I logged into my site and rather than seeing the site, I saw the following displayed by my browser:
The following directories must be writable by the web server:
tmp/cache
tmp/templates_c
Please correct by executing:
chmod 777 tmp/cache
chmod 777 tmp/templates_c
or the equivilent for your platform before continuing.
So, I contacted my hosting server. They said they have made some “server environment changes. PHPSUEXEC has been done away with. Now some files and folders in some php applications need to be chmod 777”
I once read a comment by someone (and it may have been on this forum) describing 777 as evil. Do you think it is okay to change these two directories to 777? I’m thinking about system security.
PS. Curiosity getting the better of me, I changed the two directories to 777, to see what would happen. The browser displayed the site, but there were a number of errors displayed also, that seemed to be 'fopen' errors. (I've changed it back to 755, for the moment.)
writable directories
-
sayitlikeitis
- Forum Members
- Posts: 45
- Joined: Tue Nov 28, 2006 7:46 pm
writable directories
Last edited by sayitlikeitis on Sat Mar 17, 2007 2:15 am, edited 1 time in total.
-
Pierre M.
Re: writable directories
Hello !
As your hosting provider has messed things, I think you should reinstall from scratch to be sure things are now ok and validated by the installer. This is pain, you can claim two free months. (Just my opinion)
So you need to backup etc (see the wiki on copying to a new server and upgrading if needed). Backup backup backup.
Access rights are described in the installation procedure in the wiki (the 777 evilness and so)
Pierre M.
As your hosting provider has messed things, I think you should reinstall from scratch to be sure things are now ok and validated by the installer. This is pain, you can claim two free months. (Just my opinion)
So you need to backup etc (see the wiki on copying to a new server and upgrading if needed). Backup backup backup.
Access rights are described in the installation procedure in the wiki (the 777 evilness and so)
Pierre M.
-
skypanther
Re: writable directories
Setting a directory or file to 777 permissions grants anyone on the server the permissions to read and write to it. In a shared hosting environment, that's not optimal. However, in practice, it's rarely a problem. With proper security configuration (by your hosting provider), the risk is minimal. A hacker needs to have an account on that same server, know the full paths to your file, and be able to post php code files in their web space that accesses the files in your web space. Logs would track their action and they'd quickly be caught and at minimum kicked off the server.
In my experience, the far greater risk is holes in the logic of the content management applications. I had troubles with a particular Mambo/Joomla install, for example, in which an unchecked querystring parameter enabled someone to write to files by loading a specially-formed URL. The Mambo/Joomla teams plugged the hole quickly, but it was still a pain re-installing. Of course, the files that were written to had 777 permissions. But the point is that no one on those servers accessed the files but rather someone elsewhere on the Internet exploited the code's loopholes.
Right now, CMS-MS is small compared to Mambo, Joomla, *Nuke, WordPress, Coppermine, etc. so few folks are banging away at it looking for holes. One will be discovered someday (unless our dev team is very good and very lucky). We'll deal with that bridge when we get to it.
Besides, there's not a whole lot of options for any code that needs to write to the file system--and that means every content management system, image gallery, blog, wiki, etc. They almost always need write access to some portions of their installed space. I guess you have two choices: don't use any web pages that require write access or live with the risk.
Tim
In my experience, the far greater risk is holes in the logic of the content management applications. I had troubles with a particular Mambo/Joomla install, for example, in which an unchecked querystring parameter enabled someone to write to files by loading a specially-formed URL. The Mambo/Joomla teams plugged the hole quickly, but it was still a pain re-installing. Of course, the files that were written to had 777 permissions. But the point is that no one on those servers accessed the files but rather someone elsewhere on the Internet exploited the code's loopholes.
Right now, CMS-MS is small compared to Mambo, Joomla, *Nuke, WordPress, Coppermine, etc. so few folks are banging away at it looking for holes. One will be discovered someday (unless our dev team is very good and very lucky). We'll deal with that bridge when we get to it.
Besides, there's not a whole lot of options for any code that needs to write to the file system--and that means every content management system, image gallery, blog, wiki, etc. They almost always need write access to some portions of their installed space. I guess you have two choices: don't use any web pages that require write access or live with the risk.
Tim
-
sayitlikeitis
- Forum Members
- Posts: 45
- Joined: Tue Nov 28, 2006 7:46 pm
Re: writable directories
I upgraded to 1.0.4 and as part of the process (ie. navigate to www.domain.com/install/upgrade) the same message was issued in the browser (ie. tmp/cache and tmp/template_c need to be 777). I had to change the protection of these folders to complete installation. I went along with this and changed the access. The installation completed various processes to config.php and schema was also upgraded.
When the installation was completed, I was hoping I could then go back to tmp/cache and tmp/template_c and reset these folders to 755, but no way. The error presented on the browser. I tried 775 but that was no good either. So, I guess if I want to continue to use cmsms I have to leave these two directories set to 777. On the positve side, the fopen and fclose errors (pre-upgrade) are no longer present.
