Piwigo.org

jason@barbanet · 2017-08-04 09:19:00

Trying to auto update to version 2.9.1. This fails due to permission settings not compatible with the update process.

Which user is piwigo using during the update process?
What permissions must be set to piwigo directories and files for the update to work?

//jason

jason@barbanet · 2017-08-19 19:27:47

This is obviously a matter of allowing the application to alter its own files. There is a security issue here; giving the application write access to its files.

The solution is either to temporary give the application write access during the update, or to install a new version over the old one manually. I guess ...

//jason

jason@barbanet wrote:
Trying to auto update to version 2.9.1. This fails due to permission settings not compatible with the update process.

Which user is piwigo using during the update process?
What permissions must be set to piwigo directories and files for the update to work?

//jason

erAck · 2017-08-19 22:37:25

A reason may be that the first installation was done as one user (ie. owner user unpacking files from the zip) and the web server is running as a different user which either belongs to the group that has only read permission on the files, or a completely different "other" user with only read permissions. Issuing ls -l piwigo for your directory this may look, for example, like

-rwxr-xr-x 1 owner-user web-group 11914 Apr 24 16:16 piwigo/index.php

for which owner-user has write permissions and users of web-group and other users don't.

Iff your web server runs as a user that is a member of the (example) group web-group you can solve this by executing

Code:

chmod -R g+w piwigo

before the update, and if you wish after the update change back with

Code:

chmod -R g-w piwigo
chmod -R g+w piwigo/{_data,local,upload}

If the web server runs as a completely different user, changing permission for "other" is not recommendable unless you know the setup and can be sure that except you the owner/ftp user and the web server user no other users have access to your directories, eg. being on an own host or a separated virtual machine.

Check and know your environment.

Doing a manual update, ie. upload new zip and unpack as owner-user, may be best in that case.

Update: forgot that piwigo/{_data,local,upload} directories need write permission for the web-group user, added.

Last edited by erAck (2017-08-20 11:12:40)

jason@barbanet · 2017-08-20 09:54:22

It is obvious, that if I perform a manual installation according to http://piwigo.org/basics/installation_manual, all piwigo files ownership will be set to <my-user>:<my-group>.

Since my web server, apache2, is executing using the account www-data - I run Debian - I assume the piwigo part of my web server will access the piwigo files and directories relying on world access rights. Is this assumption correct?

//jason

jason@barbanet · 2017-08-20 10:56:37

erAck wrote:
Doing a manual update, ie. upload new zip and unpack as owner-user, may be best in that case.

This implies that a manual update can be performed by downloading the latest zipped version, unzip it, and replace by copy all files to the piwigo directory. All files? For instance, piwigo/galleries in the distribution include a index.php file, that seem to be changed or removed when piwigo is installed or run.

Should piwigo/galleries and piwigo/_data be exempted in such a copy/over-write? More files/catalogs?

//jason

Last edited by jason@barbanet (2017-08-20 10:58:39)

erAck · 2017-08-20 11:17:21

jason@barbanet wrote:
Since my web server, apache2, is executing using the account www-data - I run Debian - I assume the piwigo part of my web server will access the piwigo files and directories relying on world access rights. Is this assumption correct?

If www-data is not member of <my-group> as well, then yes.

jason@barbanet · 2017-08-20 11:31:05

Thanks :-)

erAck · 2017-08-20 11:38:58

jason@barbanet wrote:
erAck wrote:
Doing a manual update, ie. upload new zip and unpack as owner-user, may be best in that case.
This implies that a manual update can be performed by downloading the latest zipped version, unzip it, and replace by copy all files to the piwigo directory. All files?

Yes.

For instance, piwigo/galleries in the distribution include a index.php file, that seem to be changed or removed when piwigo is installed or run.

I don't think so, not here at least. Or if it was, then the last automatic update recreated it. It's identical to the one in the package.

Should piwigo/galleries and piwigo/_data be exempted in such a copy/over-write? More files/catalogs?

All directories where user content is to be written contain only a dummy text or index.php file that safely can be overwritten.

However, of course having a backup is always good ;-)

jason@barbanet · 2017-08-20 11:40:01

Thanks again :-)

jason@barbanet · 2018-06-28 10:24:00

I see now that https://piwigo.org/doc/doku.php?id=user … ade_manual contains howto for manual update/upgrade. Thanks for any comment on how it works.

/j

Piwigo.org

Announcement

#1 2017-08-04 09:19:00

Auto update, permission problem

#2 2017-08-19 19:27:47

Re: Auto update, permission problem

jason@barbanet wrote:

#3 2017-08-19 22:37:25

Re: Auto update, permission problem

Code:

Code:

#4 2017-08-20 09:54:22

Re: Auto update, permission problem

#5 2017-08-20 10:56:37

Re: Auto update, permission problem

erAck wrote:

#6 2017-08-20 11:17:21

Re: Auto update, permission problem

jason@barbanet wrote:

#7 2017-08-20 11:31:05

Re: Auto update, permission problem

#8 2017-08-20 11:38:58

Re: Auto update, permission problem

jason@barbanet wrote:

erAck wrote:

#9 2017-08-20 11:40:01

Re: Auto update, permission problem

#10 2018-06-28 10:24:00

Re: Auto update, permission problem

Board footer