I finally got past this by manually installing the autoloader and then rerunning the permissions as stated above. Completely installed and then :

Just completed uipgrade from 7.9 to 7.10.9 and after completing without errors i get “500 Internal Server Error”

The upgradewizad completed:
Wed, 17 Oct 2018 15:16:03 -0700 [UpgradeWizard] - at unlinkUWTempFiles()
Wed, 17 Oct 2018 15:17:01 -0700 [UpgradeWizard] - finished!
Wed, 17 Oct 2018 15:17:01 -0700 [UpgradeWizard] - Cleaning up the session. Goodbye.
Wed, 17 Oct 2018 15:17:01 -0700 [UpgradeWizard] - resetting $_SESSION

So if I understand correctly:

• you completed install
• you get a 500 error when you do what… simply try to access index.php?

Look in your Web server log (errors.log or php_errors.log, it’s enabled and defined in php.ini), there should be an explanation there.

I had to revert the system snapshot, but I did not see any major errors. I have added some more logging for when I run the upgrade again. I could not find a starting point to go after for the problem.

The upgrade completed and i believe when it did the reset it was over for me:

Wed, 17 Oct 2018 15:16:03 -0700 [UpgradeWizard] - at unlinkUWTempFiles()
Wed, 17 Oct 2018 15:17:01 -0700 [UpgradeWizard] - finished!
Wed, 17 Oct 2018 15:17:01 -0700 [UpgradeWizard] - Cleaning up the session. Goodbye.
Wed, 17 Oct 2018 15:17:01 -0700 [UpgradeWizard] - resetting $_SESSION

A few other clues hopefully:

Suitecrm.log has a mysql error:

Wed Oct 17 15:50:02 2018 [3055][6daf2cf4-f619-57bd-07aa-568d1bd8c647][FATAL] Query Failed: SELECT opportunities.id AS id FROM opportunities WHERE opportunities.sales_stage = ‘Resquest_Quote’ AND opportunities.date_modified > DATE_ADD(oppo
rtunities., INTERVAL ) AND opportunities.date_modified > ‘2017-03-30 05:22:13’ AND opportunities.date_entered <> opportunities.date_modified AND NOT EXISTS (SELECT * FROM aow_processed WHERE aow_processed.aow_workflow_id=‘11c6c258-0784-863c-0ddb-58dc96a746a2’ AND aow_processed.parent_id=opportunities.id AND aow_processed.status = ‘Complete’ AND aow_processed.deleted = 0) AND opportunities.deleted = 0 : MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ’ INTERVAL ) AND opportunities.date_modified > ‘2017-03-30 05:22:13’ AND opport’ at line 1
Wed Oct 17 15:50:02 2018 [3055][1][DEPRECATED] Formatting correction: SchedulersJobs->date_entered had formatting automatically corrected. This will be removed in the future, please upgrade your external code
Wed Oct 17 15:50:02 2018 [3055][1][DEPRECATED] Formatting correction: SchedulersJobs->date_modified had formatting automatically corrected. This will be removed in the future, please upgrade your external code
:
httpd error found:

=Login&loginErrorMe ssage=LBL_SESSION_EXPIRED

That SQL error is recognizable by the INTERVAL keyword without any value there.

See https://github.com/salesagility/SuiteCRM/issues/6328

There’s a suggestion for a fix there.

MY upgrade from SuiteCRM Upgrade from 7.9.8 to 7.10.9 has never completed. I need some help on this. Though the composer seems to be fine now, installation never fully completes and when you go into UPGRADE WIZARD it goes back to the screen that it goes back to the PREFLIGHT. IF you continue it will never complete. If you cancel it will still resume from this point.

I have gone through permissions, SQL, etc. I have reverted the upgrade again and have run Diagnostics. My suitecrm.log has mostly DEPRECIATED warnings and a few small ERRORS. not much to look at.

Some details:
System Linux suite.bccs.com 3.10.0-693.11.1.el7.x86_64 #1 SMP Mon Dec 4 23:52:40 UTC 2017 x86_64
PHP Version 7.1.23
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.23
Your MySQL Server version: 5.6.41 MySQL Community Server (GPL)

Upgrades finish something like this:

Thu, 25 Oct 2018 14:43:51 -0700 [UpgradeWizard] - Upgrade started. At start.php
Thu, 25 Oct 2018 14:43:51 -0700 [UpgradeWizard] - at unlinkUWTempFiles()
Thu, 25 Oct 2018 14:43:51 -0700 [UpgradeWizard] - finished!
Thu, 25 Oct 2018 14:43:51 -0700 [UpgradeWizard] - resetting $_SESSION

Once the reset goes the Sever dies.

