Difference between revisions of "X-Cart:Setting up file permissions"

From X-Cart 4 Classic
Jump to: navigation, search
(Temporary and service directories: Directory var)
 
(10 intermediate revisions by 2 users not shown)
Line 10: Line 10:
 
<pre>
 
<pre>
 
<?php
 
<?php
 
 
$processUser = posix_getpwuid(posix_geteuid());
 
$processUser = posix_getpwuid(posix_geteuid());
 
 
print get_current_user() . " / " . $processUser['name'];
 
print get_current_user() . " / " . $processUser['name'];
 
 
?>
 
?>
 
</pre>
 
</pre>
Line 34: Line 31:
  
 
For example, the permissions code 740 for a file would mean that the file owner can read, write and execute the file (7), the group members can only read the file (4) and other users can do nothing with the file (0); the permissions code 511 for a directory would mean that the file owner read the contents of the directory and search in the directory (5) while the group members and other users can only search in the directory (1).
 
For example, the permissions code 740 for a file would mean that the file owner can read, write and execute the file (7), the group members can only read the file (4) and other users can do nothing with the file (0); the permissions code 511 for a directory would mean that the file owner read the contents of the directory and search in the directory (5) while the group members and other users can only search in the directory (1).
 +
 +
See also:
 +
* [[X-Cart:How_to_manage_file_permissions_on_UNIX_server.3F | How to manage file permissions on UNIX server?]]
 +
* [[X-Cart:How_to_configure_access_file_permissions_on_Windows_Server%3F | How to configure access file permissions on Windows Server?]]
  
 
===Setting up file permissions for X-Cart files and directories===
 
===Setting up file permissions for X-Cart files and directories===
Line 58: Line 59:
  
 
* Owner: read, write and search
 
* Owner: read, write and search
* Group: read, write and search
+
* Group: read and write
* Other: read, write and search
+
* Other: read and write
  
 
Files: 644
 
Files: 644
Line 70: Line 71:
 
These permissions must be set for directories <u>admin</u>, <u>customer</u>, <u>include</u>, <u>mail</u>, <u>modules</u>,<u>partner</u>, <u>payment</u>, <u>provider</u>, <u>shipping</u> and <u>upgrade</u> and their subdirectories, and for all *.php files from these directories and the X-Cart root directory.
 
These permissions must be set for directories <u>admin</u>, <u>customer</u>, <u>include</u>, <u>mail</u>, <u>modules</u>,<u>partner</u>, <u>payment</u>, <u>provider</u>, <u>shipping</u> and <u>upgrade</u> and their subdirectories, and for all *.php files from these directories and the X-Cart root directory.
  
==== Templates and directories containing templates ====
+
==== Templates and directories containing templates and embedded static pages ====
  
 
<div>
 
<div>
Line 102: Line 103:
 
</div>
 
</div>
  
These permissions must be set for the directory <u>skin</u> and all its subdirectories, and for all files in the directory <u>skin</u>and its subdirectories.
+
These permissions must be set for the directory <u>skin</u> and all its subdirectories, and for all files in the directory <u>skin</u> and its subdirectories.
  
 
{{XC 4.0}}
 
{{XC 4.0}}
{{Note1| Note: In versions prior to 4.4, templates are stored in the directory <u>skin1</u>}}
+
{{Note1| <b>Note</b>: In versions prior to 4.4.x, templates are stored in the directory <u>skin1</u>}}
 +
 
 +
{{Note1| <b>Note</b>: Root level [[X-Cart:Static_Pages | static pages]] are stored in the X-Cart root directory, so if you want to be able to edit these pages via X-Cart admin back-end, set the same permissions (as specified above) for the X-Cart root directory and for the corresponding static page's files located in it.}}
  
 
==== Temporary and service directories: Directory .pgp ====
 
==== Temporary and service directories: Directory .pgp ====
Line 128: Line 131:
  
 
* Owner: read, write and search
 
* Owner: read, write and search
* Group: read and search
+
* Group: read, write and search
* Other: read and search
+
* Other: read, write and search
  
 
Files: 644
 
Files: 644
Line 242: Line 245:
  
 
These permissions must be set up for the directory <u>var</u> and its subdirectories, and for all files in the the directory <u>var</u> and its subdirectories.
 
These permissions must be set up for the directory <u>var</u> and its subdirectories, and for all files in the the directory <u>var</u> and its subdirectories.
 +
 +
 +
===Example of setting permissions to files and folders===
 +
 +
<pre>
 +
cd <xcart_dir>
 +
find . -type d -exec chmod 755 {} \;
 +
find . -type f -exec chmod 644 {} \;
 +
</pre>
 +
 +
[[Category:X-Cart user manual]]

Latest revision as of 22:00, 31 May 2017

General info

The exact set of file permissions would depend on whether the scripts are run in the privileged mode or non-privileged mode. The privileged mode means that scripts are run under the user who is the owner of the files while in the non-privileged mode scripts are run under a different user. This implies two different approaches to setting up file permissions:

  • In the privileged mode, permissions must be granted to the owner of the files only as the scripts run under that user. Permissions for the members of the files' group and other users must be disabled then.
  • In the non-privileged mode, permissions must be granted to the owner of the files, members of the files' group and other users who are not the owner of the file or members of the group.

