Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.

For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email community@magento.com.

Magento Forum

Error: Please check for sufficient write file permissions
 
NathanJ
Member
 
Total Posts:  44
Joined:  2008-04-07
 

SEO reasons. Plus, I just don’t like subdomains.

In other systems, say, Zen Cart, which I run a couple of installations of, only certain non-criticla subdirectories such as /images must be set to 777. I’ve never yet seen a CMS that requires global 777.

Still utterly baffled by your comments about phpBB and a store on the same domain being unethical.

And like I said, I don’t have shared hosting. I have a VPS...unless you consider that shared.

 
Magento Community Magento Community
Magento Community
Magento Community
 
NathanJ
Member
 
Total Posts:  44
Joined:  2008-04-07
 

Donovan,

Thanks for the info.

The purpose of running all those on one domain is that I’m trying to create a community around the store - both for SEO purposes, and for the simple fact that it brings more direct exposure and sales.

I considered what you said, changing everything to 777 and then changing it back...but am I correct in that some files are 644, some are 755, etc? Is there a list of what needs to be what?

 
Magento Community Magento Community
Magento Community
Magento Community
 
Crucial Web Host
Guru
 
Avatar
Total Posts:  364
Joined:  2007-11-08
Phoenix, AZ
 
NathanJ - 18 April 2008 03:06 PM

SEO reasons. Plus, I just don’t like subdomains.

Oh.

In other systems, say, Zen Cart, which I run a couple of installations of, only certain non-criticla subdirectories such as /images must be set to 777. I’ve never yet seen a CMS that requires global 777.

Have you ever seen a CMS that can upgrade itself automatically?

Still utterly baffled by your comments about phpBB and a store on the same domain being unethical.

Well - we just come from different places.  I often worry about where I put my information on the Internet.  I also understand the insecurities you present to your clients by doing such things. 

Let me ask you this… Can you show me a single professional ecommerce solution running phpbb on the same domain?  I would guess that this is rare as I have personally encountered very few of these ‘businesses’, and even fewer that I’ve actually done business with myself - how about you?  What is the last business you purchased from that had a copy of phpbb running?  And did you use your credit card?

It’s not meant to be baffling, it’s a reality check.

And like I said, I don’t have shared hosting. I have a VPS...unless you consider that shared.

This is great - you have much less to worry about in terms of security - shared hosting is no place for business.  It’s for kids and playing and that’s ok.

 
Magento Community Magento Community
Magento Community
Magento Community
 
NathanJ
Member
 
Total Posts:  44
Joined:  2008-04-07
 

> Have you ever seen a CMS that can upgrade itself automatically?

That’s an awesome feature. I just wish it didn’t come with a security tradeoff. But Donovan’s solution would be great if there is indeed a list of what the permissions should be normally.

I’m sure there are a lot of stores running phpBB or some type of community. And I don’t give my credit card on too many sites, but I do use PayPal often. And with that, the transactions are performed on PayPal’s server.

You seem kind of bitter about shared hosting. It’s OK. Stay around here bitching about ethics and trashing everyone’s hosting but your own and you’ll sell more packages.

 
Magento Community Magento Community
Magento Community
Magento Community
 
Crucial Web Host
Guru
 
Avatar
Total Posts:  364
Joined:  2007-11-08
Phoenix, AZ
 
NathanJ - 18 April 2008 03:42 PM

You seem kind of bitter about shared hosting. It’s OK. Stay around here bitching about ethics and trashing everyone’s hosting but your own and you’ll sell more packages.

My apologies that you misunderstood me.

I said shared hosting, which includes our shared hosting. 

Kind regards

 
Magento Community Magento Community
Magento Community
Magento Community
 
Crucial Web Host
Guru
 
Avatar
Total Posts:  364
Joined:  2007-11-08
Phoenix, AZ
 
NathanJ - 18 April 2008 03:42 PM

Donovan’s solution would be great if there is indeed a list of what the permissions should be normally.

Normally, you would make these files 777 or change the ownership of all files to the user that your Magento runs as.

You must have the var directory recursively writeable so sessions can build.  You will also need to have app/etc recursively writeable for most of the administrative functions to work, depending on the need here you could tighten this up with a varying level of complications in the admin module.  The last thing to consider would be the media directory - you can either tighten this up and break the product system, or leave this open as well.

You see, you can can do these things, however the exact same security risk exists when you have completed.  It’s not Magento that is insecure - it is the applications that you are running parallel with Magento.

I hope this helps.

 
Magento Community Magento Community
Magento Community
Magento Community
 
NathanJ
Member
 
Total Posts:  44
Joined:  2008-04-07
 

What I mean is a list of permissions that files and directories other than /var, /app/etc, et al. would go back to after temporarily changing them to 777 to perform updates.

That is a risk I’m going to have to take.

 
Magento Community Magento Community
Magento Community
Magento Community
 
Crucial Web Host
Guru
 
Avatar
Total Posts:  364
Joined:  2007-11-08
Phoenix, AZ
 
NathanJ - 18 April 2008 04:15 PM

What I mean is a list of permissions that files and directories other than /var, /app/etc, et al. would go back to after temporarily changing them to 777 to perform updates.

All the files should be 644 and all the directories should be 755, with the exceptions you mentioned.

You must keep in mind that this will render certain ‘strange’ problems from time to time and that these permissions should be the first thing to be considered in the event of ‘weirdness’.

