Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.

For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email community@magento.com.

Magento Forum

Page 1 of 2
Do I have to chmod 777 everyfile/folder to use magento connect? 
 
nabuhonodozor
Member
 
Avatar
Total Posts:  51
Joined:  2008-03-27
 

Hi,
How to enable package manager in admin - do I have to chmod 777 everyfile/folder to use magento connect or theres specific folders which should be chmod to 777.
I think it isnt safe to have everything with 777 permissions wink
Best regards,
Piotr

 
Magento Community Magento Community
Magento Community
Magento Community
 
manolodf
Member
 
Avatar
Total Posts:  56
Joined:  2008-03-28
Dallas, TX / Hong Kong
 

I really do hope its not all folders 777, and I really doubt it, as it would be a great security issue. But I am sure someone knows exactly what it requires, I would think it would be a localized permission, and maybe not even 777, perhaps a 666 etc.

UPDATE:
I found a couple of links for you, let me know if they help
http://www.magentocommerce.com/boards/viewreply/11486/

Or this one that does say you have to chmod 777, in that case I would definately do it only while you need it and switch it back
.http://www.magentocommerce.com/boards/viewreply/14144/

 
Magento Community Magento Community
Magento Community
Magento Community
 
Serial Killa
Sr. Member
 
Avatar
Total Posts:  76
Joined:  2008-03-22
Malaysia
 

I’m looking for the answer too…

 
Magento Community Magento Community
Magento Community
Magento Community
 
jwebber
Member
 
Avatar
Total Posts:  67
Joined:  2008-03-12
Elkhart, Indiana
 

Thanks VisualFrames! I SSHed into my www directory and ran this command:

find . -type d -exec chmod 777 {} \;

...got a couple Operation not Permitted errors on the var/cache folders but that didnt matter. It all works great now!

 
Magento Community Magento Community
Magento Community
Magento Community
 
winterradio
Sr. Member
 
Total Posts:  84
Joined:  2008-02-01
 

VisualFrames solution also worked for me.  The var/cache folders aren’t necessary for Mageno Connect as far as I can tell.

Thanks VisualFrames.

 
Magento Community Magento Community
Magento Community
Magento Community
 
ecommerce-store
Sr. Member
 
Avatar
Total Posts:  181
Joined:  2008-04-16
Roma
 

But there’s no other way to install moder theme???

 
Magento Community Magento Community
Magento Community
Magento Community
 
Moshe
Magento Team
 
Avatar
Total Posts:  1770
Joined:  2007-08-07
Los Angeles
 

For reasons for permissions specifics and details please see this article: http://www.magentocommerce.com/wiki/magento_filesystem_permissions

HTH

 
Magento Community Magento Community
Magento Community
Magento Community
 
skel
Jr. Member
 
Total Posts:  9
Joined:  2007-09-01
 

hello i have trouble with magentoconnect and menus in admin

when i do a fresh install everything work nice even the menus in the admin section , to make magentoconnect work i do the chmod 777 on all directory (seems strange to me) but after that the menus in the admin section don’t work, so i’m not able to install the fooman patch, i tried to install the extension by ssh but no way to make it work it keep telling me that the extention is not found while i’m sure of the name (on my local machine everything work fine so i’m able to retrieve the name of the extentions and the version availiable)

EDIT: my ssh upgrade don’t work simply because the ssh shell don’t have internet access on my hoster company :(

RE EDIT : i reinstalled magento , the magentoconnect worked without the chmod 777 (don’t ask me how) so i was able to install the extensions now all is ok ...

 
Magento Community Magento Community
Magento Community
Magento Community
 
duke
Jr. Member
 
Total Posts:  16
Joined:  2008-07-08
 

Same thing happens to me, won’t be fixed just with a reinstall. Chmod 755 for the folders and 644 for the files @ the js folder and everything will be alright.

 
Magento Community Magento Community
Magento Community
Magento Community
 
Business Feet
Sr. Member
 
Total Posts:  82
Joined:  2008-05-24
 

I’m having a few issues with file permissions which basically means that I have to have all my files set to 755 or magento throws up errors.  here’s what happened.

went into magento connect - file permission errors
searched on magento forums and found thread which said to set all folders to 755 and files to 644
did that and then nothing worked as it was throwing up errors

is there anything specific I need to know

This is the error i get

Warningsession_start() [function.session-start]open(var/session/sess_798f8e90db353eba5908b06d8ff2ea83O_RDWRfailedPermission denied (13)  in app/code/core/Mage/Core/Model/Session/Abstract/Varien.php on line 79
Trace
:
#0 app/code/core/Mage/Core/Model/Session/Abstract/Varien.php(79): mageCoreErrorHandler(2, 'session_start()...', '/home/seriousl/...', 79, Array)
#1 app/code/core/Mage/Core/Model/Session/Abstract/Varien.php(111): Mage_Core_Model_Session_Abstract_Varien->start()
#2 app/code/core/Mage/Core/Model/Session/Abstract.php(43): Mage_Core_Model_Session_Abstract_Varien->init('adminhtml')
#3 app/code/core/Mage/Core/Model/Session.php(39): Mage_Core_Model_Session_Abstract->init('core', 'adminhtml')
#4 app/code/core/Mage/Core/Model/Config.php(721): Mage_Core_Model_Session->__construct('core', 'adminhtml')
#5 app/Mage.php(314): Mage_Core_Model_Config->getModelInstance(Array)
#6 app/Mage.php(328): Mage::getModel('core/session', Array)
#7 app/code/core/Mage/Core/Controller/Varien/Action.php(380): Mage::getSingleton('core/session', Array)
#8 app/code/core/Mage/Adminhtml/Controller/Action.php(123): Mage_Core_Controller_Varien_Action->preDispatch('core/session', Array)
#9 app/code/core/Mage/Core/Controller/Varien/Action.php(342): Mage_Adminhtml_Controller_Action->preDispatch()
#10 app/code/core/Mage/Core/Controller/Varien/Router/Admin.php(143): Mage_Core_Controller_Varien_Action->dispatch()
#11 app/code/core/Mage/Core/Controller/Varien/Front.php(174): Mage_Core_Controller_Varien_Router_Admin->match('index')
#12 app/Mage.php(447): Mage_Core_Controller_Varien_Front->dispatch(Object(Mage_Core_Controller_Request_Http))
#13 index.php(52): Mage::run()
#14 {main}
 
