Question about directory/file permissions

rymonator · May 12, 2011, 4:25pm

So I don’t want other users on my system to be able to edit files in the /protected folder, a controller file for example, but I also obviously need the system to be able to access those files. I really want the ‘admins’ group to be able to edit files, but at the same time I have to make certain files writable for anyone or I get this error:




Application runtime path "/var/priv/protected/runtime" is not valid. Please make sure it is a directory writable by the Web server process.

I think I’m missing something very obvious, but how can I restrict any old user from editing files while still allowing Yii to do its thing? Thanks.

Asgaroth · May 12, 2011, 4:34pm

Just make runtime folder 775

rymonator · May 12, 2011, 4:42pm

Didn’t work. How would Yii be part of the correct group? Unless when I create the application it uses the primary group of the creator…or something…but I created a new group called admins that I want to be the group that is allowed to edit files.

jacmoe · May 12, 2011, 5:54pm

Apache?

If so, you probably need to change the Apache umask.

On my system, it’s /etc/apache2/envvars:

Add this line to it:


umask 002

That should make all files created by the Apache process writeable to both user and group.

IIRC, by default it’s writable only to the creator.

Then add any users to the www-data group (or whatever group it is that Apache uses), and that’s it.

Now both creator and group can modify the generated by the Apache process (PHP included) files.

iivano71 · May 12, 2011, 8:54pm

if you using one account witch dont have apache group you have to set in apache conf file a line gorup : apace and user : apache to your user