Using Cakephp 1.3 CLI on Hostgator - cakephp

I'm using Hostgator.com and I'm trying to bake apps via ssh console. I have connected successfully to via SSH. I have the cakephp folder located at http://www.domainname.com/cakephp
the initial cakephp installation is working fine. Connected to database etc.
This is a list of paths from Hostgator: List
here is my .bash_profile:
# .bash_profile
# Get the aliases and functions
if [ -f ~/.bashrc ]; then
. ~/.bashrc
fi
# User specific environment and startup programs
export PS1="$ "
alias www="cd /home/username/public_html"
export PATH="/usr/bin/php/bin:/home/username/public_html/cakephp/cake/console:$PATH:$HOME/bin"
When i open terminal I do this: www [enter] -> cake bake [enter]
then I get this problem: -jailshell: /home/username/public_html/cakephp/cake/console/cake: Permission denied
if anyone could help me it would be greatly appreciated. If I have forgot to mention something please tell me asap so I can tell you.

You need to set the executable flag on the cake script.
www
chmod +x cakephp/cake/console/cake

Related

Default permission and ownership in WSL

I'm currently in the process of switching from an Ubuntu 18.04 VirtualBox to the WSL.
Everything is up and running to have a complete web dev environment.
Unfortunately, the file permission and ownership is kind of a problem for me right now.
--- Disclaimer---
I know that in a server environment this would be pretty bad and wouldn't be done.
This is just for my local development process and this requirement will stay there.
What I want to achieve is, to have a consistent set of permissions and ownerships within my /var/www (and all below).
Every element within /var/www should be owned by my shell user, regardless if file or dir.
Every element should have the group www-dataso that the webserver user have access.
Each file should have permission 0664 and each directory 0775.
every new element should follow these requirements.
What I researched so far:
If I make a new directory/ file from the shell or within VSCode, my user and group are used.
If I make a new directory from the windows explorer, the ownership is root:root. Nevertheless, I also have to figure out how to set default permissions for new objects.
I just want an easy to use way to CRUD my files from anywhere I am on my system.
Is there anyone with an idea for this?
Thanks a lot, Danaq.
Edit: It would also be ok, to set everything to www-data:ww-data and add my shell user to the www-data-group if the permissions are applied like explained above.
According to this, newer versions of the Remote-WSL server, when they get started will execute (if present):
~/.vscode-server/server-env-setup
~/.vscode-server-insiders/server-env-setup
(more on that)
So a solution is to execute:
# this will affect folders created from the editor
mkdir -p ~/.vscode-server/ && echo "umask 002" >> ~/.vscode-server/server-env-setup
mkdir -p ~/.vscode-server-insiders/ && echo "umask 002" >> ~/.vscode-server-insiders/server-env-setup
# this will affect folders created from terminals
echo "umask 002" >> ~/.bashrc
For everyone encountering the same issue and find this question:
Under ~[USER~/.profile I uncommented the umask-property and set it to 002.
This will, according to this guide, set all new created file to 0664 and all new directories to 0775.
I then added the www-data-user to the group of my shell-user with
sudo usermod -a -G www-data [GROUP].
So now, every file I'm creating is owned by and within the group of my shell user. But it can be red by the www-data-user too. This should lead to not always using the
find ./ -type d -exec chmod 775 {} \;
the command to set the right permissions on all directories of a web project after migration for example.
This solution does only help, if the files and directories are created from the WSL-bash. If you are using the explorer or trying to create a file from the VSCode-terminal, the default umask of 022 will be still applied.

What are the right ownership & permissions to the CakePHP app/tmp folder for production?