I am open for ideas.

In your php.ini, you have settings for another error log (usually called php_errrors.log or errors.log). Are you also looking at this log?

When the server gives a 500 error (is that what it shows on the browser?) there should be a PHP Fatal error there. We need to start from some clue…

Sorry for reviving an old thread but it appears this was never resolved.

Did anyone figure out the root cause here? I’m not a PHP guy and don’t know the internals of what composer does although I guess it is like gem or npm or pip.

Trying to do a command line upgrade from 7.11.18 to 7.11.20 per the docs here

My install was done from zip, not from git.

Note, I am running running robo via php because ./vendors/bin/robo is not executable. But that doesn’t make a difference.

root@suitecrm:/opt/apps/suitecrm# php ./vendor/bin/robo upgrade:suite /tmp/SuiteCRM-Upgrade-7.11.x-to-7.11.20.zip ./upgrade.log . mattp
Could not find autoloader. Run 'composer install'.root@suitecrm:/opt/apps/suitecrm#
root@suitecrm:/opt/apps/suitecrm# apt-get install -y composer
#...
root@suitecrm:/opt/apps/suitecrm# sudo -u www-data composer install
Cannot create cache directory /var/www/.composer/cache/repo/https---repo.packagist.org/, or directory is not writable. Proceeding without cache
Cannot create cache directory /var/www/.composer/cache/files/, or directory is not writable. Proceeding without cache
Loading composer repositories with package information
Installing dependencies (including require-dev) from lock file
Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - jeremykendall/php-domain-parser 4.0.3-alpha requires ext-intl * -> the requested PHP extension intl is missing from your system.
    - jeremykendall/php-domain-parser 4.0.3-alpha requires ext-intl * -> the requested PHP extension intl is missing from your system.
    - Installation request for jeremykendall/php-domain-parser 4.0.3-alpha -> satisfiable by jeremykendall/php-domain-parser[4.0.3-alpha].

  To enable extensions, verify that they are enabled in your .ini files:
    - /etc/php/7.2/cli/php.ini
    - /etc/php/7.2/cli/conf.d/10-mysqlnd.ini
    - /etc/php/7.2/cli/conf.d/10-opcache.ini
    - /etc/php/7.2/cli/conf.d/10-pdo.ini
    - /etc/php/7.2/cli/conf.d/15-xml.ini
    - /etc/php/7.2/cli/conf.d/20-calendar.ini
    - /etc/php/7.2/cli/conf.d/20-ctype.ini
    - /etc/php/7.2/cli/conf.d/20-curl.ini
    - /etc/php/7.2/cli/conf.d/20-dom.ini
    - /etc/php/7.2/cli/conf.d/20-exif.ini
    - /etc/php/7.2/cli/conf.d/20-fileinfo.ini
    - /etc/php/7.2/cli/conf.d/20-ftp.ini
    - /etc/php/7.2/cli/conf.d/20-gd.ini
    - /etc/php/7.2/cli/conf.d/20-gettext.ini
    - /etc/php/7.2/cli/conf.d/20-iconv.ini
    - /etc/php/7.2/cli/conf.d/20-imap.ini
    - /etc/php/7.2/cli/conf.d/20-json.ini
    - /etc/php/7.2/cli/conf.d/20-mbstring.ini
    - /etc/php/7.2/cli/conf.d/20-mysqli.ini
    - /etc/php/7.2/cli/conf.d/20-pdo_mysql.ini
    - /etc/php/7.2/cli/conf.d/20-phar.ini
    - /etc/php/7.2/cli/conf.d/20-posix.ini
    - /etc/php/7.2/cli/conf.d/20-readline.ini
    - /etc/php/7.2/cli/conf.d/20-shmop.ini
    - /etc/php/7.2/cli/conf.d/20-simplexml.ini
    - /etc/php/7.2/cli/conf.d/20-sockets.ini
    - /etc/php/7.2/cli/conf.d/20-sysvmsg.ini
    - /etc/php/7.2/cli/conf.d/20-sysvsem.ini
    - /etc/php/7.2/cli/conf.d/20-sysvshm.ini
    - /etc/php/7.2/cli/conf.d/20-tokenizer.ini
    - /etc/php/7.2/cli/conf.d/20-wddx.ini
    - /etc/php/7.2/cli/conf.d/20-xmlreader.ini
    - /etc/php/7.2/cli/conf.d/20-xmlwriter.ini
    - /etc/php/7.2/cli/conf.d/20-xsl.ini
    - /etc/php/7.2/cli/conf.d/20-zip.ini
  You can also run `php --ini` inside terminal to see which files are used by PHP in CLI mode.
root@suitecrm:/opt/apps/suitecrm#

SuiteCRM otherwise runs without any errors from the zip install. So it just seems like the upgrade process requires extra tooling or config wrangling to get it working. As there are some CVEs addressed in the latest updates…pretty important the upgrade process works relatively easily.

Before command line I tried with upgrade wizard in the UI but the upload step was stalling out at 0% or 1%. I tried to cancel the upgrade wizard or use the back button. No dice. Reloading the site and re-navigating to upgrade wizard puts me back at the upload step (step 2 after system checks). Not sure how to cancel that process (probably need to delete some upgrade state files?).

That would be great if true but doesn’t appear to be for a zip install of 7.11.18 trying to upgrade to 7.11.20.

@mattp

1. Clean the directory: cache/upgrades
2. Delete files of current upgrade from: upload/upgrades/patch

Cool thanks. Might be useful to put this in the docs for when “cancel” button doesn’t do anything.

image935×518 37.9 KB

As the upgrade wizard upload is currently broken (webserver client body limits are fine, but I haven’t dug into PHP settings yet) I will probably just stick with trying to get the command line upgrade working.

@mattp
I checked buttons. You right that the bottom button doesn’t work correctly but top button work normal. It should be fix.

Ah cool. I didn’t think to try the top button. The back button (maybe just bottom also) was also not working for me.

command line upgrade issues…

I’d still be interested in any advice on the command line upgrade issues as that is a more scriptable (or formulaic) type procedure that can be easier to document and follow assuming the right dependencies, permissions, etc.

The install procedure I used (ignoring webserver/php config) was the following:

• unzip zip to <install_dir>
• chown -R www-data:www-data <install_dir>
• chmod all dirs (using find) to 2770 (770 + setgid)
• chmod all files (using find) to 660

So I suspect that maybe I took away executable permission from something that needed it? I originally figured none of the files should be executable as they would just need to be read by the webserver user. Even running ./vendors/bin/robo can be accomplished by invoking php and passing the script as the argument.

But maybe something else really needs executable permission for some reason? I tend to try and err on the side of caution and prefer not to start giving execute permission to files unless they really need it.

In summary, a few questions:

• is composer really necessary dependency in order to run upgrade?
  • If so are there any others?
  • would be great to have the upgrade docs updated to indicate additional required dependencies for upgrade (that weren’t needed for install from zip).
• do any of the project files really need execute permissions for the upgrade to work or is running php ./vendors/bin/robo sufficient? If so it would be great to get a listing of the specific scripts or script directories so we can be more surgical with our execution permission grant.

I think your “missing link” here is PHP modules. That’s what the error above is complaining about (ext-intl). And that is a problem no matter which method you use (zip, github, whatever).

For PHP 7.3 I usually install all these on Ubuntu:

apt install zip unzip iotop htop php-mbstring php7.3-mbstring php-gettext php7.3-xml php7.3-zip php7.3-imap php7.3-gd php7.3-curl php7.3-intl php7.3-mysql php-gd phpmyadmin

some of those are just utilities, not actual SuiteCRM requirements.

Hmmm. Well at least some modules were definitely installed as deps based on the install docs and installer checks when running install from zip. The ones currently installed are:

• json
• xml
• mbstring
• zip
• curl
• gd
• mysql
• imap

So maybe although I installed composer it is not finding the installed modules (maybe looking in a different PHP version or something strange).

root@suitecrm:/opt/apps/suitecrm# ls -1 /etc/php/7.2/mods-available/
calendar.ini
ctype.ini
curl.ini
dom.ini
exif.ini
fileinfo.ini
ftp.ini
gd.ini
gettext.ini
iconv.ini
imap.ini
json.ini
mbstring.ini
mysqli.ini
mysqlnd.ini
opcache.ini
pdo.ini
pdo_mysql.ini
phar.ini
posix.ini
readline.ini
shmop.ini
simplexml.ini
sockets.ini
sysvmsg.ini
sysvsem.ini
sysvshm.ini
tokenizer.ini
wddx.ini
xml.ini
xmlreader.ini
xmlwriter.ini
xsl.ini
zip.ini

FWIW there is only one version of php installed on this machine (7.2).

root@suitecrm:/opt/apps/suitecrm# ls -1 /etc/php/
7.2

But maybe it is just the intl module that is missing and causing the problem? I triple checked module requirements when doing the original install and the installer didn’t complain in its checks (complained about other missing modules which I added later).

