Server side permission settings

My web host requires that PHP scripts that write to files be assigned to group ‘web’. But which Kirby 3 scripts should I assign to group ‘web’?

And they require that the target folders of these writes also be assigned to ‘web’. Which are those?

Best would be to assign this group to all folders/files.

… and assign it to all FTP-users!

OK, I assigned group web to folders kirby, content and site, and the files within them. These are from plainkit master.

Result from [mysite]/panel:

The panel assets cannot be installed properly. Please check permissions of your media folder.

But there is no media folder.

If you use the Starterkit, the media folder should be there, otherwise it is created automatically, if the permissions are set to allow folders to be created in the root folder of your project.

1 Like

I suspect the permissions are wrong on the folder above those. It’s usually called public or www or httpdocs. It’s the folder that you put every thing in when you upload. I would talk your host, since messing with the permissions on that folder can cause big trouble and be difficult to solve without terminal access.

1 Like

It is the plainkit, I do not want the starterkit as it has far too much stuff in it.

The permissions on /public and all folders in it are 775.

When I install plainkit on localhost, it creates a media and panel folder.

I do have SSH access to the server.

I think the group is wrong though. basically the group that php is running on differs from the user:group that created the public folder. Therefore, its not allowed to write to anywhere under the public folder, because it does not own the public folder.

Thank you for your comments. The public folder user and group are both me. The kirby folders are user me and group web. I don’t believe users are permitted to change the group of the public folder.

Is your site running cPanel or WHM?

No. For security reasons I don’t wish to publicly disclose the host. It is running a custom control panel of their own design. I have been a customer of theirs for 10+ years.

Fair enough, I was only asking because I know the both of those list the account name that owns folder. It’s that account that you need to add the files as when you transfer them.

I personally use rSync to do this, but you need use the right account with it. You can borrow my bash script if you like…

you can kick it off from NPM scripts like this in the package.json scripts section…

"deploy:live:sim": "./deploy live",
"deploy:live": "./deploy live go",
"deploy:staging:sim": "./deploy staging",
"deploy:staging": "./deploy staging go",
"content:sync:sim": "./deploy sync",
"content:sync": "./deploy sync go",

The account name is a number, it is not actually ‘me’. So the user and group of /public and, normally, any objects created in it, will be like 987654 987654.

I don’t see why I shouldn’t be able to simply copy the Kirby objects from an unzipped archive into /public.

Other CMS I have tried make available a script that tells you if your web host is configured to run the CMS. I suggest that Kirby offer this. I have paid Kirby’s price but can’t use it.

You can. I do this myself sometimes. But somethings not quite right with how its being done or with the setup of the server.

You are able to test Kirby out before buying. I’m sure we can get it running for you.

Have you tried upload the zip to public and unpacking it there, rather than sliding them over from outside? I still think it’s an ownership issue somewhere up the chain.

You could manually create the media folder and set its permissions correctly.

Good, that will be my next step.

New result after creating public/media and assigning group ‘web’:

The panel installer is disabled on public servers by default. Please run the installer on a local machine or enable it with the panel.install option.

I will now hunt for the panel.install option in the docs … this is looking better.

Yes, its turned off by default for security reasons. You can turn it on in the config.php, which you will probably have to create the file.

See this: