CINXE.COM

<!DOCTYPE html> <html lang="en" dir="ltr" class="no-js"> <head> <meta charset="utf-8" /> <title>install:permissions [DokuWiki]</title> <meta name="generator" content="DokuWiki"/> <meta name="theme-color" content="#008800"/> <meta name="robots" content="index,follow"/> <meta name="keywords" content="install,permissions"/> <link rel="search" type="application/opensearchdescription+xml" href="/lib/exe/opensearch.php" title="DokuWiki"/> <link rel="start" href="/"/> <link rel="contents" href="/install:permissions?do=index" title="Sitemap"/> <link rel="manifest" href="/lib/exe/manifest.php"/> <link rel="alternate" type="application/rss+xml" title="Recent Changes" href="/feed.php"/> <link rel="alternate" type="application/rss+xml" title="Current namespace" href="/feed.php?mode=list&ns=install"/> <link rel="edit" title="Edit this page" href="/install:permissions?do=edit"/> <link rel="alternate" type="text/html" title="Plain HTML" href="/_export/xhtml/install:permissions"/> <link rel="alternate" type="text/plain" title="Wiki Markup" href="/_export/raw/install:permissions"/> <link rel="canonical" href="https://www.dokuwiki.org/install:permissions"/> <link rel="stylesheet" href="/lib/exe/css.php?t=dokuwiki&tseed=f1005bad3d81fc9c803c7f93d32a390e"/> <link rel="alternate" hreflang="de" href="https://www.dokuwiki.org/de:install:permissions"/> <link rel="alternate" hreflang="fr" href="https://www.dokuwiki.org/fr:install:permissions"/> <link rel="alternate" hreflang="ko" href="https://www.dokuwiki.org/ko:install:permissions"/> <link rel="alternate" hreflang="ru" href="https://www.dokuwiki.org/ru:install:permissions"/> <link rel="alternate" hreflang="zh" href="https://www.dokuwiki.org/zh:install:permissions"/> <link rel="alternate" hreflang="x-default" href="https://www.dokuwiki.org/install:permissions"/> <script >var NS='install';var JSINFO = {"plugins":{"edittable":{"default columnwidth":""}},"id":"install:permissions","namespace":"install","ACT":"show","useHeadingNavigation":0,"useHeadingContent":0};(function(H){H.className=H.className.replace(/\bno-js\b/,'js')})(document.documentElement);</script> <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.4/jquery.min.js" defer="defer"></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.13.2/jquery-ui.min.js" defer="defer"></script> <script src="/lib/exe/js.php?t=dokuwiki&tseed=f1005bad3d81fc9c803c7f93d32a390e&lang=en" defer="defer"></script> <meta name="viewport" content="width=device-width,initial-scale=1" /> <link rel="shortcut icon" href="/lib/tpl/dokuwiki/images/favicon.ico" /> <link rel="apple-touch-icon" href="/lib/tpl/dokuwiki/images/apple-touch-icon.png" /> <meta name="verify-v1" content="OVxl3gsCv2MhZqh1cBQyl0JytWXSwXMjyvwc+4w3WtA=" /> <meta name="google-site-verification" content="YhTVK69hW94ZXUtc2zSLPxTkZKbZIn0zK67mz5WQB-E" />  <script async src="https://www.googletagmanager.com/gtag/js?id=UA-83791-1"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'UA-83791-1', { 'anonymize_ip': true }); </script> </head> <body> <div id="dokuwiki__site"><div id="dokuwiki__top" class="site dokuwiki mode_show tpl_dokuwiki showSidebar hasSidebar">  <header id="dokuwiki__header"><div class="pad group"> <div class="headings group"> <ul class="a11y skip"> <li><a href="#dokuwiki__content">skip to content</a></li> </ul> <h1 class="logo"><a href="/start" accesskey="h" title="Home [h]"><img src="/lib/tpl/dokuwiki/images/logo.png" width="64" height="64" alt="" /><span>DokuWiki</span></a></h1> <p class="claim">It's better when it's simple</p> </div> <div class="tools group">  <div id="dokuwiki__usertools"> <h3 class="a11y">User Tools</h3> <ul> <li class="action login"><a href="/install:permissions?do=login&sectok=" title="Log In" rel="nofollow"><span>Log In</span><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24"><path d="M10 17.25V14H3v-4h7V6.75L15.25 12 10 17.25M8 2h9a2 2 0 0 1 2 2v16a2 2 0 0 1-2 2H8a2 2 0 0 1-2-2v-4h2v4h9V4H8v4H6V4a2 2 0 0 1 2-2z"/></svg></a></li> </ul> </div>  <div id="dokuwiki__sitetools"> <h3 class="a11y">Site Tools</h3> <form action="/start" method="get" role="search" class="search doku_form" id="dw__search" accept-charset="utf-8"><input type="hidden" name="do" value="search" /><input type="hidden" name="id" value="install:permissions" /><div class="no"><input name="q" type="text" class="edit" title="[F]" accesskey="f" placeholder="Search" autocomplete="on" id="qsearch__in" value="" /><button value="1" type="submit" title="Search">Search</button><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form> <div class="mobileTools"> <form action="/doku.php" method="get" accept-charset="utf-8"><div class="no"><input type="hidden" name="id" value="install:permissions" /><select name="do" class="edit quickselect" title="Tools"><option value="">Tools</option><optgroup label="Page Tools"><option value="edit">Edit this page</option><option value="revisions">Old revisions</option><option value="backlink">Backlinks</option></optgroup><optgroup label="Site Tools"><option value="recent">Recent Changes</option><option value="media">Media Manager</option><option value="index">Sitemap</option></optgroup><optgroup label="User Tools"><option value="login">Log In</option></optgroup></select><button type="submit">></button></div></form> </div> <ul> <li class="action recent"><a href="/install:permissions?do=recent" title="Recent Changes [r]" rel="nofollow" accesskey="r">Recent Changes</a></li><li class="action media"><a href="/install:permissions?do=media&ns=install" title="Media Manager" rel="nofollow">Media Manager</a></li><li class="action index"><a href="/install:permissions?do=index" title="Sitemap [x]" rel="nofollow" accesskey="x">Sitemap</a></li> </ul> </div> </div>  <div class="breadcrumbs"> <div class="trace"><span class="bchead">Trace:</span> <span class="bcsep">•</span> <span class="curid"><bdi><a href="/install:permissions" class="breadcrumbs" title="install:permissions">permissions</a></bdi></span></div> </div> <hr class="a11y" /> </div></header> <div class="wrapper group">  <nav id="dokuwiki__aside" aria-label="Sidebar"><div class="pad aside include group"> <h3 class="toggle">Sidebar</h3> <div class="content"><div class="group"> <div class="plugin_translation is-dropdown"><span class="title">Translations of this page<sup><a href="/localization" class="wikilink1" title="localization" data-wiki-id="localization">?</a></sup>: </span><ul><li class="span"><span class="wikilink1" title="English">English (en)</span></li><li class="a"><a class="wikilink2" title="|العربية" href="/ar:install:permissions">|العربية (ar)</a></li><li class="a"><a class="wikilink2" title="Català" href="/ca:install:permissions">Català (ca)</a></li><li class="a"><a class="wikilink2" title="Česky" href="/cs:install:permissions">Česky (cs)</a></li><li class="a"><a class="wikilink2" title="Dansk" href="/da:install:permissions">Dansk (da)</a></li><li class="a"><a class="wikilink1" title="Deutsch" href="/de:install:permissions">Deutsch (de)</a></li><li class="a"><a class="wikilink2" title="Ελληνικά" href="/el:install:permissions">Ελληνικά (el)</a></li><li class="a"><a class="wikilink2" title="Esperanto" href="/eo:install:permissions">Esperanto (eo)</a></li><li class="a"><a class="wikilink2" title="Español" href="/es:install:permissions">Español (es)</a></li><li class="a"><a class="wikilink2" title="فارسی" href="/fa:install:permissions">فارسی (fa)</a></li><li class="a"><a class="wikilink1" title="Français" href="/fr:install:permissions">Français (fr)</a></li><li class="a"><a class="wikilink2" title="עברית" href="/he:install:permissions">עברית (he)</a></li><li class="a"><a class="wikilink2" title="Magyar" href="/hu:install:permissions">Magyar (hu)</a></li><li class="a"><a class="wikilink2" title="Italiano" href="/it:install:permissions">Italiano (it)</a></li><li class="a"><a class="wikilink2" title="日本語" href="/ja:install:permissions">日本語 (ja)</a></li><li class="a"><a class="wikilink1" title="한국어" href="/ko:install:permissions">한국어 (ko)</a></li><li class="a"><a class="wikilink2" title="Lietuvių Kalba" href="/lt:install:permissions">Lietuvių Kalba (lt)</a></li><li class="a"><a class="wikilink2" title="Nederlands" href="/nl:install:permissions">Nederlands (nl)</a></li><li class="a"><a class="wikilink2" title="Norsk" href="/no:install:permissions">Norsk (no)</a></li><li class="a"><a class="wikilink2" title="Polski" href="/pl:install:permissions">Polski (pl)</a></li><li class="a"><a class="wikilink2" title="Português" href="/pt-br:install:permissions">Português (pt-br)</a></li><li class="a"><a class="wikilink2" title="Română" href="/ro:install:permissions">Română (ro)</a></li><li class="a"><a class="wikilink1" title="Русский" href="/ru:install:permissions">Русский (ru)</a></li><li class="a"><a class="wikilink2" title="Српски Језик" href="/sr:install:permissions">Српски Језик (sr)</a></li><li class="a"><a class="wikilink2" title="Svenska" href="/sv:install:permissions">Svenska (sv)</a></li><li class="a"><a class="wikilink2" title="ไทย" href="/th:install:permissions">ไทย (th)</a></li><li class="a"><a class="wikilink2" title="Українська" href="/uk:install:permissions">Українська (uk)</a></li><li class="a"><a class="wikilink1" title="中文" href="/zh:install:permissions">中文 (zh)</a></li><li class="a"><a class="wikilink2" title="繁體中文" href="/zh-tw:install:permissions">繁體中文 (zh-tw)</a></li></ul></div> <p> <strong>Learn about DokuWiki</strong> </p> <ul> <li class="level1"><div class="li"> <a href="/features" class="wikilink1" title="features" data-wiki-id="features">Features</a> & <a href="/blogroll" class="wikilink1" title="blogroll" data-wiki-id="blogroll">reviews</a> </div> </li> <li class="level1"><div class="li"> <a href="/install" class="wikilink1" title="install" data-wiki-id="install">Installation guide</a></div> </li> <li class="level1"><div class="li"> <a href="/manual" class="wikilink1" title="manual" data-wiki-id="manual">User manual</a> & <a href="/wiki:syntax" class="wikilink1" title="wiki:syntax" data-wiki-id="wiki:syntax">syntax</a></div> </li> <li class="level1"><div class="li"> <a href="/changes" class="wikilink1" title="changes" data-wiki-id="changes">Release notes</a></div> </li> <li class="level1"><div class="li"> <a href="/faq" class="wikilink1" title="faq" data-wiki-id="faq">FAQ</a></div> </li> </ul> <p> <strong>Advanced Use</strong> </p> <ul> <li class="level1"><div class="li"> <a href="/extensions" class="wikilink1" title="extensions" data-wiki-id="extensions">Extensions</a></div> </li> <li class="level1"><div class="li"> <a href="/development" class="wikilink1" title="development" data-wiki-id="development">Development manual</a></div> </li> </ul> <p> <strong>Corporate Use</strong> </p> <ul> <li class="level1"><div class="li"> <a href="/faq:support" class="wikilink1" title="faq:support" data-wiki-id="faq:support">Get support</a></div> </li> <li class="level1"><div class="li"> <a href="/donate" class="wikilink1" title="donate" data-wiki-id="donate">Donations</a></div> </li> </ul> <p> <strong>Our Community</strong> </p> <ul> <li class="level1"><div class="li"> <a href="/teams:getting_involved" class="wikilink1" title="teams:getting_involved" data-wiki-id="teams:getting_involved">Get involved</a></div> </li> <li class="level1"><div class="li"> <a href="/dokuinstall" class="wikilink1" title="dokuinstall" data-wiki-id="dokuinstall">Users</a></div> </li> <li class="level1"><div class="li"> <a href="http://forum.dokuwiki.org" class="urlextern" title="http://forum.dokuwiki.org">User forum</a></div> </li> <li class="level1"><div class="li"> <a href="/mailinglist" class="wikilink1" title="mailinglist" data-wiki-id="mailinglist">Development