On the Apache web server running on a UNIX-based operating system you can find out the current mode by running in a web browser the PHP script below. The script will display two user names: the name of the script owner who put the files to the server through FTP or SSH, and the name of the user who runs the scripts. If the two names coincide, the privileged mode is enabled; otherwise, you work in the non-privileged mode.

<?php
$processUser = posix_getpwuid(posix_geteuid());
print get_current_user() . " / " . $processUser['name'];
?>

On a UNIX-based operating system file permissions for a file are changed through the the following shell command.

chmod <permissions_code> <file_path>

The permissions_code part must be a three-digit number where each digit represents a different component of the permission set: file owner, members of the group who the file owner belongs to and other users who are not the file owner or group members. Each digit is a sum of three digits, which can be 0 (no permission), 1 (execute a file or search in a directory), 2 (write) or 4 (read). Below is a list of all available values and their meaning:

  • 0 : No permission
  • 1 : Execute/search
  • 2 : Write
  • 3 : Write and execute/search
  • 4 : Read
  • 5 : Read and execute/search
  • 6 : Read and write
  • 7 : Read, write and execute/search

For example, the permissions code 740 for a file would mean that the file owner can read, write and execute the file (7), the group members can only read the file (4) and other users can do nothing with the file (0); the permissions code 511 for a directory would mean that the file owner read the contents of the directory and search in the directory (5) while the group members and other users can only search in the directory (1).

See also:

Setting up file permissions for X-Cart files and directories

Scripts and directories containing scripts

Privileged Mode Non-privileged Mode
Directories: 711
  • Owner: read, write and search
  • Group: search
  • Other: search

Files: 600

  • Owner: read and write
  • Group: no permission
  • Other: no permission
Directories: 755
  • Owner: read, write and search
  • Group: read and write
  • Other: read and write

Files: 644

  • Owner: read and write
  • Group: read
  • Other: read

These permissions must be set for directories admin, customer, include, mail, modules,partner, payment, provider, shipping and upgrade and their subdirectories, and for all *.php files from these directories and the X-Cart root directory.

Templates and directories containing templates and embedded static pages

Privileged Mode Non-privileged Mode
Directories: 711
  • Owner: read, write and search
  • Group: search
  • Other: search

Files: 644

  • Owner: read and write
  • Group: read
  • Other: read
Directories: 777
  • Owner: read, write and search
  • Group: read, write and search
  • Other: read, write and search

Files: 666

  • Owner: read and write
  • Group: read and write
  • Other: read and write

These permissions must be set for the directory skin and all its subdirectories, and for all files in the directory skin and its subdirectories.

X-Cart 4.0or above
Note: In versions prior to 4.4.x, templates are stored in the directory skin1
Note: Root level static pages are stored in the X-Cart root directory, so if you want to be able to edit these pages via X-Cart admin back-end, set the same permissions (as specified above) for the X-Cart root directory and for the corresponding static page's files located in it.

Temporary and service directories: Directory .pgp

Privileged Mode Non-privileged Mode
Directories: 711
  • Owner: read, write and search
  • Group: search
  • Other: search

Files: 644

  • Owner: read and write
  • Group: read
  • Other: read
Directories: 777
  • Owner: read, write and search
  • Group: read, write and search
  • Other: read, write and search

Files: 644

  • Owner: read and write
  • Group: read
  • Other: read

These permissions must be set for the directory .pgp and its subdirectories, and for all files in the directory .pgp and its subdirectories.

Temporary and service directories: Directories catalog and images

Privileged Mode Non-privileged Mode
Directories: 711
  • Owner: read, write and search
  • Group: search
  • Other: search

Files: 644

  • Owner: read and write
  • Group: read
  • Other: read
Directories: 777
  • Owner: read, write and search
  • Group: read, write and search
  • Other: read, write and search

Files: 666

  • Owner: read and write
  • Group: read and write
  • Other: read and write

These permissions must be set for the directories catalog and images and their subdirectories, and for all files in the directories catalog and images and their subdirectories.

Temporary and service directories: Directory files

Privileged Mode Non-privileged Mode
Directories: 711
  • Owner: read, write and search
  • Group: search
  • Other: search

Files: 644

  • Owner: read and write
  • Group: read
  • Other: read
Directories: 777
  • Owner: read, write and search
  • Group: read, write and search
  • Other: read, write and search

Files: 666

  • Owner: read and write
  • Group: read and write
  • Other: read and write

These permissions must be set for the directory files and its subdirectories, and for all files in the the directory files and its subdirectories.

Temporary and service directories: Directory var

Privileged Mode Non-privileged Mode
Directories: 711
  • Owner: read, write and search
  • Group: search
  • Other: search

Files: 644

  • Owner: read and write
  • Group: read
  • Other: read
Directories: 777
  • Owner: read, write and search
  • Group: read, write and search
  • Other: read, write and search

Files: 666

  • Owner: read and write
  • Group: read and write
  • Other: read and write

These permissions must be set up for the directory var and its subdirectories, and for all files in the the directory var and its subdirectories.


Example of setting permissions to files and folders

cd <xcart_dir>
find . -type d -exec chmod 755 {} \;
find . -type f -exec chmod 644 {} \;