File System Permissions

From BlueSpice

< Setup:Installation Manual‎ | Security Settings
Jump to: navigation, search


For trouble-free usage of your BlueSpice installation, the web server requires write permissions to several folders of the file system. However, it is recommended to keep the rights for all other files and folders to a minimum. This document shows you the relevant folders and the correct permissions setting.

Tips for this Document

  • Please, read this manual completely and work through the single installation steps one after another.
  • For editing the configuration files with a text editor, the files must be saved in UTF-8 coding without BOM (Byte Order Mark).
  • The placeholder  stands for the path to your BlueSpice installation, e.g C:\inetpub\wwwroot\bluespice (Windows) or /var/www/bluespice (Linux).

Affected Folders

The folders, which require write permissions, are: 

  • <installpath-bluespice>/cache
  • <installpath-bluespice>/images
  • <installpath-bluespice>/extensions/BlueSpiceFoundation/config
  • <installpath-bluespice>/extensions/BlueSpiceFoundation/data
  • <installpath-bluespice>/extensions/Widgets/compiled_templates (only BlueSpice pro)

Assignment of Permissions with Windows

Assign "change" rights for this folder for the local user "Everyone".

Setup:Setup windows permissions.jpg

Assignment of Permissions with Linux

Here you can assign rights much more strictly, which is also recommended. Transfer the directory <installpath-bluespice> recursively to the user root (CHMOD for Files 644, CHMOD for Directories 755) and after this, transfer the mentioned directory recursively to the user and the group, under which the Apache Web Server runs (Debian/Ubuntu e.g. "www-data").

In the following, we provide a bash script, which works through this tasks for you with only one command.

To do so, create the file /usr/local/bin/chownWiki and copy the following code into this file: 

#!/bin/bash

WWW_USER="www-data"
WWW_GROUP="www-data"

WWW_HOME=`eval echo ~$WWW_USER`
WWW_CFG=$WWW_HOME/.config

if [ $# -eq 0 ]; then
        echo "You must enter the path of your MediaWiki installation."
        exit
elif [ ! -d $1 ]; then
        echo "$1 does not exist or is no path."
        exit
fi

PATH=`echo "$1" | sed -e 's#/$##'`

/usr/bin/find $PATH -type d -exec /bin/chmod 755 {} \;
/usr/bin/find $PATH -type f -exec /bin/chmod 644 {} \;

/bin/chown -R root:root $PATH

pathes=(
        "$PATH/cache" \
        "$PATH/images" \
        "$PATH/_sf_instances" \
        "$PATH/extensions/BlueSpiceFoundation/data" \
        "$PATH/extensions/BlueSpiceFoundation/config" \
        "$PATH/extensions/Widgets/compiled_templates" \
)

for i in "${pathes[@]}"; do
        if [ -d $i ]; then
                /bin/chown -R $WWW_USER:$WWW_GROUP $i
        fi
done

if [ ! -d $WWW_CFG ]; then
        /bin/mkdir $WWW_CFG
fi

/bin/chown -R $WWW_USER:$WWW_GROUP $WWW_CFG

/bin/chmod 755 $PATH/extensions/SyntaxHighlight_GeSHi/pygments/create_pygmentize_bundle
/bin/chmod 755 $PATH/extensions/SyntaxHighlight_GeSHi/pygments/pygmentize

If needed, replace the content of the variables 

WWW_USER="www-data"
WWW_GROUP="www-data"

with the approprate user and group of your distribution.

After this, assign CHMOD 755 to this file. Now you can run the script and let it do the complete permission setting automatically with the following command:  

chownWiki <installpath-bluespice>
Hint.jpg
Note that when the update.php is executed on the console, the rights can be partially discarded. For this reason, set the rights to "update.php" again.