mailinglist</a></div> </li> </ul> <hr /> <p> Follow us on <a href="https://phpc.social/@dokuwiki" class="urlextern" title="https://phpc.social/@dokuwiki">Mastodon</a> and other <a href="/social" class="wikilink1" title="social" data-wiki-id="social">social networks</a>. </p> <p> <a href="/privacy" class="wikilink1" title="privacy" data-wiki-id="privacy">Our Privacy Policy</a> </p> </div></div> </div></nav>  <main id="dokuwiki__content"><div class="pad group"> <div class="pageId"><span>install:permissions</span></div> <div class="page group">   <div id="dw__toc" class="dw__toc"> <h3 class="toggle">Table of Contents</h3> <div> <ul class="toc"> <li class="level1"><div class="li"><a href="#setting_up_file_permissions">Setting up file permissions</a></div> <ul class="toc"> <li class="level2"><div class="li"><a href="#windows_using_microsoft_iis">Windows (using Microsoft IIS)</a></div></li> <li class="level2"><div class="li"><a href="#unix">Unix</a></div> <ul class="toc"> <li class="level3"><div class="li"><a href="#file_permissions_a_short_reminder">File Permissions, a short reminder</a></div></li> <li class="level3"><div class="li"><a href="#which_permissions_to_set">Which permissions to set?</a></div></li> <li class="level3"><div class="li"><a href="#how_to_set_permissions">How to set permissions?</a></div></li> <li class="level3"><div class="li"><a href="#if_things_go_wrong">If things go wrong</a></div></li> <li class="level3"><div class="li"><a href="#tipusing_the_setgid_bit">Tip: Using the setgid Bit</a></div></li> </ul> </li> <li class="level2"><div class="li"><a href="#see_also">See also</a></div></li> </ul></li> </ul> </div> </div>  <h1 class="sectionedit1" id="setting_up_file_permissions">Setting up file permissions</h1> <div class="level1"> <p> <a href="/dokuwiki" class="wikilink1" title="dokuwiki" data-wiki-id="dokuwiki">DokuWiki</a> stores its data in plain text files. To be able to do this, DokuWiki needs sufficient permissions to write to these files. At the same time, leaving the permissions too loose can introduce security risks. </p> <p> DokuWiki is executed by PHP, so the PHP process needs to be able to write to these files. The PHP process usually runs with the permissions of the webserver, so the webserver needs to be able to write to these files. </p> <p> The following permissions must be modified for the respective DokuWiki functions to work: </p> <ul> <li class="level1"><div class="li"> <code>data/</code> directory: All files and directories below must be writable by the web process for DokuWiki to work.</div> </li> <li class="level1"><div class="li"> <code>lib/plugins/</code> directory: This directory must be writable by the web process for the <a href="/plugin:extension" class="wikilink1" title="plugin:extension" data-wiki-id="plugin:extension">Extension Manager</a> to work</div> </li> <li class="level1"><div class="li"> <code>lib/</code> directory: This directory must be readable by the public for style sheets to display. </div> </li> <li class="level1"><div class="li"> <code>lib/tpl</code> directory must be writable for the webprocess to install templates</div> </li> <li class="level1"><div class="li"> <code>conf/</code> directory: generally it's easiest to make this fully writable by the web process. You can follow the details below for a more fine-grained approach.</div> </li> </ul> <p> The following files are copied by the <code>install.php</code> from the respective *.dist files and given the correct permissions for the web process automatically: </p> <ul> <li class="level1 node"><div class="li"> <code>conf/</code> directory, following files must be writable by the web process: </div> <ul> <li class="level2"><div class="li"> <code>local.php</code> (and <code>local.php.bak</code>) for the <a href="/installer" class="wikilink1" title="installer" data-wiki-id="installer">installer</a> and for subsequent web configuration to work.</div> </li> <li class="level2"><div class="li"> <code>users.auth.php</code> and <code>acl.auth.php</code> for the <a href="/acl" class="wikilink1" title="acl" data-wiki-id="acl">ACL</a> web configuration and <a href="/plugin:usermanager" class="wikilink1" title="plugin:usermanager" data-wiki-id="plugin:usermanager">usermanager</a> to work.</div> </li> <li class="level2"><div class="li"> <code>plugins.local.php</code> (and <code>plugins.local.php.bak</code>) for the <a href="/plugin:extension" class="wikilink1" title="plugin:extension" data-wiki-id="plugin:extension">Extension Manager</a></div> </li> </ul> </li> </ul> </div> <div class="secedit editbutton_section editbutton_1"><form class="button btn_secedit" method="post" action="/install:permissions"><div class="no"><input type="hidden" name="do" value="edit" /><input type="hidden" name="rev" value="1734007814" /><input type="hidden" name="summary" value="[Setting up file permissions] " /><input type="hidden" name="target" value="section" /><input type="hidden" name="hid" value="setting_up_file_permissions" /><input type="hidden" name="codeblockOffset" value="0" /><input type="hidden" name="range" value="1-1751" /><button type="submit" title="Setting up file permissions">Edit</button></div></form></div> <h2 class="sectionedit2" id="windows_using_microsoft_iis">Windows (using Microsoft IIS)</h2> <div class="level2"> <p> To make the files in the <code>data</code> and <code>conf</code> directory writable you need to give “Modify” access to the Internet Guest Account (<code>IUSR</code>) or the appropriate web server group (like <code>IIS_WPG</code>). This is done through the right-click context menu on folders and files choosing “Properties” and selecting the “security” tab. </p> <p> A good description with screenshots is available <a href="http://www.enewsletterpro.com/support/permissions.asp" class="urlextern" title="http://www.enewsletterpro.com/support/permissions.asp">here</a>. </p> <p> Note: If you are running PHP under IIS6 with the FastCGI module <a href="http://www.microsoft.com/downloads/details.aspx?FamilyID=2d481579-9a7c-4632-b6e6-dee9097f9dc5&DisplayLang=en" class="urlextern" title="http://www.microsoft.com/downloads/details.aspx?FamilyID=2d481579-9a7c-4632-b6e6-dee9097f9dc5&DisplayLang=en">FastCGI Extension for IIS 6.0</a> the user account that needs the permissions will most likely be “NETWORK SERVICE” rather than the Internet Guest Account </p> <p> For IIS 7/7.5 this will be the application pools account. It is unclear if you can add this via the <abbr title="Graphical User Interface">GUI</abbr>. Try the following: </p> <ul> <li class="level1"><div class="li"> Enter <em>IIS APPPOOL\YourAppPoolName</em> in the Select User or Groups dialog box which is accessible by clicking Add…</div> </li> <li class="level1"><div class="li"> If this doesn't work, consider using the “Users” group local to the machine. This will generally include the Application Pool account. However, it will include any other account added to this local group on the machine, so if that includes users who you would not normally want to have these permissions, this is a less viable option.</div> </li> <li class="level1"><div class="li"> If you can't find or add the account via the <abbr title="Graphical User Interface">GUI</abbr>, consider the 'icacls' command line tool: icacls c:\pathtodirectory /grant “IIS AppPool\yourAppPoolName”:(OI)(CI)F –This will grant full control with propagation to the specified directory. For more info, google ICACLS.</div> </li> </ul> <p> Add this via the <abbr title="Graphical User Interface">GUI</abbr>: <a href="http://technet.microsoft.com/en-us/library/cc771170%28v=ws.10%29.aspx" class="urlextern" title="http://technet.microsoft.com/en-us/library/cc771170%28v=ws.10%29.aspx">http://technet.microsoft.com/en-us/library/cc771170%28v=ws.10%29.aspx</a> </p> <p> Note: Check out the web platform installer v3.0 for the necessary components and add IIS:IP and Domain Restrictions (under products) </p> <p> Running <strong>Windows Server 2008, R2 Standard. IIS 7.5</strong> this worked: <br/> Add a user as described above with the name: COMPUTERNAME\IUSER_COMPUTERNAME and give them full control. The Full Computer Name is ComputerName.Domain.com and the Computer Name was just ComputerName without the domain. Used the Computer Name rather than the Full Computer Name. </p> </div> <div class="secedit editbutton_section editbutton_2"><form class="button btn_secedit" method="post" action="/install:permissions"><div class="no"><input type="hidden" name="do" value="edit" /><input type="hidden" name="rev" value="1734007814" /><input type="hidden" name="summary" value="[Windows (using Microsoft IIS)] " /><input type="hidden" name="target" value="section" /><input type="hidden" name="hid" value="windows_using_microsoft_iis" /><input type="hidden" name="codeblockOffset" value="0" /><input type="hidden" name="range" value="1752-4003" /><button type="submit" title="Windows (using Microsoft IIS)">Edit</button></div></form></div> <h2 class="sectionedit3" id="unix">Unix</h2> <div class="level2"> <p> This will apply if you install DokuWiki on a Linux, MacOS X or other Unix-like system. It is most probably also true for rented web space. </p> <p> Note: under Linux additional file system ACLs (FACL) may apply, confer the commands “getfacl” and “setfacl” – file permissions as described below may be meaningless if there are no rights according to FACLs. </p> </div> <div class="secedit editbutton_section editbutton_3"><form class="button btn_secedit" method="post" action="/install:permissions"><div class="no"><input type="hidden" name="do" value="edit" /><input type="hidden" name="rev" value="1734007814" /><input type="hidden" name="summary" value="[Unix] " /><input type="hidden" name="target" value="section" /><input type="hidden" name="hid" value="unix" /><input type="hidden" name="codeblockOffset" value="0" /><input type="hidden" name="range" value="4004-4372" /><button type="submit" title="Unix">Edit</button></div></form></div> <h3 class="sectionedit4" id="file_permissions_a_short_reminder">File Permissions, a short reminder</h3> <div class="level3"> <p> This is not the place to explain the UNIX file permission system in detail. See <a href="https://en.wikipedia.org/wiki/File_system_permissions" class="interwiki iw_wp" title="https://en.wikipedia.org/wiki/File_system_permissions">Wikipedia</a> for this. Here is just a short refresher: </p> <ul> <li class="level1"><div class="li"> Permissions for a file are dependent of the file's owner and group and the user who tries to access the file</div> </li> <li class="level1"><div class="li"> There are permissions for read, write and execute</div> </li> <li class="level1"><div class="li"> Each UNIX process runs with the permissions of an <abbr title="Operating System">OS</abbr> user and his/her groups</div> </li> <li class="level1"><div class="li"> The web server is a UNIX process</div> </li> <li class="level1"><div class="li"> PHP usually runs as part of the web server</div> </li> <li class="level1"><div class="li"> DokuWiki will run with the permissions of the PHP processor</div> </li> <li class="level1"><div class="li"> DokuWiki needs read, write and execute permissions for directories it needs to create files in</div> </li> <li class="level1"><div class="li"> DokuWiki needs read and write permissions for files it needs to write to</div> </li> <li class="level1"><div class="li"> DokuWiki needs read only permissions for files and directories it doesn't need to write to</div> </li> </ul> <p> To find the user and group your PHP process (web server) run under you could try to run the following PHP script: </p> <pre class="code