When the installation was completed, I was hoping I could then go back to tmp/cache and tmp/template_c and reset these folders to 755, but no way. The error presented on the browser. I tried 775 but that was no good either. So, I guess if I want to continue to use cmsms I have to leave these two directories set to 777. On the positve side, the fopen and fclose errors (pre-upgrade) are no longer present.
-
sayitlikeitis
- Forum Members
- Posts: 45
- Joined: Tue Nov 28, 2006 7:46 pm
Can't save content
Hi, I'm reposting to this thread, as my current problem may be related to my earlier one. Maybe / maybe not - just in case.
First off, I didn't reinstall from scratch, but upgraded to v1.0.4. Perhaps that's where I went wrong, but appart from having to leave those two directoies at 777 the system seems to run nicely. My current issue is not being able to make changes to the content.
Summary of problem:
It seems that in order to add new content or edit existing content I must first click on the Preview button and then click on the Submit button. If I make changes or add content, and then click on the Submit button (without first using the Preview button) the system will either do nothing (ie. ignore the edits) or cause a spurious warning dialogue to be displayed. There is obviously a fault on my installation, but while content can be added to Pages, the News items are stuck in limbo as there is no Preview button with News.
Here’s some of my notes, to give you the flavour of what I have been doing:
Content -> News -> Add Article
I entered a title, clicked on Summary window, and pasted some text, scrolled to the bottom of page, and clicked on Submit. At this point a message was displayed. ‘No Content Given (Troubleshooting)’. [The troubleshooting link was an empty page.] The text I had pasted in the Summary window had gone. I then pasted it in the Summary window again, and then clicked in the Content window and pasted it there too, and clicked on Submit. The same message displayed, ‘No content given’.
I then logged out, closed the (IE) browser, and then logged in again, and once again went to Content -> News -> Add Article
On this occasion I typed everything, rather than using cut & paste. When I clicked on Submit, the content disappeared from Summary and Content, and once again the message, ‘No content given’ was displayed. At this point I clicked on the View Site menu and there was no news item for the text I had entered.
I then tried to add a page, and from the Content menu:
Content -> Pages -> Add New Content
Content Type (I left it on the default): Content
Entered a Title: test
Entered Menu Text: test
Parent (I left it on the default): None
Template (I left it on the default): Left simple navigation + 1 column
I then typed some text into the Content window, and clicked on Submit, where upon a ‘No Content given!’ message appeared.
I logged out and quit the browser. On this occasion when I logged in had some success, I attempted to edit an existing page. Selected Content -> Pages and selected a page at random. When the page came up I added some text and clicked on the Submit button, and as I did this the screen took me to the Content-Pages screen. I then clicked on View Site, but my change wasn’t showing. I pressed F5 but that didn’t do anything. I then brought up the same screen which confirmed my change had not been saved. I made the change again, this time clicking on Apply, which removed what I had just typed. (I couldn’t believe that, so I tried it again.) Yes, it cancelled my edits. Now here’s the interesting thing: I made the change again, but clicked on the Preview button, and the new text remained. At this point, on clicking the Submit button the changes were saved.
First off, I didn't reinstall from scratch, but upgraded to v1.0.4. Perhaps that's where I went wrong, but appart from having to leave those two directoies at 777 the system seems to run nicely. My current issue is not being able to make changes to the content.
Summary of problem:
It seems that in order to add new content or edit existing content I must first click on the Preview button and then click on the Submit button. If I make changes or add content, and then click on the Submit button (without first using the Preview button) the system will either do nothing (ie. ignore the edits) or cause a spurious warning dialogue to be displayed. There is obviously a fault on my installation, but while content can be added to Pages, the News items are stuck in limbo as there is no Preview button with News.
Here’s some of my notes, to give you the flavour of what I have been doing:
Content -> News -> Add Article
I entered a title, clicked on Summary window, and pasted some text, scrolled to the bottom of page, and clicked on Submit. At this point a message was displayed. ‘No Content Given (Troubleshooting)’. [The troubleshooting link was an empty page.] The text I had pasted in the Summary window had gone. I then pasted it in the Summary window again, and then clicked in the Content window and pasted it there too, and clicked on Submit. The same message displayed, ‘No content given’.
I then logged out, closed the (IE) browser, and then logged in again, and once again went to Content -> News -> Add Article
On this occasion I typed everything, rather than using cut & paste. When I clicked on Submit, the content disappeared from Summary and Content, and once again the message, ‘No content given’ was displayed. At this point I clicked on the View Site menu and there was no news item for the text I had entered.
I then tried to add a page, and from the Content menu:
Content -> Pages -> Add New Content
Content Type (I left it on the default): Content
Entered a Title: test
Entered Menu Text: test
Parent (I left it on the default): None
Template (I left it on the default): Left simple navigation + 1 column
I then typed some text into the Content window, and clicked on Submit, where upon a ‘No Content given!’ message appeared.
