SugarCRM SupportKnowledge BasePlatform ManagementRequired File System Permissions on Linux

Required File System Permissions on Linux

Overview

Sugar requires the ability to update and create files on your host server's files system. You will need to set the file and directory permissions in your Sugar installation folder so that the web server under which your Sugar installation is running, has the proper file access permissions. At a bare minimum, Sugar must be able to update and create files in the root of the Sugar installation as well as in certain directories and sub-directories. The Linux and Unix operating systems use a file permission system comprised of read, write, and execute permissions for the user and group that own the files and directories, as well as all other server users who have direct access to the file system. These file system permissions are represented by a numbering scheme that equates back to the file permissions.

When locking down file and folder permissions, it can be helpful to move Sugar log files to their own folder. Please refer to the Moving Log Files to Their Own Folders article for more information.

Setting Permissions Via Command Line

The permission scheme outlined below assumes that the host system user under which the web server is running is a member of the same group in which the Sugar files and directories belong. This is the standard setup for most hosting providers. For example, your web server would be running under the user "apache" and your files belong to the "apache" group. If this is not the case, run the following command from the root directory of your Sugar installation to set the user and group:

sudo chown -R apache:apache *

Sugar directories group write permissions. For maximum security, SugarCRM recommends 2770 permissions while most files should be set to mode 660 with the exception of ./bin/sugarcrm which should be set to mode 770. Run the following command from the root directory of your Sugar installation to set the necessary file permissions, then Sugar would require the following permissions:

sudo find . -type d -exec chmod 2770 {} \;
sudo find . -type f -exec chmod 660 {} \;
sudo chmod 770 bin/sugarcrm

These commands are provided thanks to our community member Francesca Shiekh.

Setting Permissions Via FTP Client

All FTP clients allow you to set file permissions on a specific file or directory. However, only some FTP clients allow you to recursively set the permissions on a given directory and all its sub-directories with a single command. Because Sugar requires that certain directories and their subdirectories require specific permissions, we highly recommend that you use an FTP client that can recursively set a directory's permissions. Recommended Windows-based FTP clients that have this capability are:

With your FTP client, connect to your server. Then right-click on the files and directories above and set the file permissions outlined above.

1and1.com Hosting-specific Information

Do not change any of the file permissions. 1and1.com has all files set at 644 and SugarCRM will be able to edit any file with that permission. However, you will receive an error such as "Warning: chmod() [function.chmod]: Permission denied in /include/utils/sugar_file_utils.php on line 196". This is because Sugar attempts to change the permissions on certain files from time to time and 1and1.com is not configured for to allow php to change permissions on files. The solution is to change line 196 in the file ./include/utils/sugar_file_utils.php to  return true; //chmod($filename, $mode);.

Last modified: 2018-05-12 00:46:03