php"><span class="kw2"><?php</span>   <span class="kw1">if</span><span class="br0">(</span><a href="http://www.php.net/function_exists"><span class="kw3">function_exists</span></a><span class="br0">(</span><span class="st_h">'posix_geteuid'</span><span class="br0">)</span><span class="br0">)</span><span class="br0">{</span> <span class="co1">// use posix to get current uid and gid</span> <span class="re0">$uid</span> <span class="sy0">=</span> <a href="http://www.php.net/posix_geteuid"><span class="kw3">posix_geteuid</span></a><span class="br0">(</span><span class="br0">)</span><span class="sy0">;</span> <span class="re0">$usr</span> <span class="sy0">=</span> <a href="http://www.php.net/posix_getpwuid"><span class="kw3">posix_getpwuid</span></a><span class="br0">(</span><span class="re0">$uid</span><span class="br0">)</span><span class="sy0">;</span> <span class="re0">$user</span> <span class="sy0">=</span> <span class="re0">$usr</span><span class="br0">[</span><span class="st_h">'name'</span><span class="br0">]</span><span class="sy0">;</span> <span class="re0">$gid</span> <span class="sy0">=</span> <a href="http://www.php.net/posix_getegid"><span class="kw3">posix_getegid</span></a><span class="br0">(</span><span class="br0">)</span><span class="sy0">;</span> <span class="re0">$grp</span> <span class="sy0">=</span> <a href="http://www.php.net/posix_getgrgid"><span class="kw3">posix_getgrgid</span></a><span class="br0">(</span><span class="re0">$gid</span><span class="br0">)</span><span class="sy0">;</span> <span class="re0">$group</span> <span class="sy0">=</span> <span class="re0">$grp</span><span class="br0">[</span><span class="st_h">'name'</span><span class="br0">]</span><span class="sy0">;</span> <span class="br0">}</span><span class="kw1">else</span><span class="br0">{</span> <span class="co1">// try to create a file and read its ids</span> <span class="re0">$tmp</span> <span class="sy0">=</span> <a href="http://www.php.net/tempnam"><span class="kw3">tempnam</span></a> <span class="br0">(</span><span class="st_h">'/tmp'</span><span class="sy0">,</span> <span class="st_h">'check'</span><span class="br0">)</span><span class="sy0">;</span> <span class="re0">$uid</span> <span class="sy0">=</span> <a href="http://www.php.net/fileowner"><span class="kw3">fileowner</span></a><span class="br0">(</span><span class="re0">$tmp</span><span class="br0">)</span><span class="sy0">;</span> <span class="re0">$gid</span> <span class="sy0">=</span> <a href="http://www.php.net/filegroup"><span class="kw3">filegroup</span></a><span class="br0">(</span><span class="re0">$tmp</span><span class="br0">)</span><span class="sy0">;</span>   <span class="co1">// try to run ls on it</span> <span class="re0">$out</span> <span class="sy0">=</span> `ls <span class="sy0">-</span>l <span class="re0">$tmp</span>`<span class="sy0">;</span> <span class="re0">$lst</span> <span class="sy0">=</span> <a href="http://www.php.net/explode"><span class="kw3">explode</span></a><span class="br0">(</span><span class="st_h">' '</span><span class="sy0">,</span><span class="re0">$out</span><span class="br0">)</span><span class="sy0">;</span> <span class="re0">$user</span> <span class="sy0">=</span> <span class="re0">$lst</span><span class="br0">[</span><span class="nu0">2</span><span class="br0">]</span><span class="sy0">;</span> <span class="re0">$group</span> <span class="sy0">=</span> <span class="re0">$lst</span><span class="br0">[</span><span class="nu0">3</span><span class="br0">]</span><span class="sy0">;</span> <a href="http://www.php.net/unlink"><span class="kw3">unlink</span></a><span class="br0">(</span><span class="re0">$tmp</span><span class="br0">)</span><span class="sy0">;</span> <span class="br0">}</span>   <span class="kw1">echo</span> <span class="st0">"Your PHP process seems to run with the UID <span class="es4">$uid</span> (<span class="es4">$user</span>) and the GID <span class="es4">$gid</span> (<span class="es4">$group</span>)<span class="es1">\n</span>"</span><span class="sy0">;</span> <span class="sy1">?></span></pre> <p> Alternatively, you can use short script with phpinfo(), see section User/Group in output: </p> <pre class="code php"><span class="kw2"><?php</span> <a href="http://www.php.net/phpinfo"><span class="kw3">phpinfo</span></a><span class="br0">(</span><span class="br0">)</span><span class="sy0">;</span> <span class="sy1">?></span></pre> </div> <h4 id="common_permissions">Common Permissions</h4> <div class="level4"> <p> Here are the most commonly used values for setting permissions on directories and files. </p> <div class="table sectionedit5"><table class="inline"> <thead> <tr class="row0"> <th class="col0"> directories </th><th class="col1 leftalign"> files </th><th class="col2"> result </th> </tr> </thead> <tr class="row1"> <td class="col0"> <code>0700</code> </td><td class="col1"> <code>0600</code> </td><td class="col2"> read/write for owner only. Owner must be the same as the PHP process user. </td> </tr> <tr class="row2"> <td class="col0"> <code>0770</code> </td><td class="col1"> <code>0660</code> </td><td class="col2"> read/write for owner and group. The PHP process user needs to be in the user group </td> </tr> <tr class="row3"> <td class="col0"> <code>0777</code> </td><td class="col1"> <code>0666</code> </td><td class="col2"> read/write for everyone. <strong>Dangerous</strong> because everybody with access to the server may write and delete your files. Use only as a last resort on <em>trusted</em> machines, NOT on a cheap shared hosting server. </td> </tr> </table></div> <div class="secedit editbutton_table editbutton_5"><form class="button btn_secedit" method="post" action="/install:permissions"><div class="no"><input type="hidden" name="do" value="edit" /><input type="hidden" name="rev" value="1734007814" /><input