What are the recommended permissions to work with a suitecrm instance in local development?

mario.martinez · 17 January 2023 03:45

The Downloading & Installing documentation recommends the following permissions.

find . -type d -not -perm 2755 -exec chmod 2755 {} \;
find . -type f -not -perm 0644 -exec chmod 0644 {} \;
find . ! -user www-data -exec chown www-data:www-data {} \;
chmod +x bin/console

But for work in the local development context, what are the recommended permissions? I ask the above because I have been working with a local instance of suitecrm 8 with the suggested permissions and I must do sudo every time I make a change

pgr · 17 January 2023 11:03

There are many ways to do this, but this is how I do it:

I don’t give any “world” permissions, I don’t see any reason for it. So my third digit is always 0.
My login user is pgr. I add it to the www-data group with sudo adduser pgr www-data. My logic is to ensure that my user has the same level of access (not less, and also not more) than www-data group.
I aim for every process to get their access through group digit (2nd), not owner digit (1st). This avoids one user “stealing” files from the other’s access (for example, when saving or creating new files).

I use

find . -type d -not -perm 2770 -exec chmod 2770 {} \;
find . -type f -not -perm 0660 -exec chmod 0660 {} \;
find . ! -group www-data -exec chown pgr:www-data {} \;
chmod +x bin/console

Using chown www-data:www-data would also work.

One interesting thing to watch out for: this scheme should not decay. It should not exhibit the sort of problems that some people have all the time, where files stop getting access for strange reasons. In this scheme, you should always see files and directories owned by pgr:www-data or www-data:www-data. If not, something needs fixing (either default_permissions array in config.php , or checking who else is logging in and messing with files).