So it sounds like installing the composer package is a requirement for running command line updater?

I was just following the docs which said to run the robo script…but that generated an error which started this issue…

Could not find autoloader. Run ‘composer install’

And running composer install manually is also a requirement for command line updater?

And it sounds like you are saying composer install is not working because composer is not finding the intl php module?

Just want to make sure I understand you before I go down that rabbit hole. Thanks.

So, even if you have only one PHP version, you probably have two PHP “engines”: web server and command-line (CLI).

What you’re seeing is consistent with missing PHP modules on the CLI side only (which is what composer uses, but not what the SuiteCRM app uses).

Typing php -i from the command-line gives you the report for CLI, check your modules there.

Downloading from inside the app, in Admin / Diagnostics / phpinfo, gives you the “other” PHP, web server.

Running php -i shows the same php modules as the web side shows. Indeed I think this is just about the missing intl module you pointed out which is not documented as required on the install page, upgrade page or checked as a required module by the SuiteCRM installer.

So I installed the intl module package (single ubuntu package apparently installs module for both CLI and web side) and tried again.

root@suitecrm:/opt/apps/suitecrm# php ./vendor/bin/robo upgrade:suite /tmp/SuiteCRM-Upgrade-7.11.x-to-7.11.20.zip ./upgrade.log . mattp
Could not find autoloader. Run 'composer install'.root@suitecrm:/opt/apps/suitecrm# ^C
root@suitecrm:/opt/apps/suitecrm# sudo -u www-data composer install
Cannot create cache directory /var/www/.composer/cache/repo/https---repo.packagist.org/, or directory is not writable. Proceeding without cache
Cannot create cache directory /var/www/.composer/cache/files/, or directory is not writable. Proceeding without cache
Loading composer repositories with package information
Installing dependencies (including require-dev) from lock file
Nothing to install or update
Package container-interop/container-interop is abandoned, you should avoid using it. Use psr/container instead.
Package facebook/webdriver is abandoned, you should avoid using it. Use php-webdriver/webdriver instead.
Package flow/jsonpath is abandoned, you should avoid using it. Use softcreatr/jsonpath instead.
Package fzaninotto/faker is abandoned, you should avoid using it. No replacement was suggested.
Package guzzlehttp/ringphp is abandoned, you should avoid using it. No replacement was suggested.
Package guzzlehttp/streams is abandoned, you should avoid using it. No replacement was suggested.
Package leafo/scssphp is abandoned, you should avoid using it. Use scssphp/scssphp instead.
Package phpunit/php-token-stream is abandoned, you should avoid using it. No replacement was suggested.
Package phpunit/phpunit-mock-objects is abandoned, you should avoid using it. No replacement was suggested.
Generating optimized autoload files
Deprecation Notice: Class Zend_Validate_Barcode_IntelligentMail located in ./vendor/zf1/zend-validate/library/Zend/Validate/Barcode/Intelligentmail.php does not comply with psr-0 autoloading standard. It will not autoload anymore in Composer v2.0. in /usr/share/php/Composer/Autoload/ClassMapGenerator.php:201
Deprecation Notice: Class Zend_Gdata_Analytics_Goal located in ./vendor/zf1/zend-gdata/library/Zend/Gdata/Analytics/Extension/Goal.php does not comply with psr-0 autoloading standard. It will not autoload anymore in Composer v2.0. in /usr/share/php/Composer/Autoload/ClassMapGenerator.php:201
Deprecation Notice: Class Flow\JSONPath\Test\JSONPathBenchmarks located in ./vendor/flow/jsonpath/tests/JSONPathBenchmarks.php does not comply with psr-0 autoloading standard. It will not autoload anymore in Composer v2.0. in /usr/share/php/Composer/Autoload/ClassMapGenerator.php:201
Deprecation Notice: Class Flow\JSONPath\Test\JSONPathTest located in ./vendor/flow/jsonpath/tests/JSONPathTest.php does not comply with psr-0 autoloading standard. It will not autoload anymore in Composer v2.0. in /usr/share/php/Composer/Autoload/ClassMapGenerator.php:201
Deprecation Notice: Class Flow\JSONPath\Test\JSONPathTestClass located in ./vendor/flow/jsonpath/tests/JSONPathTest.php does not comply with psr-0 autoloading standard. It will not autoload anymore in Composer v2.0. in /usr/share/php/Composer/Autoload/ClassMapGenerator.php:201
Deprecation Notice: Class Flow\JSONPath\Test\JSONPathLexerTest located in ./vendor/flow/jsonpath/tests/JSONPathLexerTest.php does not comply with psr-0 autoloading standard. It will not autoload anymore in Composer v2.0. in /usr/share/php/Composer/Autoload/ClassMapGenerator.php:201
Deprecation Notice: Class Flow\JSONPath\Test\JSONPathArrayAccessTest located in ./vendor/flow/jsonpath/tests/JSONPathArrayAccessTest.php does not comply with psr-0 autoloading standard. It will not autoload anymore in Composer v2.0. in /usr/share/php/Composer/Autoload/ClassMapGenerator.php:201
Carbon 1 is deprecated, see how to migrate to Carbon 2.
https://carbon.nesbot.com/docs/#api-carbon-2
    You can run './vendor/bin/upgrade-carbon' to get help in updating carbon and other frameworks and libraries that depend on it.
34 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
> rm -Rf vendor/elasticsearch/elasticsearch/tests/Elasticsearch/Tests
> mv vendor/google/apiclient-services/src/Google/Service/Calendar* vendor/google/apiclient-services/src/Google/
> rm -Rf vendor/google/apiclient-services/src/Google/Service/*
> mv vendor/google/apiclient-services/src/Google/Calendar* vendor/google/apiclient-services/src/Google/Service/
root@suitecrm:/opt/apps/suitecrm#
root@suitecrm:/opt/apps/suitecrm# sudo -u www-data php ./vendor/bin/robo upgrade:suite /tmp/SuiteCRM-Upgrade-7.11.x-to-7.11.20.zip ./upgrade.log . mattp
Could not find autoloader. Run 'composer install'.root@suitecrm:/opt/apps/suitecrm#
root@suitecrm:/opt/apps/suitecrm#