type="hidden" name="summary" value="[Table] " /><input type="hidden" name="target" value="table" /><input type="hidden" name="hid" value="table" /><input type="hidden" name="range" value="6297-6773" /><button type="submit" title="Table">Edit</button></div></form></div> </div> <div class="secedit editbutton_section editbutton_4"><form class="button btn_secedit" method="post" action="/install:permissions"><div class="no"><input type="hidden" name="do" value="edit" /><input type="hidden" name="rev" value="1734007814" /><input type="hidden" name="summary" value="[File Permissions, a short reminder] " /><input type="hidden" name="target" value="section" /><input type="hidden" name="hid" value="file_permissions_a_short_reminder" /><input type="hidden" name="codeblockOffset" value="0" /><input type="hidden" name="range" value="4373-6774" /><button type="submit" title="File Permissions, a short reminder">Edit</button></div></form></div> <h3 class="sectionedit6" id="which_permissions_to_set">Which permissions to set?</h3> <div class="level3"> <p> So, how should you set the permissions of the directories mentioned above? In general you should try to set the permissions as restrictive as possible, but there is no general rule which permissions you need to set for your system. </p> <p> If you have root (super user rights) you can change the owner of files and directories. This means you can change the owner of the DokuWiki files to the web server user (e.g. <code>www-data</code> or <code>nobody</code>) and set the permissions to webserver only access. E.g. <code>0600</code> for files and <code>0700</code> for directories. </p> <p> If you are a normal user you may be a member of the web server group and can change the files to be owned by this group. Then set the files and directories to be writable by this group. E.g. <code>0660</code> for files and <code>0770</code> for directories. </p> <p> If you are alone on the server or running in a completely trusted environment you can simply change the permissions to give everyone access. E.g. <code>0666</code> for files and <code>0777</code> for directories. </p> <p> If you're running on a shared web server it is recommended to contact your web server administrator or hosting support and ask for help and recommendations. Point them to this page and they should know what you need to do. </p> <p> Note: When you found the correct settings for your directories you should change the <a href="/config:fmode" class="wikilink1" title="config:fmode" data-wiki-id="config:fmode">fmode</a> and <a href="/config:dmode" class="wikilink1" title="config:dmode" data-wiki-id="config:dmode">dmode</a> settings to reflect these settings. </p> </div> <div class="secedit editbutton_section editbutton_6"><form class="button btn_secedit" method="post" action="/install:permissions"><div class="no"><input type="hidden" name="do" value="edit" /><input type="hidden" name="rev" value="1734007814" /><input type="hidden" name="summary" value="[Which permissions to set?] " /><input type="hidden" name="target" value="section" /><input type="hidden" name="hid" value="which_permissions_to_set" /><input type="hidden" name="codeblockOffset" value="2" /><input type="hidden" name="range" value="6775-8173" /><button type="submit" title="Which permissions to set?">Edit</button></div></form></div> <h3 class="sectionedit7" id="how_to_set_permissions">How to set permissions?</h3> <div class="level3"> <p> On the command line use <a href="http://man.cx/chmod" class="interwiki iw_man" title="http://man.cx/chmod">chmod</a> for changing permissions, <a href="http://man.cx/chown" class="interwiki iw_man" title="http://man.cx/chown">chown</a> for changing the owner of files and dirs and <a href="http://man.cx/chgrp" class="interwiki iw_man" title="http://man.cx/chgrp">chgrp</a> for changing the group. (Note that chown and chgrp may not be available or function as expected if you use a shared web hosting provider.) </p> <p> When accessing your server through <abbr title="File Transfer Protocol">FTP</abbr>, consult the manual of your <abbr title="File Transfer Protocol">FTP</abbr> tool. Most graphical <abbr title="File Transfer Protocol">FTP</abbr> tools have a dialog to set permissions (often to be found in the right-click context menu). </p> <p> On some UN*X-like systems, you may be able to use filesystem ACLs to allow the PHP user to write to the files as well. For Sun's ZFS, see the <a href="http://docs.sun.com/app/docs/doc/819-5461?l=en" class="urlextern" title="http://docs.sun.com/app/docs/doc/819-5461?l=en">Solaris ZFS Administrator's guide</a> for details. For POSIX-draft compliant filesystems, like Linux ext2/3 or Sun's UFS on Solaris 8 or later, see the man pages for <a href="http://man.cx/setfacl" class="interwiki iw_man" title="http://man.cx/setfacl">setfacl</a> and <a href="http://man.cx/getfacl" class="interwiki iw_man" title="http://man.cx/getfacl">getfacl</a>. </p> <p> Check with your system administrator – some backup systems will ignore ACLs on files. If available, ACLs are more secure than adding the PHP user to your group, giving away the files to the PHP user, or making the files world-writable. </p> </div> <div class="secedit editbutton_section editbutton_7"><form class="button btn_secedit" method="post" action="/install:permissions"><div class="no"><input type="hidden" name="do" value="edit" /><input type="hidden" name="rev" value="1734007814" /><input type="hidden" name="summary" value="[How to set permissions?] " /><input type="hidden" name="target" value="section" /><input type="hidden" name="hid" value="how_to_set_permissions" /><input type="hidden" name="codeblockOffset" value="2" /><input type="hidden" name="range" value="8174-9313" /><button type="submit" title="How to set permissions?">Edit</button></div></form></div> <h3 