I’m off for the evening and would like to once again apologize for any earlier misunderstanding.  I wish you nothing but the best success in the future.

Kind regards,

 
Magento Community Magento Community
Magento Community
Magento Community
 
g4m3c4ck
Jr. Member
 
Total Posts:  20
Joined:  2008-02-01
 

Wow. I am a Crucial customer on thier “Split-Shared” Hosting plan. The same plan that you throw around these forums. Now you say it is insecure?!

You make me want to cancel your service and find a VPS.

 
Magento Community Magento Community
Magento Community
Magento Community
 
NathanJ
Member
 
Total Posts:  44
Joined:  2008-04-07
 

I’m selling space on mine!

Just kidding. LOL

Update: Last night, I just decided, ‘to hell with it’ and (tried to) set all permissions to 777. Kept getting hung up on session files and things like local.xml, where permission was denied. Do I have to do this from the shell for it to work?

Also, a comment CrucialHosting made is kind of confusing me...you stated that leaving directories at 755 and files at 644 would sometimes cause problems. Do you mean if I leave ALL files/dirs like that, or will there be problems even if I have the critical directories like /var set to 777?

 
Magento Community Magento Community
Magento Community
Magento Community
 
Crucial
Enthusiast
 
Avatar
Total Posts:  770
Joined:  2007-11-07
Phoenix, AZ
 
g4m3c4ck - 19 April 2008 06:59 AM

Wow. I am a Crucial customer on their “Split-Shared” Hosting plan. The same plan that you throw around these forums. Now you say it is insecure?!

You’re taking the words out of context.

Split-Shared hosting is still a shared, albeit semi-dedicated, environment. In any shared environment you’re in it’s going to be less secure than a more dedicated environment. Both of us posting on here have been recommending to avoid shared environments though, however, that is strictly from a “I’m running an online business that takes people’s personal and financial information” standpoint.

I personally wouldn’t recommend to anyone trying to run an online business to do so in a shared hosting environment though, but maybe that’s just me. I can’t recall ever buying something from a company that I knew was on a shared environment. Can you? And I do a lot of online shopping.

That’s not to say you’re on a high-risk, insecure plan though. Not at all. We do our best to secure all of our environments, perform weekly security audits, and make sure we run up-to-date software. You can also take comfort in the fact that you only have to worry about 24 other people being the “weakest” link. That’s just common math though. If you have 1000 neighbors, it’s less secure than 100 neighbors, which is less secure then 25, which is less secure than 5, which is still less secure than having no neighbors at all. All I can really say is, in the 2+ years we’ve been doing this, we’ve never had a single security incident.

 
Magento Community Magento Community
Magento Community
Magento Community
 
Crucial
Enthusiast
 
Avatar
Total Posts:  770
Joined:  2007-11-07
Phoenix, AZ
 
NathanJ - 19 April 2008 07:58 AM

Do I have to do this from the shell for it to work?

Also, a comment CrucialHosting made is kind of confusing me...you stated that leaving directories at 755 and files at 644 would sometimes cause problems. Do you mean if I leave ALL files/dirs like that, or will there be problems even if I have the critical directories like /var set to 777?

Shell would much easier:

chmod -R 777 magento

Certain directories have to be set to 777. The var directory, for example, has to be writable. It’s where all the cache and session data is stored. If Magento can’t write to that, it probably won’t even run.

Magento says to set the media directory to 777, that’s so you can upload product images and whatnot. By setting the directory to 755 and files to 644, Magento won’t be able to put images you try to upload in there or anything else it needs to do with files in the media directory.

You also wouldn’t be able to use the downloader/upgrader, Magento Connect, etc. either. There are probably other things in the system that you wouldn’t be able to use, but I’m not entirely sure what all those are.

So those are the kind of problems you’d face. You could always get the store configured and then set the permissions to 755/644 if you knew you weren’t going to upload new images or upgrade Magento, but when you wanted to use those features again, you’d have to go back and set the permissions all over again.

...or just leave them all set to 777 since you’ve already got one of the most critical things set to that anyways, e.g. the var directory.

Beyond that security is in your hands. Strong passwords, probably 12 chars or more, changed frequently, good SSL cert, make frequent backups and keep them local (not on the server), etc.

 
Magento Community Magento Community
Magento Community
Magento Community
 
NathanJ
Member
 
Total Posts:  44
Joined:  2008-04-07
 

Ron,

I was working on a new ZC store when I discovered Magento 1.0. I was so impressed (I love AJAX) that I got rid of the ZC install and started over. Do you think this was a bad idea from a performance standpoint?

I want the store to look great, but at the same time, I need it to be fast and functional. Think I’ll be disappointed? (I’m running a VPS, if it makes a difference)

 
Magento Community Magento Community
Magento Community
Magento Community
 
NathanJ
Member
 
Total Posts:  44
Joined:  2008-04-07
 

If by using Google Base you’re talking about a Froogle/Google Products feed, that would be awesome. A practical must-have for SEO purposes.

 
Magento Community Magento Community
Magento Community
Magento Community
 
NathanJ
Member
 
Total Posts:  44
Joined:  2008-04-07
 

Sad - after all this, I changed all my permissions, got MagentoConnect Downloader to work, downloaded the Modern theme…

and am now getting a blank page when I load the front end.

*sigh*

Is there a tutorial anywhere on how to correctly activate a theme?

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top