As you can see the error

Could not find autoloader. Run ‘composer install’

Is still there when trying to run the upgrade.

Running composer install now runs without error (because missing intl module is now installed).

However this doesn’t resolve the issue: Could not find autoloader. when trying to run the upgrade.

Strange. Do you have a autoload.php file in vendor directory? Is it readable, does it have proper ownership and permissions?

Yep.

root@suitecrm:/opt/apps/suitecrm# ls -lha ./vendor/autoload.php
-rw-rw---- 1 www-data www-data 178 Nov  5  2020 ./vendor/autoload.php

• File is there
• owner is www-data like the rest
• perms are 660 like the rest of the files as I mentioned above.

Normally I don’t grant +x to php files as they just need to be read by webserver and not treated as stand-alone executables. Scripts can always be run by invoking php /path/to/read-but-not-execute-script.php.

However it is possible that the way your update process is constructed, it relies on specific php files having execute permissions (that’s not the error message, but could be the underlying problem)? If so it would be great to have a list of SuiteCRM files that need execute permissions in the docs so we can keep the filesystem permissions as locked down as possible (ie not making every php file executable).

So the obvious thing here is just to look at the code.

This doesn’t appear to have anything to do with permissions but rather that ./vendor/bin/robo is not looking in the right place for autoload.php. I hadn’t modified these files so this is either a bug that no one else is running into (no one using command line upgrade?) or something weird about my OS/php install in terms of how __DIR__ is defined.

./vendor/bin/robo

…has at the top:

//  Non-phar autoloader paths
$candidates = [
    __DIR__.'/vendor/autoload.php',
    __DIR__.'/../../autoload.php',
];

I don’t know what phar is…but since I am running robo from command line I guess it shouldn’t apply.

So a simple thing to do is check what __DIR__ is so I added echo '__DIR__: '.__DIR__; after the $candidates declaration and tried to run the robo upgrade again…

root@suitecrm:/opt/apps/suitecrm# sudo -u www-data php ./vendor/bin/robo upgrade:suite /tmp/SuiteCRM-Upgrade-7.11.x-to-7.11.20.zip ./upgrade.log . mattp
__DIR__: /opt/apps/suitecrm/vendor/binCould not find autoloader. Run 'composer install'.root@suitecrm:/opt/apps/suitecrm#

The output: __DIR__: /opt/apps/suitecrm/vendor/bin
implies that the $candidates are resolving to:

• /opt/apps/suitecrm/vendor/bin/vendor/autoload.php
• /opt/apps/suitecrm/vendor/bin/../../autoload.php (/opt/apps/suitecrm/autoload.php after resolving /../../)

Neither of these paths are correct.