class="sectionedit8" id="if_things_go_wrong">If things go wrong</h3> <div class="level3"> <p> In certain situations, you may find that you are unable to delete or modify files created by DokuWiki. See <a href="/tips:fixperms.php" class="wikilink1" title="tips:fixperms.php" data-wiki-id="tips:fixperms.php">fixperms.php</a> for a possible solution. </p> </div> <div class="secedit editbutton_section editbutton_8"><form class="button btn_secedit" method="post" action="/install:permissions"><div class="no"><input type="hidden" name="do" value="edit" /><input type="hidden" name="rev" value="1734007814" /><input type="hidden" name="summary" value="[If things go wrong] " /><input type="hidden" name="target" value="section" /><input type="hidden" name="hid" value="if_things_go_wrong" /><input type="hidden" name="codeblockOffset" value="2" /><input type="hidden" name="range" value="9314-9499" /><button type="submit" title="If things go wrong">Edit</button></div></form></div> <h3 class="sectionedit9" id="tipusing_the_setgid_bit">Tip: Using the setgid Bit</h3> <div class="level3"> <p> If you have commandline access to your server, you can use the <code>setgid</code> bit to retain permissions to delete files below the <code>data/</code> directory although they were created by the web server. On directories where the <code>setgid</code> bit is set, newly created files/directories belong to the same group the directory with the <code>setgid</code> belongs to. The following example shows how to achieve such a setup for the user <code>www-data</code> who belongs to the group <code>foo</code>: </p> <ul> <li class="level1 node"><div class="li"> data directory:</div> <ul> <li class="level2"><div class="li"> <code>yourwiki> chmod -R g=rwX,u=rwX,o=rX data/</code></div> </li> <li class="level2"><div class="li"> <code>yourwiki> chown -R www-data:foo data/</code></div> </li> </ul> </li> <li class="level1 node"><div class="li"> everything below the data directory:</div> <ul> <li class="level2"><div class="li"> <code>yourwiki/data> chmod 2775 {attic,cache,index,locks,media,meta,pages,tmp}</code></div> </li> <li class="level2"><div class="li"> <code>yourwiki/data> chown www-data:foo {attic,cache,index,locks,media,meta,pages,tmp}</code></div> </li> </ul> </li> </ul> <p> In order to fully retain correct permissions, you must also change <a href="/config:dmode" class="wikilink1" title="config:dmode" data-wiki-id="config:dmode">dmode</a> to 02775 or similar so that newly created directories will also get the <code>setgid</code> bit set correctly. </p> </div> <div class="secedit editbutton_section editbutton_9"><form class="button btn_secedit" method="post" action="/install:permissions"><div class="no"><input type="hidden" name="do" value="edit" /><input type="hidden" name="rev" value="1734007814" /><input type="hidden" name="summary" value="[Tip: Using the setgid Bit] " /><input type="hidden" name="target" value="section" /><input type="hidden" name="hid" value="tipusing_the_setgid_bit" /><input type="hidden" name="codeblockOffset" value="2" /><input type="hidden" name="range" value="9500-10526" /><button type="submit" title="Tip: Using the setgid Bit">Edit</button></div></form></div> <h2 class="sectionedit10" id="see_also">See also</h2> <div class="level2"> <ul> <li class="level1"><div class="li"> <a href="/security" class="wikilink1" title="security" data-wiki-id="security">Security</a></div> </li> <li class="level1"><div class="li"> <a href="/faq:pageprotect" class="wikilink1" title="faq:pageprotect" data-wiki-id="faq:pageprotect">How do I make specific pages in the wiki read-only?</a></div> </li> </ul> </div> <div class="secedit editbutton_section editbutton_10"><form class="button btn_secedit" method="post" action="/install:permissions"><div class="no"><input type="hidden" name="do" value="edit" /><input type="hidden" name="rev" value="1734007814" /><input type="hidden" name="summary" value="[See also] " /><input type="hidden" name="target" value="section" /><input type="hidden" name="hid" value="see_also" /><input type="hidden" name="codeblockOffset" value="2" /><input type="hidden" name="range" value="10527-" /><button type="submit" title="See also">Edit</button></div></form></div>  </div> <div class="docInfo"><bdi>install/permissions.txt</bdi> · Last modified: <time datetime="2024-12-12T13:50:14+0100">2024-12-12 13:50</time> by <bdi>andi</bdi></div> <hr class="a11y" /> </div></main>  <nav id="dokuwiki__pagetools" aria-labelledby="dokuwiki__pagetools__heading"> <h3 class="a11y" id="dokuwiki__pagetools__heading">Page Tools</h3> <div class="tools"> <ul> <li class="edit"><a href="/install:permissions?do=edit" title="Edit this page [e]" rel="nofollow" accesskey="e"><span>Edit this page</span><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24"><path d="M20.71 7.04c.39-.39.39-1.04 0-1.41l-2.34-2.34c-.37-.39-1.02-.39-1.41 0l-1.84 1.83 3.75 3.75M3 17.25V21h3.75L17.81 9.93l-3.75-3.75L3 17.25z"/></svg></a></li><li class="revs"><a href="/install:permissions?do=revisions" title="Old revisions [o]" rel="nofollow" accesskey="o"><span>Old revisions</span><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24"><path d="M11 7v5.11l4.71 2.79.79-1.28-4-2.37V7m0-5C8.97 2 5.91 3.92 4.27 6.77L2 4.5V11h6.5L5.75 8.25C6.96 5.73 9.5 4 12.5 4a7.5 7.5 0 0 1 7.5 7.5 7.5 7.5 0 0 1-7.5 7.5c-3.27 0-6.03-2.09-7.06-5h-2.1c1.1 4.03 4.77 7 9.16 7 5.24 0 9.5-4.25 9.5-9.5A9.5 9.5 0 0 0 12.5 2z"/></svg></a></li><li class="backlink"><a href="/install:permissions?do=backlink" title="Backlinks" rel="nofollow"><span>Backlinks</span><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24"><path d="M10.59 13.41c.41.39.41 1.03 0 1.42-.39.39-1.03.39-1.42 0a5.003 5.003 0 0 1 0-7.07l3.54-3.54a5.003 5.003 0 0 1 7.07 0 5.003 5.003 0 0 1 0 7.07l-1.49 1.49c.01-.82-.12-1.64-.4-2.42l.47-.48a2.982 2.982 