Add this to a project to be able to easily manage file and directory permissions.
The files in a web app are likely to require writeable and/or executable permissions on some files, but not most. Further, these permissions may need to be more permissive in development environments. It's time-consuming and may be confusing to keep all this in order. This tool allows you to set a baseline and then be only as permissive as necessary. It allows different configuration based on an environment. The management is simply to add paths or globs to a YAML or JSON file and then run the controller.
This project does not handle ownership of files, by design. It assumes proper owner and group on all files, and merely sets the octal permissions.
-
Because this is an unpublished package, you must define it's repository in your project's composer.json file. Add the following to composer.json in the
repositoriesarray:{ "type": "github", "url": "https://github.com/aklump/gitignore" }, { "type": "github", "url": "https://github.com/aklump/easy-perms" } -
Require this package:
composer require aklump/easy-perms:^0.0 -
Proceed to installing the controller.
For security, install this above web root, and not in a location accessibly by the web.
- See snippet below...
- Copy the correct controller and commit to source control.
- The correct controller is init/controller.sh or if you used
create-projectthen you must use init/controller--create-project.sh.
mkdir -p ./bin/config
cp ./vendor/aklump/easy-perms/init/controller.sh ./bin/perms
chmod u+x ./bin/perms
cp ./vendor/aklump/easy-perms/init/perms.yml ./bin/config/perms.ymlIf composer require fails, that is, if the dependencies of this project conflict with your application, you should install this using composer create-project, which creates a stand-alone installation. Copy and paste the following code, executed most likely from your
repository root, and certainly above web root.
composer create-project aklump/easy-perms:^0.0 --repository="{"type":"github","url": "https://github.com/aklump/easy-perms\"}"
The controller and configuration is altered slightly to the following:
mkdir -p ./bin/config
cp ./easy-perms/init/controller--create-project.sh ./bin/perms
chmod u+x ./bin/perms
cp ./easy-perms/init/perms.yml ./bin/config/perms.ymlWith this method the only update path is to remove and then reinstall aklump/easy-perms, repeating the create-project process.
Running composer update will only update the dependencies and not aklump/easy-perms itself.
- Open bin/config/perms.yml, familiarize yourself with it, then make adjustments as necessary.
- Add paths and path globs to each of:
default, readonly, writeable, executableas is appropriate to your project.
-
The pattern matching rules are the same as used in gitignore
-
Double asterix is supported, e.g.
/foo/**/*.php. -
If the path ends in a forward-slash
/then only directories are matched, e.g./foo/bar/*/ -
If the path does not end in a forward slash then both files and directories are matched, e.g.
/foo/bar/* -
Use this tool to visualize your configuration.: https://www.digitalocean.com/community/tools/glob
To apply the configured permission to your project at any time, execute the controller like this:
$ bin/perms -v
Checking bin/bind_book.sh
Checking bin/easy-perms
Checking bin/run_unit_tests.sh
Checking vendor/bin/phpunit
0770 🛠 app.php
0770 🛠 bin/bind_book.sh
0770 🛠 bin/run_unit_tests.sh
0770 🛠 vendor/bin/phpunit
Completed in 0.01 seconds.
Permission setting was successful.Paths will print only if their permissions were changed. If you want to see more (as shown above), use the verbose option -v.
If permissions are failing to set, try manually resetting all paths to 0755, e.g. chmod -R 0755 * (or sudo chmod -R 0755 * if necessary) from the application root.
Now execute the controller and the permissions should apply correctly.
- If a directory does not have execute permissions, then you cannot change permissions on it's contents.
- Symlinks may cause some unexpected output depending upon how you write your configuration. More specifically it may appear that the same file keeps having the perms set. This is not to worry and things are most likely working correctly on the backend.