Updating $candidates to add the correct search path for autoload.php (the third entry)…

$candidates = [
    __DIR__.'/vendor/autoload.php',
    __DIR__.'/../../autoload.php',
    __DIR__.'/../autoload.php',
];

and running again…

root@suitecrm:/opt/apps/suitecrm# sudo -u www-data php ./vendor/bin/robo upgrade:suite /tmp/SuiteCRM-Upgrade-7.11.x-to-7.11.20.zip ./upgrade.log . mattp
➜  Upgrade SuiteCRM
 [Exec] Running php modules/UpgradeWizard/silentUpgrade.php /tmp/SuiteCRM-Upgrade-7.11.x-to-7.11.20.zip ./upgrade.log . mattp

********************************************************************
***************This Upgrade process may take sometime***************
********************************************************************

PHP Notice:  Array to string conversion in /opt/apps/suitecrm/include/database/DBManager.php on line 887

...

********************************************************************
*************************** SUCCESS*********************************
********************************************************************
******** If your pre-upgrade Leads data is not showing  ************
******** Or you see errors in detailview subpanels  ****************
************* In order to resolve them  ****************************
******** Log into application as Administrator  ********************
******** Go to Admin panel  ****************************************
******** Run Repair -> Rebuild Relationships  **********************
********************************************************************
 [Exec] Done in 30.202s
➜  Upgrade Complete!
root@suitecrm:/opt/apps/suitecrm#

So is this a bug in robo? If so is no one else upgrading their SuiteCRM installs via command line in order to get security patches?

Or is this some artifact of my OS/install/config. As I mentioned earlier my install is pretty basic. Unzip. Set owner/group. Set folder perms, set file perms.

root@suitecrm:/opt/apps/suitecrm# uname -a
Linux suitecrm.<redacted> 5.4.0-74-generic #83-Ubuntu SMP Sat May 8 02:35:39 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
root@suitecrm:/opt/apps/suitecrm# cat /etc/os-release
NAME="Ubuntu"
VERSION="20.04.2 LTS (Focal Fossa)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 20.04.2 LTS"
VERSION_ID="20.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal
root@suitecrm:/opt/apps/suitecrm#

EDIT: I missed a crucial negative in this first sentence wrong so I edited it

I think you’re right, the PHP files DON’T need executable permission. But it is true that 99% of installations out there (including mine) have that bit set, that’s how the recommended permissions are proposed. So there might be something unexpected, or less tested, happening here. A simple way to test it is to add those permissions and see if the operation succeeds.

Watch out for execute permissions on directories - those are needed to traverse the directory.

Something like this could help:

find /path/to/base/dir -type d -exec chmod 2750 {} +

I tend to be very cautious following install guides with blanket permissions. PHP files shouldn’t need execute bit unless you want to run them directly as a script using the shebang to specify the interpreter.

root@suitecrm:/opt/apps/suitecrm# head -n1 vendor/bin/robo
#!/usr/bin/env php

If you aren’t regularly running these as scripts (e.g. from CLI rather than webserver) then there is no need for that shortcut and you can just specify the interpreter and the execute bit isn’t needed on the php script (e.g. php /path/to/no-execute-script.php.

I would guess the only time you would need execute permissions would be if you had a php script you ran (e.g. robo) that was trying to execute another php script (not include) as a separate process by invoking the script name directly without specifying the php interpreter as the binary before the script path.

As I mentioned earlier, I generally use find to apply permissions because files and directories need different treatment. As you noted directories DO need execute permission for listing/traversal. Our SuiteCRM setup currently uses 660 on files and 2770 on directories and this works fine. By the way the reason for permissive group permissions and the setgid on directories is because we have SFTP users that are added to the group and need to be able to read/write/create files. Files created need to belong to same group so webserver can still read them and vice versa. Often we use a different group than www-data something like suitecrm-admins which will include any suitecrm SFTP users as well as the webserver user. On fully provisioned, no manual editing setups, then webserver user is the only one that needs any access.

I think we were posting at the same time. This turns out to have nothing to do with permissions and is a bug with path resolution for autoload.php in the robo script.