Folder Permissions corrector Script

Hi There,
Is this script is correct to run to correct folder and files permissions for the CRM please ?

Fixing SugarCRM file and directory permissions...

<?php
//
// fix-permissions.php
// 22 August 2011
// for SugarCRM 5 and 6.
// Not tested on other releases, but may work.
//
// fix-permissions-v2.php
// 29 Jan 2012
// Adapted to work on the more restrictive shared servers 
// that block access to PHP function "system()" for security reasons.
//
// v3
// with contribution from Courtney L. Bostdorff (selfmade64856).
// - two separate sets of permissions:
// - 755 all folders and 644 all files, except
// - 775 (4 folders and all their subfolders) and 664 (3 files in the Sugar root, and all files in all the subdirectories of the 4 folders).
// - todo: add support for automatic modification of the default_permissions in ./config.pgp and ./include/utils.php
//
// Purpose: Allows SugarCRM to run correctly on a Linux shared web hosting acount
// by fixing file permissions to 644 and folder permissions to 755.
// v3.0: 2 sets of permissions for files/folders, 
// and 2 sets of permissions for variables in config.php and util.php
//
// Credits: Adapted by Chris Coleman of www.ESPACEnetworks.com
//
// Directions:
// 1) Save this file in the base folder of your SugarCRM installation.
// Example: Your company's SugarCRM instance is at the URL http://www.mycompany.com/crm
// SugarCRM files are installed on the Linux shared host on the folder: public_html/crm 
// So save this file at the location: public_html/crm/fix-permissions.php
// 2) To run this file, view the corresponding URL in your browswer:
//  http://www.mycompany.com/crm/fix-permissions.php
//
// Questions or feedback, feel free to contact me.
// -Chris Coleman
//
/**
 * get execution time in seconds at current point of call in seconds
 * @return float Execution time at this point of call
 */
function get_execution_time()
{
    static $microtime_start = null;
    if($microtime_start === null)
    {
        $microtime_start = microtime(true);
        return 0.0; 
    }    
    return microtime(true) - $microtime_start; 
}
get_execution_time();	//set start point to now.

function chmod_R($path, $filemode = 0644, $dirmode = 0755) {
if (is_dir($path) ) {
if (!chmod($path, $dirmode)) {
$dirmode_str=decoct($dirmode);
print “Failed applying filemode ‘$dirmode_str’ on directory ‘$path’\n”;
print " `-> the directory ‘$path’ will be skipped from recursive chmod\n";
return;
}
$dh = opendir($path);
while (($file = readdir($dh)) !== false) {
if($file != ‘.’ && $file != ‘…’) { // skip self and parent pointing directories
$fullpath = $path.’/’.$file;
chmod_R($fullpath, $filemode,$dirmode);
}
}
closedir($dh);
} else {
if (is_link($path)) {
print “link ‘$path’ is skipped\n”;
return;
}
if (!chmod($path, $filemode)) {
$filemode_str=decoct($filemode);
print “Failed applying filemode ‘$filemode_str’ on file ‘$path’\n”;
return;
}
}
}

$current_user = get_current_user();
echo ’ Script owner: ’ . $current_user . ‘
’;
$processUser = posix_getpwuid(posix_geteuid());
$processUserName = $processUser[‘name’];
echo ‘Process owner: ‘. $processUserName .’
’;

// Phase I: 644 all files, 755 all folders.

echo “

Phase I: Permissions. 644 all files, 755 all folders

Fixing: set all files to 644, all folders to 755, recursively.
”;
chmod_R ( “./” );

// Phase II: 664 files, 775 folders.

echo “

Phase II: Permissions. Some files 664 and some folders 775.

Fixing config.php
”;
chmod_R ( “./config.php”, 0664, 0775 );
echo “
Fixing config_override.php
”;
chmod_R ( “./config_override.php”, 0664, 0775 );
echo “
Fixing sugarcrm.log
”;
chmod_R ( “./sugarcrm.log”, 0664, 0775 );
echo “
Fixing cache dir (all files and subdirs)
”;
chmod_R ( “./cache”, 0664, 0775 );
echo “
Fixing custom dir (all files and subdirs)
”;
chmod_R ( “./custom”, 0664, 0775 );
echo “
Fixing data dir (all files and subdirs)
”;
chmod_R ( “./data”, 0664, 0775 );
echo “
Fixing modules dir (all files and subdirs)
”;
chmod_R ( “./modules”, 0664, 0775 );

//Phase III: Fix settings inside ./config.php and ./include/utils.php

echo "

Phase III: Do the following manually.

Fix the default_permissions setting in 3 places:

1) ./config.php

";

$fixed_config = “‘dir_mode’ => 02755,\n ‘file_mode’ => 0644,\n ‘user’ => ‘$current_user’,\n ‘group’ => ‘$current_user’,”;
echo " ‘default_permissions’ => array (
$fixed_config
),
\n";

echo "

2) ./include/utils.php - in the function make_sugar_config() - line 138

";

$fixed_make_sugar_config = “‘dir_mode’ => 02770,\n ‘file_mode’ => 0660,\n ‘chown’ => ‘$current_user’,\n ‘chgroup’ => ‘$current_user’,”;

echo " ‘default_permissions’ => array (
$fixed_make_sugar_config
),
\n";

echo “

3) ./include/utils.php - in the function get_sugar_config_defaults() - line 264

”;

$fixed_get_sugar_config_defaults = “‘dir_mode’ => 02770,\n ‘file_mode’ => 0660,\n ‘user’ => ‘$current_user’,\n ‘group’ => ‘$current_user’,”;

echo " ‘default_permissions’ => array (
$fixed_get_sugar_config_defaults
),
\n";

echo “
Done.
”;
echo “
Execution time: “.get_execution_time().” seconds.

?>

Hi,

We tried upgrading three instances from Sugar CE to Suite CRM 7.0.2 or 7.0.1

One went from Sugar CE to 7.0.2 directly
One went from Sugar CE to 7.0.1 directly
One went from Sugar CE to 7.0.1 > 7.0.2 in two stages

In all cases, on subsequent visits to the Upgrade Wizard I noticed that the message displayed after check.

File Permissions: Show Files with Bad Permissions

And there are several files with bad permissions that prevent another upgrade in /Cache folder.
/opt/bitnami/apps/sugarcrm/htdocs/cache/

Is this expected result after you upgrade to Suite CRM? Am I doing something wrong, or need a post upgrade script to fix permissions like the one mentioned on this request?

I have started these with the bitnami version for quick initial testing. Is that the issue?

Also to note the 7.0.1 version appeared to have a bug with security roles not displaying for AOS modules. This appears fixed in 7.0.2.

Any help or guidance is appreciated :slight_smile:

Bill

Did you try the script above ?

I did not try the script above yet, I was wondering if it is expected to have to do this kind of post deployment work, or if this was indicative of something wrong with my install/upgrade process

A point that I will share about file/folder permissions that I haven’t figured out yet. I have some installs on Hostgator that were initially installed from the quickinstaller in cpanel. They worked fine until I would upload any module which would change the permissions and then things would be broken until I reset them. I even went in and edited the config files to prevent it happening and it continues, to this day. I upgraded these installs to SuiteCRM and still have the problems. I did a clean install of SuiteCRM on the same hosting account from the download and no problem. Even when adding modules, no problem. So I went back and compared permissions in the config and they are identical for the SuiteCRM from a clean install of the download and the versions that originated from the quickinstaller. But everytime I install something on those versions, they break! Go figure that one out!

I too have noticed after upgrades/installs permissions get skewed. Not being in a hosted environment I occasionally and especially right before upgrading ensure permissions are set accordingly like below.

sudo chmod -R 755 /“WebRoot”

sudo chmod -R 775 /“WebRoot”/cache custom modules themes data upload config_override.php

-Nate

After three fresh installs with the UK language pack installed i’ve caught up with the rest of you and found that it’s the permissions getting screwed up when modules are installed that breaks my install. I found that I was unable to save email settings and the dashlets wouldn’t load either. just wanted to add my experience if it helps anyone else struggling with a broken system

Tried a few times to correct the permissions via chmod and through webmin as per the posts on here but couldn’t seem to fix it so for now i’ll be running in american and without any click to dial support. It’s a bit frustrating that there doesn’t seem to be a fix for it.

Overall though this is a great CRM and i’m hoping to be able to move from Vtiger if these issues get fixed and i can figure out how to export everything including notes from vtiger!

Great work, thanks

I agree with the above - adding the Eng-UK language pack breaks the permissions and causes errors.
I think this needs adding as an actual bug to be investigated as it’s highly frustrating…

Hello, its a matter of ownership for the filesystem and other issues, maybe (like in the case of hostgator) the problems with the dashboard are created when an ajax call is started and the server respond with a error -406 not acceptable- caused by the Mod_security from the php not allowing to some files from the cache being executed due the fact they are dinamically created and the ownership of this files are set to the user of the host who are not part of the apache group so the apache (hostgator uses nginx like other hosting companies) are not allowed to execute it.

I solve this issue by chating with technical support and after explain what happens with the ownership of the files the technician agreed to include my user in the apache group or by whitelisting the folder (i really dont know that because in the filesystem in the matter of ownership apparently dont change anything, the files are still belonging to the host username).

This dont resolve the issues aparently, but the ajax call receive an answer, and still dont work the dashlet/tab creation, I start to analyze the ajax response and found a php warning trowing in the middle of the refence url. so the call are not being complete because the url of the ajax was wrong. So my solution for this thus not being the most standard or in someway good, was turn the php error report off in the index file.

The warning was about a null array, i need to fix this , but the system are now completly functional (i think).