New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Insufficient permissions on generated CSS and JS files #1507
Comments
An addition: my system's default umask is 0027. |
on every page view, in the FrontController in init:
This should have triggered an error asking you to put write permissions on the directory. The testing code is in Piwik::checkDirectoriesWritable() Somehow I expect your directories to have is_writable() == true, but still they are not writable by the web server. Why is that that is_writable returns true in checkDirectoriesWritable? any idea? |
Note that if the webserver can't write in tmp/cache/ this is pretty bad for performance, as Tracker will be doing potentially several SQL reads per page view, instead of caching in files the website data. |
I'm running PHP as CGI with SuExec. So PHP-scripts are executed as user1 and have full (read+write) permissions, but the webserver-user itself is just in the user1-group and thus can have other permissions to the files than the PHP-scripts. |
If php runs with suexec, what is user1's umask? |
The umask is 0077 when testing with <? passthru('umask'); ?>. |
(In [2660]) fixes #1507 |
I checked out and tested trunk - the files now have sufficient permissions, but the tmp/assets-directory still needs a chmod g+x so that the webserver is able to read files within it. The problem is, that the permissions that are passed to Piwik_Common:mkdir when creating the directory are masked by the umask too. When i add
directly after the mkdir call in line 311 in Common.php it's working. But I'm not sure if it's a good solution to bypass the umask everytime for all directories... |
(In [2669]) refs #1507 - override umask only on public folders |
Note: we're switching to a php proxy in #1527 -- I'll revert some/all of the previous changes once the new code is commited. |
After upgrading to 0.6.5 via web interface (and also after a new manual installation) the web interface's stylesheet is gone and "Oops problem during the request, please try again."-message appears. Maybe the priority of this bug is even "critical".
Apache Access Log says:
The directories in /tmp/ have only rwx permissions for owner:
JS and CSS in /tmp/assets/:
After manually doing cmhod g+rx tmp/* and chmod g+r tmp/assets/* the web interface is working again (on my system the user apache is running as is in group user1 - thus read access for group is sufficient in my case).
Maybe the the script, that creates the files and directories, should do a chmod afterwards. (I don't know if there is a best-practise to automatically determine which would be the minimal-sufficient permissions. a+rx and a+r would be the easiest.)
The text was updated successfully, but these errors were encountered: