library/core/functions.general.php:1362: function IsWritable($Path) {
You need to wrap you mind around the owner of the file. vs. the permissions that occur when viewing a webpage.
if you have 7 as the first number and the ownership of the file or folder is the same as the id of the owner the is running the webpage process. then they have write permission and the setting the remove button shows up.
if they don't match it won't show up unless the group permissions are writeable or the other is writeable.
try a tutorial on on unix permissions and it will be clearer.
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
@peregrine Yes I am trying to wrap my mind around it, I should have those permissions as I had them before the plugins got wiped, now they did something to this forum that I do not have the same permissions, I do not see the remove button in the dashboard of this install anymore.
if you have 7 as the first number and the ownership of the file or folder is the same as the id of the owner the is running the webpage process. then they have write permission and the setting the remove button shows up.
yes I understand that , which is what is so strange, I did not touch any permissions .
On my other domains under this main domain, they all have the remove buttons. I used to have them too on this one... but after they put the plugins from backup back in the permissions were changed somehow because the buttons do not show up anymore and noticed the problem deleting files.
call your host to get what you want done.
Yes I did, specially after paying them 80 bucks...they saved the plugins but screwed something in the process..
then read a unix tutorial on ownership and permissions. it will be clearer.
already on it. I was sure I had ownership and it was the same but it is possible that they own the plugins folder they put back in? since they fished it out of their back up ?
I hope jesus can help, or whoever they(host) mean by higher authority....
@vrijvlinder The function IsRemovable checks to see if the php execution user has file write permissions for that plugin folder in the operating system.
$this->Permission('Garden.Settings.Manage'); checks the currently logged in Vanilla user for Garden permissions.
Ok I understand that part, what I am saying is that if this is correct that In order to get the delete buttons one must have full ownership in all levels, then I did have it before the plugin folder was wiped by deleting one plugin, and when they replaced the folder with the plugins from their back up , I no longer have the same ownership on that domain, but I still have full ownership on the other subdomains stored in the same place in subdirectories , since I do get the delete button in the dashboard.
I tested those and they work fine....I deleted a plugin from the dashboard on every instal and it was fine.
Do I understand correctly?
I had full permissions and now I don't ?
That still does not explain how the folder got deleted without even a confirm pop up to be sure? It just deleted and refreshed. No confirm dialog.
You still are not understanding the concept.
read up on processes and lookup google "top unix command" and unix process ids.
You need to wrap your head around "owner" in when the webserver does its thing to run the php script or cgi or whatever the webserver is doing. It is a process. In simplest terms all processses run with an owner
PROCESS OWNERSHIP or "USER"
when someone clicks a web page on your server a process gets run
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
60008 www-data 20 0 55352 17m 4204 S 31.7 0.9 0:08.52 apache2
in the column USER - "www-data" is the owner of the process.
therefore when i run a web page the owner is www-data
FILE PERMISSIONS
- owner permissions for files and folders
lets say you have a folder or file called "Testing"
owner group filename permissions
www-data blah Testing 777
www-data has owner permissions - this is the first number e.g. 7xx 6xx 4xx
7 6 and 4 refer to permissions that are additive
rwx - read write execute
read = 4
write = 2
execute = 1
if something has only read permissions it will have 4
if something has write permissions it will have 2
if something has read and write permissions, it has 6
if something has read and execute but not write it has 5
if something has read write execute it is 7
www-data is also in a group (in this example blah).
owner group filename permissions
www-data blah Testing 777
x7x
the process has permissions to affect the file (read write or execute) because the user www-data is in the blah group and the file is in group blah as well.
------
so what all this means is if the process apache2 has an owner www-data it can do what ever the file permissions allow on files owned by user id www-data
the first number in the xxx <b>7</b>77
so what all this means is if the process apache2 is in group "blah" it can do what ever the file permissions allow on files with group id "blah"
the second number in the xxx 7<b>7</b>7
so if the plugins folder is owned by www-data and the apache process is running under user www-data then the permissions based on the first number are what concern you.
so if the plugins folder is owned by vrjvlinder and vrjvlinder is in group "blah"
the group permissions apply (second number of triplet)
the apache process is owned by www-data and www-data is in group blah.
the first number is a moot point the apache process can't affect the file based on first number (different process owner (www-data) and file owner (vrjvlinder), it then needs to see if vrjvlinder and www-data owner (uids) are both part of the blah group
so because both the process and file are both matched (both part of blah group)
we look at the second number in the triplet x7x
x7x is rwx (the write bit is set)
if it was x5x is r-x (the write bit is not set)
if neither the owner or group match we look at the other group - this is anything
so
xx7 mean process can read write execute any file or rename delete or add to a folder with xx7 permissions
xx5 means process can write to the file or delete it (because the write bit is on)
if you have write privilieges (it is essentially means you can delete as well
so in summary if the apache process is www-data uid
and the
owner of folder www-data plugin/testplugin is 700
then the remove setting will show up because the file is writeable by the process owner
(we dont care about the last two numbers of triplet because the first matches)
if the "joe" is the owner of folder plugin/testplugin with permissions 700 they are different owners (joe and process owner www-data of apache)
the remove will not show up if we were only looking at the first number
---
so we next
look to match group permissions
apache process is still www-data in the group blah
owner group filename permissions
www-data blah Testing 070 writeable because of group match
vrjvlinder blam Testing2 070 not writeable because of group of process doesn't match group of file
if x7x and the group id of the folder is blah
it will show up as remove plugin
go to top and read again
repeat 20 times.
its a tricky concept.
so you need to know what the owner of the process that displays your web page
and the id or the owner that owns the file
this still doesn't explain what happened, but until you understand the concept of permissions and owner of both process and file you will always be at a bit of a loss.
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
Yes I think I understand that, the link you gave explained it well. owner is a movable position depending on who is using the data at the time. Server needs to be owner when serving the files etc. The process is what gets ownership.
I do understand p thanks for the more in depth explanation . And yes it does not explain what happened to the plugins after deleting one. I can appreciate the whole ownership deal better now.
The end result is that they (host) changed something . After putting the folder back.
This result is kind of explained in the link you posted. When you place a file that you are not owner of into the file system it resets the permissions of all the folders or something like that to the default 755 or 644 .
It is alarming what they say about 777. The whole thing was a real nightmare to have happened to me. Not knowing why it happened is stressful ...
I hope the host can figure out what they did and restore it like it was.
My stress level hit max and I still have not come down
I tried to find out about their system but all they say in the about fat cow, is they use debian , no mention about if it's linux or other. I think it is linux , who the hell would use windows? but I will find out when I talk to them tomorrow to find out what is happening.
all you have to do is put phpinfo() in a php program on your hosts server and it gives you al the vital info - e.g. user group of apache process, os the server is runnning, all the php modules.
@hgtonight said:
You should also be able to figure out the user of php on your server with <?php pass_thru ("whoami"); ?>
if your host has this mod enabled.
mod_auth_passthrough
or you could try this if your host allows system calls/
<?php system("id");?>
in filezilla you can see group and id ownership on your folders and files.
if you right click on the horizontal bar that says filename you will see an option for which columns to print out. select owner/group.
also if you create your own ubuntu server at home you could use gftp or any other unix transfer utility to see folder permissions, groups and owners on the remote system.
I highly recommend creating your own ubuntu server at home on an old pc. you'll learn a whole lot and you seem to like to learn rather than getting "quick fixes" without learning.
depending on the environment phpinfo will display user and group of process of who is the perceived user and group running the web-page. In your case it doesn't display user and group but it certainly shows system characteristics and mods to php.
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
Yea learning is like drugs to me lol give me more more more knowledge!!
I hate "quick fixes" without learning. That would mean I would never be self-reliant , everything you learn should serve you at least once or twice afterwards if not for ever.
I will try what you suggest, can't do the home server atm I am in Mexico and only have my mac with me this time. But when I get back home I will.
Answers
V,
modules/class.settingsmodule.php:45:
$IsRemovable = IsWritable(PATH_PLUGINS . DS . $PluginFolder);
library/core/functions.general.php:1362: function IsWritable($Path) {
You need to wrap you mind around the owner of the file. vs. the permissions that occur when viewing a webpage.
if you have 7 as the first number and the ownership of the file or folder is the same as the id of the owner the is running the webpage process. then they have write permission and the setting the remove button shows up.
if they don't match it won't show up unless the group permissions are writeable or the other is writeable.
try a tutorial on on unix permissions and it will be clearer.
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
From applications dashboard controllers settings controller
/** * Remove an addon. * * @since 2.0.0 * @access public * @param string $Type Application or plugin. * @param string $Name Unique ID of app or plugin. * @param string $TransientKey Security token. */ public function RemoveAddon($Type, $Name, $TransientKey = '') { $RequiredPermission = 'Undefined'; switch ($Type) { case SettingsModule::TYPE_APPLICATION: $Manager = Gdn::Factory('ApplicationManager'); $Enabled = 'EnabledApplications'; $Remove = 'RemoveApplication'; $RequiredPermission = 'Garden.Applications.Manage'; break; case SettingsModule::TYPE_PLUGIN: $Manager = Gdn::Factory('PluginManager'); $Enabled = 'EnabledPlugins'; $Remove = 'RemovePlugin'; $RequiredPermission = 'Garden.Plugins.Manage'; break; } $Session = Gdn::Session(); if ($Session->ValidateTransientKey($TransientKey) && $Session->CheckPermission($RequiredPermission)) { try { if (array_key_exists($Name, $Manager->$Enabled()) === FALSE) { $Manager->$Remove($Name); } } catch (Exception $e) { $this->Form->AddError(strip_tags($e->getMessage())); } } if ($this->Form->ErrorCount() == 0) Redirect('/settings/plugins'); }❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
@peregrine Yes I am trying to wrap my mind around it, I should have those permissions as I had them before the plugins got wiped, now they did something to this forum that I do not have the same permissions, I do not see the remove button in the dashboard of this install anymore.
The others have it and work.
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
call your host to get what you want done.
then read a unix tutorial on ownership and permissions. it will be clearer.
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
yes I understand that , which is what is so strange, I did not touch any permissions .
On my other domains under this main domain, they all have the remove buttons. I used to have them too on this one... but after they put the plugins from backup back in the permissions were changed somehow because the buttons do not show up anymore and noticed the problem deleting files.
Yes I did, specially after paying them 80 bucks...they saved the plugins but screwed something in the process..
already on it. I was sure I had ownership and it was the same but it is possible that they own the plugins folder they put back in? since they fished it out of their back up ?
I hope jesus can help, or whoever they(host) mean by higher authority....
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
I meant to correct it so you can manipulate the file somehow.
this might help you wrap your head around ownership.
http://serverfault.com/questions/357108/what-are-the-best-linux-permissions-to-use-for-my-website
https://drupal.org/node/244924
I don't know what your server OS is, I forgot. I only understand unix/linux. I don't fool around with windows or other OS's
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
@vrijvlinder The function
IsRemovablechecks to see if the php execution user has file write permissions for that plugin folder in the operating system.$this->Permission('Garden.Settings.Manage');checks the currently logged in Vanilla user for Garden permissions.Search first
Check out the Documentation! We are always looking for new content and pull requests.
Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.
Ok I understand that part, what I am saying is that if this is correct that In order to get the delete buttons one must have full ownership in all levels, then I did have it before the plugin folder was wiped by deleting one plugin, and when they replaced the folder with the plugins from their back up , I no longer have the same ownership on that domain, but I still have full ownership on the other subdomains stored in the same place in subdirectories , since I do get the delete button in the dashboard.