I logged out and quit the browser. On this occasion when I logged in had some success, I attempted to edit an existing page. Selected Content -> Pages and selected a page at random. When the page came up I added some text and clicked on the Submit button, and as I did this the screen took me to the Content-Pages screen. I then clicked on View Site, but my change wasn’t showing. I pressed F5 but that didn’t do anything. I then brought up the same screen which confirmed my change had not been saved. I made the change again, this time clicking on Apply, which removed what I had just typed. (I couldn’t believe that, so I tried it again.) Yes, it cancelled my edits. Now here’s the interesting thing: I made the change again, but clicked on the Preview button, and the new text remained. At this point, on clicking the Submit button the changes were saved.
Last edited by sayitlikeitis on Sat Apr 07, 2007 12:46 am, edited 1 time in total.
-
sayitlikeitis
- Forum Members
- Posts: 45
- Joined: Tue Nov 28, 2006 7:46 pm
Can't save content
Hi there, any ideas of what could be going on? Ron
Re: writable directories
Can you post a link to your site?
It could be a memory problem - do you know what the PHP memory_limit is set to? If it's at 8M, you could try adding:
to your config.php file to see if it helps.
Nullig
It could be a memory problem - do you know what the PHP memory_limit is set to? If it's at 8M, you could try adding:
Code: Select all
ini_set("memory_limit", "16M");
Nullig
Re: writable directories
Sayitlikeitis, I have the same preview -> save problem with my current host. On top of that imagemanager doesn't work (the admin page is displayed in the iframe instead of the images). The weird thing is that this has only happened on my current host. I've had identical sites on three different hosts and only this one host has problems...
-
sayitlikeitis
- Forum Members
- Posts: 45
- Joined: Tue Nov 28, 2006 7:46 pm
Can't save content
I added the line, as instructed. (I've included this snippet to show where I placed it.) The site is at http://www_mybloodyoathdotcom
Two things to note:
1) I have two installations of cmsms. The first was my error, but it's still on the server, at v1.0.2. I started it up today and I can save content using that version, but of course it demonstrates the problem I had when I started this thread. So, the problem may be somehow related to v1.0.4.
2) When I first installed cmsms I questioned the memory issue, as the installation message said I was borderline on 8M. The only thing I recall from the response I got from this forum was that the site may run slow (the posting is probably still on the forum somewhere). I doubt if my hosting provider has changed memory from 8M.
Ron
PS I don't know about imagemanager as I have never used it. As a novice, I'm still using cmsms rather tentatively.
but it didn't help. (and I cleared the cashe as noted in the file: Site Admin->Global Settings)Global Settings in the admin panel)
#after making any changes to path or url related options
#-----------------
#Database Settings
#-----------------
# the following line was added at Nullig's suggestion to resolve the
# situation of not being able to save content
ini_set("memory_limit", "16M");
#This is your database connection information. Name of the server,
#username, password and a database with proper permissions should
#all be setup before CMS Made Simple is installed.
$config['dbms'] = 'mysql';
...
other stuff
...
Two things to note:
1) I have two installations of cmsms. The first was my error, but it's still on the server, at v1.0.2. I started it up today and I can save content using that version, but of course it demonstrates the problem I had when I started this thread. So, the problem may be somehow related to v1.0.4.
2) When I first installed cmsms I questioned the memory issue, as the installation message said I was borderline on 8M. The only thing I recall from the response I got from this forum was that the site may run slow (the posting is probably still on the forum somewhere). I doubt if my hosting provider has changed memory from 8M.
Ron
PS I don't know about imagemanager as I have never used it. As a novice, I'm still using cmsms rather tentatively.
Last edited by sayitlikeitis on Mon Nov 05, 2007 3:32 am, edited 1 time in total.
Re: writable directories
What about the database - are both versions sharing the data?
Could there be some confusion with the tables - did you use separate prefixes?
Are the paths correct in the config.php for the current installation?
I think I would be tempted to do a fresh install and use a backup of the database.
Nullig
Could there be some confusion with the tables - did you use separate prefixes?
Are the paths correct in the config.php for the current installation?
I think I would be tempted to do a fresh install and use a backup of the database.
Nullig
-
sayitlikeitis
- Forum Members
- Posts: 45
- Joined: Tue Nov 28, 2006 7:46 pm
Can't save content
Fixed - thank you.
Both versions were using the same database. To isolate that as a problem I deleted the earlier version from the server. I then upgraded to v1.0.5 and now no longer have a problem, and can edit and save content on both News and Pages.
A further question, if I may:
During the upgrade, the upgrade.php script issued the following: "The CMS database is up to date using schema version 28. Please remove this file when possible." I'd be happy to do that, if I knew what "this file" actually was. What file do I have to delete?
Both versions were using the same database. To isolate that as a problem I deleted the earlier version from the server. I then upgraded to v1.0.5 and now no longer have a problem, and can edit and save content on both News and Pages.
A further question, if I may:
During the upgrade, the upgrade.php script issued the following: "The CMS database is up to date using schema version 28. Please remove this file when possible." I'd be happy to do that, if I knew what "this file" actually was. What file do I have to delete?
Re: writable directories
Normally you can delete the entire "install" directory after installation. I think that both install.php and upgrade.php are within that folder.
Ronny
Ronny
