly OS bump just broke too many things …
Yes it can be a bit painful, but I’ve found these guides to be invaluable.
I upgraded my PHP recently* using this which describes obtaining PHP from here – a source I’ve used several times over the years.
*to be fair there was a slight hiccup – the comment from “info” is me!
Offline
Re: chmod madness, enlightened advice welcome
gaekwad wrote #300104:
I used to develop directly on OS X but the now-yearly OS bump just broke too many things
This had nothing to do with OS X, exactly, something just went a bit south with the php upgrade, typical. And I’ve never been very savvy about permissions and all that, so this has been a bit of worthwhile learning experience.
That said, who knows what Sierra will bring. ;)
Offline
Re: chmod madness, enlightened advice welcome
using MAMP pro i have never had any hiccups
…. texted postive
Offline
Re: chmod madness, enlightened advice welcome
bici wrote #300132:
using MAMP pro i have never had any hiccups
That’s because it’s a redundant install of an AMP stack on your machine, and the whole package is updated at once by vendor design (MAMP). I prefer using Mac’s native A-P binaries and installing M myself to keep my old machine free of redundant software. Homebrew makes adding/updating MySQL (the missing piece of the stack on Mac) super easy.
I can also put PHP under Homebrew care, but L//P was just as easy to install in this case and can be removed in 2 seconds when updating to Sierra. (httpd-conf and php.ini file adjustments are almost always needed in upgrade actions anyway.)
Btw, none of the permissions issues I was having affected my Txp installs at all (though they may still be using 777 on the writable directories), only Flarum. That said, I’ve never understood before why I could never chmod directories to 775 (always having to use 777), and this is a common problem with people in this community (search on “chmod” and you’ll see). And that fix has as much to do with the operating system, apparently, as it does with the flavor of AMP install. It’s also a problem with web hosts who don’t have servers configured to allow you to make directories 775.
There really should be a series of tutorials on how to change your gear to make 775 work, but that’s a bit out of Txp scope. Though this thread is a step in the right direction, thanks to Bloke, the man!
Offline
#21 2016-07-04 07:53:16
- Algaris
- Member
- From: England
- Registered: 2006-01-27
- Posts: 553
Re: chmod madness, enlightened advice welcome
There’s also virtualhostX
After many a mishap trying to get a local webserver up and running on my Mac, I’ve decided to try setting up and running an Ubuntu server on my Raspberry Pi (a nice little project for me over the summer).
Offline
Re: chmod madness, enlightened advice welcome
Algaris wrote #300154:
There’s also virtualhostX
Interesting! That looks a lot nicer than MAMP, albeit not free as in love. ;)
The RaspberryPi route is interesting too, but one downside for me is I’m often on the go and lugging around extra hardware in order to do a little cafe work isn’t practical.
Offline
Re: chmod madness, enlightened advice welcome
Destry wrote #300157:
The RaspberryPi route is interesting too, but one downside for me is I’m often on the go and lugging around extra hardware in order to do a little cafe work isn’t practical.
Keep meaning to post photos of my Pi 2’s custom case made out of Lego. Keeps it reasonably well-protected with flaps and stuff for port access. All I need is the lightweight PSU, plus an HDMI cable if I want to see the screen. Or, for a more wireless experience, a £6 wifi dongle means I can ssh in from any device that’s networked. Yeah, the pi is extra hardware and you need to plug it in somewhere. But soooo tiny :-)
The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.
Txp Builders – finely-crafted code, design and Txp
Offline