Grav - Permission
In general, permission is a process of permitting to do something on your hosting environment. The permission includes read or write access to the files on the server or editing the files on the file system. Grav is a flat file based CMS which needs to write to the file system for creating cache and log files.
Grav comes under three main scenarios −
PHP/Webserver runs with same user that edits the files
This scenario works great with most shared hosting setup and also for local development. On the dedicated web host, we can't consider this approach as secure enough.
PHP/Webserver runs with different accounts but same group
With 775 and 664 permissions using shared group between the user and PHP/Webserver account, you can ensure that two different accounts will have the Read/Write access to the files. We can create new files by setting umask 0002 on the root with proper permissions.
Different accounts, fix permissions manually
This approach will have different accounts and update the ownership and permission of files which ensure that the PHP/Webserver user will have the Read/Write access on the files.
Following is the simple code of permissions-fixing shell script. You can edit this file as per the group which works for the setup.
#!/bin/sh chown joeblow:staff . chown -R joeblow:staff * find . -type f ! -path "./bin/" | xargs chmod 664 find . -type f -path "./bin/" | xargs chmod 775 find . -type d | xargs chmod 775 find . -type d | xargs chmod +s umask 0002
chown joeblow:staff is used to change the group and user of the directory to joeblow and staff.
chown -R joeblow:staff * line changes the ownership of the files and subfolder to joeblow and staff.
The line find . -type f ! -path "./bin/" | xargs chmod 664 sets 664 permissions for all files from the directory to Read for the others and Read/Write for group and user.
The line find . -type f -path "./bin/" | xargs chmod 775 sets 775 permissions for all files from the directory to RX for the others and RWX for group and user.
umask 0002 is used to create new files with 664 and 775 permissions.