Required permissions

padams edited this page Jan 28, 2015 · 1 revision

Files and directories stored on your server have different permissions that enable users and other programs to read/write/execute the code contained in the files. The following permissions must be in place for OWA to operate correctly

Table of Contents

Base Directory (/path/to/owa)

The files and directories within OWA's base directory (/path/to/owa) requires read, write and execute permissions for your user account.

On a Unix server the most likely permission mode is 0750. However, depending on your web server/php setup a more permissive mode of 0755 may required.

If your web server or cgi process runs under a different user account, then read, write, and execute permissions are also required for the group that the web server user account belongs to. Group Write privileges for the base directory can be revoked once installation is complete or even before installation if you are willing to create your owa-config.php file manually. However, write privileges must remain in effect for OWA's data directory (see below).

Data Directory (path/to/owa/owa-data)

The files and directories within OWA's data directory (/path/to/owa/owa-data) requires read and write permissions for whatever user account your web server or cgi process is running under.

NOTE: If your web server or cgi process is not running as your user account then you will need to assign and grant write permissions to a group that includes the user account that the web server/cgi runs under.

Configuration File (owa-config.php)

OWA's configuration file owa-config.php must be readable by the user account that your webserver/cgi runs under.

NOTE: if you are running OWA under on a server shared by other users you should change the permissions of your owa-config.php file to mode 0750 (or even 0700) so that it is not readable by other users.

Command Line Interface (cli.php)

OWA's command line interface script cli.php should be readable and executable only by your user account. Change the permission mode of this file to 0700 to prevent unauthorized access to the CLI in shared server environments.