Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[RFC] give web user rights to /web #3804

Closed
craigh opened this issue Sep 4, 2017 · 4 comments
Closed

[RFC] give web user rights to /web #3804

craigh opened this issue Sep 4, 2017 · 4 comments
Labels
Feedback required
Milestone
3.0.0

Comments

@craigh
Copy link
Member

craigh commented Sep 4, 2017

In order for zikula to function, we may need to force the installer to require that the /web directory have 0777 rights. We currently have an htaccess file to prevent php files from running there. We should probably also at least document how to secure the same for nginx (https://symfony.com/doc/current/setup/web_server_configuration.html#nginx)

Giving full rights to the directory could have other security implications which could be a problem. But these problems may be the same as any current issues we may have.

Making this change is non-symfony preferred.

Making this change would allow dynamic (and quite simple) installation of assets and other required files (e.g. web/js/*)

refs #3273
@craigh craigh added this to the 2.1.0 milestone Sep 4, 2017
@craigh
Copy link
Member Author

craigh commented Sep 4, 2017

one suggestion was

give the directory to the web group, then use chmod g+w
or use setfacl

https://linux.die.net/man/1/setfacl

another was to create web/zikula and chmod 0777 this directory only. move all assets related to the dynamic parts of zikula here. and then use asset groups to facilitate this

{{ asset('your_path', 'zikula') }}

framework:
    assets:
         packages:
              zikula:
                    base_path: /zikula

if its your default you can:

{{ asset('your_path') }}

framework:
    assets:
         base_path: /zikula

This was referenced Sep 15, 2017
Closed
Closed
@Guite
Copy link
Member

Guite commented Oct 2, 2017

Workaround for #3807 which is related: 78d9e04

@Kaik
Copy link
Contributor

Kaik commented Jan 15, 2018

I do not think it is a good idea. As far as I understand this, the problem is because PHP does not have permissions to write to specified dir. I think problems with permissions/access are because the server (apache/ngix + PHP ) set up forces specific permissions that all dirs and files need to have to work properly. There are various ways of setting up how PHP works under apache/ngix and those implicate what permissions/groups a file or directory should have in order to work properly.
The additional problem comes to play using cli you can use cli both ways:

  • via php script - depending on php setup as apache user
  • directly via terminal - as logged in user

Of course, the easiest way is to chmod everything with 777 and whoever needs to write delete etc will be able to do it but that is wrong.

The best way is to add cli user to apache group or add apache to user group and perms for user and group this way only 775 only for relevant dir.

@Guite Guite mentioned this issue Mar 15, 2018
Closed
This was referenced Sep 24, 2018
Closed
Closed
@Guite Guite mentioned this issue Oct 3, 2018
Closed
@Guite Guite modified the milestones: 2.1.0, 3.0.0 Nov 2, 2018
@Guite Guite mentioned this issue Dec 31, 2019
Closed
@Guite Guite modified the milestones: 3.0.0, 4.0.0 Jan 6, 2020
@craigh
Copy link
Member Author

craigh commented Jan 27, 2020

@Guite I think this can be closed since there is no longer a web directory and the publicdirectory is fully accessible by the http client now.

@Guite Guite modified the milestones: 4.0.0, 3.0.0 Jan 28, 2020
Guite added a commit that referenced this issue Jan 28, 2020
@Guite
updated check for dumped JS routes, refs #3804
cc1221d
@Guite Guite closed this as completed Jan 28, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feedback required
Projects
None yet
Milestone
3.0.0
Development

No branches or pull requests
3 participants
@Guite @craigh @Kaik