I would like to know the answers and explanation to the following questions:
Which user/group should own the cake files?
If different, which user/group should own the app/tmp folder? (and subfolders)
With the right user/group, what are the correct permissions for production of both folders and files? (which also if set correctly should work on development)
Where is storing of uploaded files done and what ownership/permissions need to be set to that folder. Where should it be relative to app/?
I know 777 fixes errors, but I would like to set it up correctly.
I have heard 660 should be more than enough for production if everything is correctly set up.
Who needs to have read access, who needs to have write access and does anyone need execute?
NOTE: I think I have found the answers and since no one has written a good answer, I will write it.If you are more knowledgeable on the topic and see errors or security issues please let me know, I will correct them.
1) CakePHP ownership
The CakePHP files should be owned by you, the user of the machine (whatever you log in with). Do not have root as owner!
OSX: the johnsmith part of /Users/johnsmith
Linux: the johnsmith part of /home/johnsmith
2) app/tmp ownership.
As per CakePHP documentation:
...make sure the directory app/tmp and all its subdirectories in your
cake installation are writable by the web server user.
Option 1:
The user owner needs to be apache's user. The group owner can be the group that you belong to, so that you also have access to this folder through finder/CLI. Do not have root as owner!
OSX: Apache is preinstalled on OSX lately and the default user of apache is _www. However if you are not sure you can find it out by typing terminal ps aux | grep httpd while apache runs. The last line is the command you just typed, so look above it.
Now that you know your apache user, you have to assign it to app/tmp/. You do this with the following command: sudo chown -R _www app/tmp/
Linux: The default user on linux is usually www-data with group www-data. If you are not sure, use ps aux | grep httpd to find out the user and sudo chown -R _www app/tmp/ to assign ownership to apache of that folder.
Option 2:
You can keep yourself as the user owner, but you set up the group owner to be the a group that apache belongs to. By default apache has it's own group, but you could create a new group and add apache to it.
OSX: The group of apache on OSX by default is the same os the user: _www. You then have to run the following command to se up the ownership: sudo chown -R :_www app/tmp/. Now if you check the permissions with ls -l you should see both your username (johnsmith) and the new group owner - _www.
Linux:* By default the group of apache is www-data so use the same commands to change ownership: sudo chown -R :www-data app/tmp/.
NOTE: Debian/Ubuntu use www-data, while CentOS uses apache.
3) Permissions
For the site to run, apache needs read and write without execute. For you to access it (assuming you are in the group that owns app/tmp) you also need read and write if you will edit manually things with terminal/finder. All other users should have no rights whatsoever. So:
OSX&Linux: sudo chmod -R 660 app/tmp/. The -R part is to do it recursively for all inside folders. The first 6 is for the user owner (OSX:_www or Linux:www-data), the second 6 is for the group owner (OSX:staff or Linux: johnsmith), the 0 is for all other users/guests.
NOTE: According to this pull request for CakePHP it looks like CakePHP 2.4 will have ability to create subfolders in app/tmp/ which means it will need a 7 instead of 6 for the user now becoming 760.
4) Uploads folder
If you want to upload files, you need a similar setup for the img/uploads folder, or wherever you upload. The ownership will be the same, but the permissions need to have execute rights for renaming purposes and folder creation. so the previously 660 should now be 760. Also, ideally, the uploads are out of the webroot/ directory, for which an absolute path is required.
For all files in app/tmp and subfolders you only need rw for the web server process and if needed to use the CLI, the console user.
If someone runs console commands with a user that has super rights or is in the wrong group it messes up things because what one creates can't be read or written from the other and then there are warning or failure messages. Some people (including me when I'm too lazy) fix that with 777 :)

DatabaseError unable to open database file

My sqlite db file is this: unable to open database file i chowned all folders until my dbfile to root. but i am still getting this error. but i remember that while creating my django project on server, i created a superuser, and now if i do ls -l i see that the user is that superuser. how is it possible to tell apache that this superuser should have that right to write/read the db file? or how to solve the problem, i am not apache/linux guru..
Execute chown www-data:www-data directory on the directory you want apache to be able to write to.
You should be able to just leave the file as owned by the super user and just change the group so that apache can read/write it as well.
Change the group for the sqlite file and the containing directory. Try this:
cd <directory with sqlite file>
sudo chgrp www-data . <sqlitefile>
You can find write group and www user and change permissions.
Say: cat /etc/passwd - for find right user, It may be apache or http or www.
And say to terminal: cat /etc/group -for find right group.
In my system group=apache, user = apache.

SplFileInfo::openFile(/app/tmp/cache/persistent/cake_core_cake_console_):failed to open stream:Permission denied in /lib/.../FileEngine.php line 293

