Required File System Permissions on Linux
Overview
Sugar requires the ability to update and create files on your host server's files system. You will need to set the file and directory permissions in your Sugar installation folder so that the web server under which your Sugar installation is running, has the proper file access permissions. At a bare minimum, Sugar must be able to update and create files in the root of the Sugar installation as well as in certain directories and sub-directories. The Linux and Unix operating systems use a file permission system comprised of read, write, and execute permissions for the user and group that own the files and directories, as well as all other server users who have direct access to the file system. These file system permissions are represented by a numbering scheme that equates back to the file permissions.
When locking down file and folder permissions, it can be helpful to move Sugar log files to their own folder. Please refer to the Moving Log Files to Their Own Folders article for more information.
Setting Permissions Via Command Line
The permission scheme outlined below assumes that the host system user under which the web server is running is a member of the same group in which the Sugar files and directories belong. This is the standard setup for most hosting providers. For example, your web server would be running under the user "apache" and your files belong to the "apache" group. If this is not the case, run the following command from the root directory of your Sugar installation to set the user and group:
sudo chown -R apache:apache *
Sugar directories group write permissions. For maximum security, SugarCRM recommends 2770 permissions while most files should be set to mode 660 with the exception of ./bin/sugarcrm
which should be set to mode 770. Run the following command from the root directory of your Sugar installation to set the necessary file permissions, then Sugar would require the following permissions:
sudo find . -type d -exec chmod 2770 {} \; sudo find . -type f -exec chmod 660 {} \; sudo chmod 770 bin/sugarcrm
These commands are provided thanks to our SugarClub member Francesca Shiekh.
Setting Permissions Via FTP Client
All FTP clients allow you to set file permissions on a specific file or directory. However, only some FTP clients allow you to recursively set the permissions on a given directory and all its sub-directories with a single command. Because Sugar requires that certain directories and their subdirectories require specific permissions, we highly recommend that you use an FTP client that can recursively set a directory's permissions. Recommended Windows-based FTP clients that have this capability are:
With your FTP client, connect to your server. Then right-click on the files and directories above and set the file permissions outlined above.