Search code examples
permissionstypo3pleskparallels

TYPO3, Plesk and permissions

I have a permission problem on an old TYPO3 v. 4.2.9. Additionally, I have Plesk Control Panel 8.6. The user is the ftp user and group is psacln. CGI PHP is used (php_sapi_name();). PHP support (with safe mode), CGI support and Perl support is activated (shown under webhosting setup).

I don't know if it is correct, but currently seems to work:

757 on the following folders:

  • fileadmin
  • fileadmin/_temp_
  • fileadmin/templates (and all subfolders -files)
  • fileadmin/customfolder
  • typo3 (and all subfolders -files)
  • typo3conf
  • typo3conf/ext (and all subfolders -files)
  • typo3conf/l10n (and all subfolders -files)
  • typo3temp
  • uploads
  • uploads/media
  • uploads/pics
  • uploads/tf

All other folders have 750 and all other files 644.

If I don't use these permissions I get access denied and Cannot find tslib/. Please set path by defining $configured_tslib_path in index.php..

Here it is written that you should use the user wwwrun instead of the ftp user and switch to 646 if you need to change some files with your ftp user. But I think there is no such user wwwrun.

I uploaded a file and it has the ftpuser as owner and 644 as permission.

Questions:

  • Why do I have to set such high permissions? Is the problem that I need to have such high permissions that the apache user is another than the ftp user and otherwise it doesn't work? Isn't there a way to have the same user for ftp and for apache?
  • Is only the old TYPO3 v. 4.2 needing such high permissions? Are there other ways to change to a lower permission?
  • I'm doing something wrong?
Solution

  • Why do I have to set such high permissions?

    With good configuration you don't. typo3 and t3lib need to be readonly. fileadmin, typo3conf, typo3temp, uploads need to be writeable but only to the user under which PHP runs.

    Is the problem that I need to have such high permissions that the apache user is another than the ftp user and otherwise it doesn't work?

    IMHO, as the PHP is run as CGI, it actually runs under different user than Apache. As files are generated by PHP and have its permissions, they might not be readable by Apache. Therefore you should have Apache and PHP in the same group and have files and permissions set on the per group basis.

    Isn't there a way to have the same user for ftp and for apache?

    That's a question for your host. Same group should do the job though.

    Is only the old TYPO3 v. 4.2 needing such high permissions?

    I think there's not any difference between v4.2 and new versions in this.

    Are there other ways to change to a lower permission?

    Yes, check who is who. You possibly have up to 3 users involved: Apache, PHP, FTP user. To access the files created by each other, they need to be in the same group and the files need to have permissions set for this group. Then check the TYPO3 settings for creation of new folders and files:

    $TYPO3_CONF_VARS['BE']['createGroup'] = 'group_of_your_users';
$TYPO3_CONF_VARS['BE']['fileCreateMask'] = '0770';
$TYPO3_CONF_VARS['BE']['folderCreateMask'] = '0770';