0 0 0 0-4.24 2.982 2.982 0 0 0-4.24 0l-3.53 3.53a2.982 2.982 0 0 0 0 4.24m2.82-4.24c.39-.39 1.03-.39 1.42 0a5.003 5.003 0 0 1 0 7.07l-3.54 3.54a5.003 5.003 0 0 1-7.07 0 5.003 5.003 0 0 1 0-7.07l1.49-1.49c-.01.82.12 1.64.4 2.43l-.47.47a2.982 2.982 0 0 0 0 4.24 2.982 2.982 0 0 0 4.24 0l3.53-3.53a2.982 2.982 0 0 0 0-4.24.973.973 0 0 1 0-1.42z"/></svg></a></li><li class="top"><a href="#dokuwiki__top" title="Back to top [t]" rel="nofollow" accesskey="t"><span>Back to top</span><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24"><path d="M13 20h-2V8l-5.5 5.5-1.42-1.42L12 4.16l7.92 7.92-1.42 1.42L13 8v12z"/></svg></a></li> </ul> </div> </nav> </div>  <footer id="dokuwiki__footer"><div class="pad"> <div class="license">Except where otherwise noted, content on this wiki is licensed under the following license: <bdi><a href="https://creativecommons.org/licenses/by-sa/4.0/deed.en" rel="license" class="urlextern">CC Attribution-Share Alike 4.0 International</a></bdi></div> <div class="buttons"> <a href="https://creativecommons.org/licenses/by-sa/4.0/deed.en" rel="license"><img src="/lib/images/license/button/cc-by-sa.png" alt="CC Attribution-Share Alike 4.0 International" /></a> <a href="https://www.dokuwiki.org/donate" title="Donate" ><img src="/lib/tpl/dokuwiki/images/button-donate.gif" width="80" height="15" alt="Donate" /></a> <a href="https://php.net" title="Powered by PHP" ><img src="/lib/tpl/dokuwiki/images/button-php.gif" width="80" height="15" alt="Powered by PHP" /></a> <a href="//validator.w3.org/check/referer" title="Valid HTML5" ><img src="/lib/tpl/dokuwiki/images/button-html5.png" width="80" height="15" alt="Valid HTML5" /></a> <a href="//jigsaw.w3.org/css-validator/check/referer?profile=css3" title="Valid CSS" ><img src="/lib/tpl/dokuwiki/images/button-css.png" width="80" height="15" alt="Valid CSS" /></a> <a href="https://dokuwiki.org/" title="Driven by DokuWiki" ><img src="/lib/tpl/dokuwiki/images/button-dw.png" width="80" height="15" alt="Driven by DokuWiki" /></a> </div> <div style="margin-top: 2em; font-size:90%" class="dokuwiki"><div style="float:right"><a href="http://www.splitbrain.org/personal#imprint" style="float:right; text-decoration: none; color:#333">Imprint</a></div></div> <style type="text/css"> @media screen { body { padding-top: 30px; } #global__header { position: absolute; top: 0; left: 0; text-align: left; vertical-align: middle; line-height: 1.5; background-color: #333; box-shadow: 0 0 8px rgba(0,0,0,0.5); width: 100%; margin: 0; padding: 5px 20px; -moz-box-sizing: border-box; -webkit-box-sizing: border-box; box-sizing: border-box; white-space: nowrap; overflow: hidden; } #global__header h2 { position: absolute; left: -99999em; top: 0; overflow: hidden; display: inline; } #global__header ul, #global__header li { margin: 0; padding: 0; list-style: none; display: inline; line-height: 1.5; } #global__header a { color: #bbb; text-decoration: none; margin-right: 20px; font-size: 14px; font-weight: normal; } #global__header a:hover, #global__header a:active, #global__header a:focus { color: #fff; text-decoration: underline; } #global__header form { float: right; margin: 0 0 0 20px; } #global__header input { background-color: #333; background-image: none; border: 1px solid #bbb; color: #fff; box-shadow: none; border-radius: 2px; margin: 0; line-height: normal; padding: 1px 0 1px 0; height: auto; } #global__header input.button { border: none; color: #bbb; } #global__header input.button:hover, #global__header input.button:active, #global__header input.button:focus { color: #fff; text-decoration: underline; } } /* /@media */ @media only screen and (min-width: 601px) { /* changes specific for www.dokuwiki.org */ #dokuwiki__header { padding-top: 3em; } #dokuwiki__usertools { top: 3em; } /* changes specific for bugs.dokuwiki.org */ div#container div#showtask { top: 40px; } } /* /@media */ @media only screen and (max-width: 600px) { body { padding-top: 0; } #global__header { position: static; white-space: normal; overflow: auto; } #global__header form { float: none; display: block; margin: 0 0 .4em; } } /* /@media */ @media print { #global__header { display: none; } } /* /@media */ </style> <div id="global__header"> <h2>Global DokuWiki Links</h2> <form method="get" action="https://search.dokuwiki.org/" target="_top"> <input type="text" name="q" title="Search all DokuWiki sites at once" class="input" /> <input type="submit" title="Search all DokuWiki sites at once" value="Search" class="button" /> </form> <ul> <li><a href="https://download.dokuwiki.org" title="Download the latest release" target="_top">Download</a></li> <li><a href="https://www.dokuwiki.org" title="Read the DokuWiki documentation" target="_top">Wiki</a></li> <li><a href="https://forum.dokuwiki.org" title="Ask questions in the DokuWiki forum" target="_top">Forum</a></li> <li><a href="https://irc.dokuwiki.org" title="Check IRC chat logs or join the chat" target="_top">IRC</a></li> <li><a href="https://github.com/splitbrain/dokuwiki/issues" title="Report and track bugs" target="_top">Bugs</a></li> <li><a href="https://translate.dokuwiki.org/" title="Help translating the DokuWiki interface" target="_top">Translate</a></li> <li><a href="https://github.com/splitbrain/dokuwiki" title="Access the most recent git commits" target="_top">Git</a></li> <li><a href="https://xref.dokuwiki.org/reference/dokuwiki/" title="Cross-Reference of the DokuWiki source code" target="_top">XRef</a></li> <li><a href="https://codesearch.dokuwiki.org/" title="Search through the sources of DokuWiki, plugins and templates" target="_top">Code Search</a></li> </ul> </div>  </div></footer> </div></div> <div class="no"><img src="/lib/exe/taskrunner.php?id=install%3Apermissions&1743400446" width="2" height="1" alt="" /></div> <div id="screen__mode" class="no"></div></body> </html>