I am working on a CakePHP 2 project. It originally started out in 2.0.x and then recently migrated to 2.1.0. Throughout the whole development process, I have been receiving the error message below.
It pops up at the top of the page unpredictably. It can be when I am just viewing different pages, or even after I add a record to the database (yet the record properly saves).
Warning:
SplFileInfo::openFile(/var/www/cake_prj/app/tmp/cache/persistent/cake_core_cake_console_):
failed to open stream:
Permission denied in
/var/www/cake_prj/lib/Cake/Cache/Engine/FileEngine.php on line 293
I recursively set the owner and group of the tmp folder to apache, and still received the message. In addition, I then recursively set the permissions to read, write, and execute for all (chmod 777). The error message still pops up.
Even after changing both the owner, group, and permissions, the file in question:
cake_prj/app/tmp/cache/persistent/cake_core_cake_console_
will have its owner and group set back to root, and its permissions set back to default.
What could be causing this problem? Is there a way to ensure that every time this file is generated, that it will always have be apache:apache with read/write/execute permissions?
You can resolve this by adding a mask to your config in core.php
Cache::config('default', array(
'engine' => 'File',
'mask' => 0666,
));
There was a bug report there http://cakephp.lighthouseapp.com/projects/42648/tickets/2172 but it was considered as not being a bug.
What I personaly noticed is that some file owner may be modified when you use the cake script in the console (for instance to make a bake). The modified files then belong to the user you use in the console.
Would this mean you call cake while being root ? Or do you have any root cron job that calls a Cake shell script ?
Personaly I have now the habit to chmod the whole tmp folder content back to the apache user after having used the cake script and it seems to prevent the warning to appear.
Instead of setting giving read/write access to everyone on the tmp/cache directory I did this:
chgrp -R www-data app/tmp
chmod -R g+rw app/tmp
find app/tmp -type d -exec chmod g+s {} \;
Setting the group of the directories to the Apache user and then setting the setgid bit will allow you to ensure that files created in that directory get the proper group permissions regardless of what user runs the shell script. This also allows you to exclude read/write permissions to "other" users.
I think the reason of the problem is already explained, as the cron runs under root user and created files in tmp are not accessible by web user. The other solutions did not work for me and I did not want to set tmp permissions to 777, I ended up setting a cron job for the web user, in debian specifically it would be
crontab -u www-data -e
Taken from this answer How to specify in crontab by what user to run script?
If you're encountering the SplFileInfo error in CakePHP2 and you're absolutely certain that your file/directory permissions are set up properly, then one other thing to check is your PHP version. Cake2 requires PHP 5.2.8 or greater and although you'd usually be alerted on the default page if you were using the wrong version, you wouldn't be alerted if you'd developed your app on one server and then moved it to another.
I experienced this error after developing a Cake2 app on a PHP5.3 server and then moving it to a PHP 5.1 server. Upgrading to 5.2.17 (which is above 5.2.8) solved the problem.
Use this ..
cd cakephp/app/tmp/cache/persistent
sudo chmod 666 myapp*
cd ..
cd models
sudo chmod 666 myapp*
You need to make the app/tmp directory writable by the webserver. Find out what user your webserver runs as (in my case _www) and change the ownership of the app/tmp directory to that user: $ chown -R _www app/tmp
Another solution. Permission conflicting occurred because multi users share same files. Thus, if we split cache directory into multi sub directories, no conflicting occur and no changing default permission of directories and files required.
As following, each sub cache directory is defined by type of php api handler:
define('CACHE', TMP . 'cache' . DS . php_sapi_name() . DS);
When browser the website, active user is apache. And the sub
directory is cache/apache2handler.
When run a batch, active user is root or logging-in user.
And the sub directory is cache/cli.
Other side, current user account can be used to name sub directory. Check at
How to check what user php is running as?

how to bind a app to a user when it connect the server with a terminal

My app now has been sealed as a product, which will be sold with a PC with linux system installed. How ever I will create a new user for the customers, but I want bind a interface-like app to the user, so when my custumers log in via terminals the selected app runs automatically, when connection ends, the app quit the same way.
I know , maybe this can be implemented programmally..but...
Do you know any suggestion???
thanx
all appreciated...
As mentioned by AProgrammer you can run your app as the user shell or in the profile, as in this example
# ~/.profile: executed by the command interpreter for login shells.
# This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login
# exists.
# see /usr/share/doc/bash/examples/startup-files for examples.
# the files are located in the bash-doc package.
# the default umask is set in /etc/profile; for setting the umask
# for ssh logins, install and configure the libpam-umask package.
#umask 022
# if running bash
if [ -n "$BASH_VERSION" ]; then
# include .bashrc if it exists
if [ -f "$HOME/.bashrc" ]; then
. "$HOME/.bashrc"
fi
fi
# set PATH so it includes user's private bin if it exists
if [ -d "$HOME/bin" ] ; then
PATH="$HOME/bin:$PATH"
fi
# run you app here
exec myapp
If you have your app started by xinetd then you can have it start up on connect. On disconnect your app will be sent a SIGHUP, so you can catch that and shut down.
The program executed by terminal login is the user shell as determined by a field in /etc/passwd. You could either put your program as the shell, or arrange for you program to be executed by the shell start up scripts (~/.profile, ~/.cshrc depending on the shell).

Resources