Issue: New RequestHandlers are not created with sufficient permissions

Question

Issue: New RequestHandlers are not created with sufficient permissions

danetuso opened this issue 7 years ago · 2 comments

danetuso commented 7 years ago

Synful API Framework: Issue Report

Synful Version

v2.0.4

Stack Trace

N/A

Reproduce

Provision Synful as root user remotely using Ansible

Other

Running:
chmod 755 /var/www/html/src/Synful/App/RequestHandlers/RequestHandlerName.php
fixes the issue.

Answer 1 · 2018-04-18T14:00:16.000Z

Instead of

chmod -R 755 .

You need to

chown -R www-data:www-data . 
chmod -R 500 .

The web user needs to be able to have read and execute permission to the file, since you are creating the RequestHandler using your root user, it is the owner of the file. So, we change the ownership to the apache user www-data, and set it's permissions to read by owner, execute by owner.

Keep in mind that this means only root will be able to write to the files. If you want another user to be able to write to the files you should set the permissions to chmod -R 750 ., add the user to the same group as your web user, and own the files to the web group and the user you'd like to be able to modify them. This will allow the user to read, execute and write to the files, but the other users in the group (web user) to only read and execute the file.

Example

# Add the vagrant user to the www-data group
usermod -a -G www-data vagrant

# Change the ownership of the web directory
# To be the vagrant user and the www-data group
chown -R www-data:vagrant /var/www/html

# Allow the owner, vagrant, to read/write/execute
# Allow the rest of the www-data group to read/execute
chmod -R 750 /var/www/html

I suppose an output telling the user to modify the ownership of the file would be useful, but there is no direct way to get Synful to recognize which user is your web master in order to change the permissions. This is also something I'd like to add to the provisioning script.

For the time being, I will add an output after generating each new file telling you to set the ownership of the file to the web master user on the system and make sure that they are all set to either 500 or 750 file permission.

Answer 2 · 2018-04-18T17:52:59.000Z

I've added this as a todo to #157 to consolidate tasks.