Author: Christian Sommer (doc); Code snippet (pcwacht)

A lot of threads in the WB forum are related to troubles caused by file permissions on a Unix/Linux operating system. This section provides some basic information about file permissions and shows ways how to prevent issues with file permissions.

Basics

All files or folders on Linux/Unix based operating systems belong to a specific user and group. This mechanism is used to limit the access of files and folders.

File owner

To access a file on a server, one requires a user account on that server. In general, the user account is password protected and assigned to a certain group. The following groups can be found on many web servers: ftp-user, root, wwrun-user. All actions and programs (e.g. FTP) which are executed on a system are executed with the permissions of a certain user.

Note:
Files uploaded via FTP to the webserver are in general assigned to the group: ftp-user. Files created via a PHP script on the server are in general assigned to the group: wwwrun-user. Depending on your server settings, files created by a PHP script may not be edited or deleted by a FTP program and vice versa.

File permissions and groups

Each file belongs to a specific user and group. Access to the files is controlled by user (owner), group, and what is called other (world). The term, other, is used to refer to someone who is not the user (owner) of the file, nor is the person a member of the group the file belongs to. When talking about setting permissions for "other" users to use, it is commonly referred to as setting the world execute, read, or write bit since anyone in the world will be able to perform the operation if the permission is set in the other category.

The permissions which can be set for user (owner), group or others are shown in the table below.

Permission Value
none 0
execute 1
write 2
read 4

Table 1 - Permissions

If you want allow the owner of a file to: read, write (includes delete) and execute a file while others can only read the file, one needs to set the following flags: User (owner) = 1 + 2 + 4 = 7, group = 4, others = 4. As the default order is user, group, others, one could combine this to: 0744. The "0" tells the computer that the number is based on the octal numeral system.

Examples¶

777 - Read, write and execute permissions for user (owner), group and others (Note: lowest security level, all kann modify or delete this file)

755 - Read, write and execute permission for the owner. All others can read and execute the file, but are not allowed to modify or delete it.

Remember:
Each file and folder requires a permission for: user, group and world. The file permission is defined by adding the values shown in Table 1.

Trouble with file permissions

While copying (FTP) the required installation files of WebsiteBaker to your server, all files and folders will be assigned to the account: ftp-user.

Pages added via the WB backend, as well as Add-ons (modules, templates, language files) are created by PHP scripts and are therefore assigned to the account: wwwrun-user.

Depending on your server settings, you may run into problems if you try to move or delete files created by WebsiteBaker (wwwrun-user) with a FTP program (ftp-user) and vice versa.

To avoid such kind of problems, one should modify template files installed via the WB backend be the use of the administration tool Template Edit only. If you upload a file to your template folder by the use of FTP, you may not be able to delete that template via the WB backend, as your uploaded file will be assigned to ftp-user.

Recommendation:
Always use the WB backend to install Add-ons such as modules, templates or language files. Pages should be added and deleted via the WB backend: Pages menu. Sooner or later one will run into problems when mixing files assigned to ftp-user and wwwrun-user.

Check file permissions

PCWacht of the WebsiteBaker Development Team has released a little piece of PHP Code (called a "snippet") which can be pasted into either a standalone PHP page (pages directory of WB) or a WB-Code page to show if the permissions are OK. It will only work within a default WebsiteBaker Installation.

Simply add a page of type code and paste the following code. The code checks the folders: /templates, /pages, /languages and /media of your WB installation.

function check_dir($path) {
   sprintf("checking: ".$path."");
   $dh = opendir($path);
   while (($file = readdir($dh)) !== false) {
      if ($file!='.' || $file!='..') {
         if (is_dir($path.'/'.$file)) {
            check_dir($path.'/'.$file);
         } else { 
           if (is_writable($path.'/'.$file)) {
              echo 'Green :'.$file.'';
           } else {
              echo '#### Not ok! :'.$file.'';
           }
         }
      }
   }
   closedir($dh);
}

check_dir('../temp');
check_dir('../templates');
check_dir('../pages');
check_dir('../languages');
check_dir('../media');