Magento Community Magento Community
Magento Community
Magento Community
 
Sindre|ProperHost
Mentor
 
Avatar
Total Posts:  1158
Joined:  2008-04-24
 

What matters is if the web server has write access to the files/folders. If PHP runs under the apache default user ID (e.g. ‘nobody’), which would be the case if mod_php is used, then all files/folders that need to be updated through Magento Connect will have to be writable by user ‘nobody’ (i.e. the Others write-bit must be set).

If PHP runs under your own user ID (in suPHP/FastCGI environments), then chmod 755 for directories and chmod 644 for files would be OK.

You should ask your host what kind of permissions that are needed on your server.

Important: if you chmod your files/folders to 777 in order to run Magento Connect, always remember to change the permissions back afterwards. Otherwise, someone could easily compromise your site. The following files/directories will need web server write permissions for correct operation:

var/cache
var/session
var/report
app
/etc/use_cache.ser
I hope this can help clear some of the confusion.
 
Magento Community Magento Community
Magento Community
Magento Community
 
Crucial
Enthusiast
 
Avatar
Total Posts:  770
Joined:  2007-11-07
Phoenix, AZ
 
Sindre|ProperHost - 13 October 2008 10:24 AM

What matters is if the web server has write access to the files/folders. If PHP runs under the apache default user ID (e.g. ‘nobody’), which would be the case if mod_php is used, then all files/folders that need to be updated through Magento Connect will have to be writable by user ‘nobody’ (i.e. the Others write-bit must be set).

If you’re on mod_php, you need to perform upgrades and extension installations via SSH. Magento Connect is simply not an option for mod_php, even when you set all directories to 777.

It’s a small sacrifice to take for the performance benefits that mod_php offers over other configurations, and honestly, it’s easier and faster to use SSH, regardless of how PHP is running.

http://www.magentocommerce.com/wiki/groups/227/magento_connect
http://www.magentocommerce.com/wiki/groups/227/upgrading_magento_via_ssh

Important: if you chmod your files/folders to 777 in order to run Magento Connect, always remember to change the permissions back afterwards. Otherwise, someone could easily compromise your site. The following files/directories will need web server write permissions for correct operation

http://www.magentocommerce.com/wiki/groups/227/resetting_file_permissions

 
Magento Community Magento Community
Magento Community
Magento Community
 
Sindre|ProperHost
Mentor
 
Avatar
Total Posts:  1158
Joined:  2008-04-24
 

@Crucial, that is not quite true. Magento Connect would work perfectly for mod_php as long as the web server user ID has write permissions for the necessary files/directories. SSH might be faster, yes, but not all users are proficient with the shell and thus prefer a web-based interface. The Connect Manager was made for a reason.

Also, the instructions in your “Resetting File Permissions” article I believe is missing one important thing. If you are running mod_php, var/cache and var/session would most likely need to be chmod 777 in order for the apache user ID to be able to write to it.

 
Magento Community Magento Community
Magento Community
Magento Community
 
Stephen Chu
Jr. Member
 
Avatar
Total Posts:  16
Joined:  2008-10-29
Bedford, MA
 

The 1st thing I did when I find out Magento was installed with 777 permissions on every thing is run the find command like the above to change them to 644 and 755.

Now I find all new files and folders created in Magento like cache and uploaded files are set to 777. Browsed the source and find dozens upon dozens of chmode and mkdir with mode hard coded to 777.

Call me paranoid but this is scary. I was brainwashed to avoid group and world write. Can someone explain why it is OK now?

 
Magento Community Magento Community
Magento Community
Magento Community
 
Stephen Chu
Jr. Member
 
Avatar
Total Posts:  16
Joined:  2008-10-29
Bedford, MA
 

No one’s worried about the security nature of this product? Could the developers please explain the approach Magento is taking on securing the installation?

I just find all the report and log files created by Magento are set to 0777. I really can not think of a good reason to allow world write and EXECUTE on data files, even with the .htaccess protection.

 
Magento Community Magento Community
Magento Community
Magento Community
 
JLHC
Mentor
 
Avatar
Total Posts:  1287
Joined:  2008-05-09
Tampa, FL
 

Yes I do not agree on the 777 file permissions as it may compromise the security of the store. This is one of the few reasons for us to go for suPHP/suEXEC which only uses 644 for files and 755 for directories.

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top
Page 1 of 2