I tested those and they work fine....I deleted a plugin from the dashboard on every instal and it was fine.
Do I understand correctly?
I had full permissions and now I don't ?
That still does not explain how the folder got deleted without even a confirm pop up to be sure? It just deleted and refreshed. No confirm dialog.
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
PROCESS OWNERSHIP or "USER"
lets say you have a folder or file called "Testing"
owner group filename permissions
www-data blah Testing 777
owner group filename permissions
www-data blah Testing 777
if it was x5x is r-x (the write bit is not set)
look to match group permissions
owner group filename permissions
www-data blah Testing 070 writeable because of group match
vrjvlinder blam Testing2 070 not writeable because of group of process doesn't match group of file
so you need to know what the owner of the process that displays your web page
and the id or the owner that owns the file
this still doesn't explain what happened, but until you understand the concept of permissions and owner of both process and file you will always be at a bit of a loss.
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
@peregrine
Yes I think I understand that, the link you gave explained it well. owner is a movable position depending on who is using the data at the time. Server needs to be owner when serving the files etc. The process is what gets ownership.
I do understand p thanks for the more in depth explanation . And yes it does not explain what happened to the plugins after deleting one. I can appreciate the whole ownership deal better now.
The end result is that they (host) changed something . After putting the folder back.
This result is kind of explained in the link you posted. When you place a file that you are not owner of into the file system it resets the permissions of all the folders or something like that to the default 755 or 644 .
It is alarming what they say about 777. The whole thing was a real nightmare to have happened to me. Not knowing why it happened is stressful ...
I hope the host can figure out what they did and restore it like it was.
My stress level hit max and I still have not come down
I tried to find out about their system but all they say in the about fat cow, is they use debian , no mention about if it's linux or other. I think it is linux , who the hell would use windows? but I will find out when I talk to them tomorrow to find out what is happening.
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
all you have to do is put phpinfo() in a php program on your hosts server and it gives you al the vital info - e.g. user group of apache process, os the server is runnning, all the php modules.
debian is a flavor of linux.
phpinfo() is your friend.
http://kb.mediatemple.net/questions/764/How+can+I+create+a+phpinfo.php+page?#gs
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
You should also be able to figure out the user of php on your server with <?php pass_thru ("whoami"); ?>
Search first
Check out the Documentation! We are always looking for new content and pull requests.
Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.
cool here it is ! well I think I will pm this to you it contains way too much info
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
<?php system("id");?>if your host has this mod enabled.
mod_auth_passthrough
or you could try this if your host allows system calls/
in filezilla you can see group and id ownership on your folders and files.
if you right click on the horizontal bar that says filename you will see an option for which columns to print out. select owner/group.
also if you create your own ubuntu server at home you could use gftp or any other unix transfer utility to see folder permissions, groups and owners on the remote system.
I highly recommend creating your own ubuntu server at home on an old pc. you'll learn a whole lot and you seem to like to learn rather than getting "quick fixes" without learning.
depending on the environment phpinfo will display user and group of process of who is the perceived user and group running the web-page. In your case it doesn't display user and group but it certainly shows system characteristics and mods to php.
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
Yea learning is like drugs to me lol give me more more more knowledge!!
I hate "quick fixes" without learning. That would mean I would never be self-reliant , everything you learn should serve you at least once or twice afterwards if not for ever.
I will try what you suggest, can't do the home server atm I am in Mexico and only have my mac with me this time. But when I get back home I will.
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
well did system or pass-thru give you any information.
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
Going to do try that now, I had to go to the store ....
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
@peregrine this is what I get with the <?php system("id");?>
uid=1492896(moo.vrijvlinder) gid=15010(cgiuser) groups=15020,15010(cgiuser)
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
Something very odd here look at the permissions for the plugins, the only plugin with permissions is the one I just installed .
they should all have 1492896 15010
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
this is why I disagree either touching the folders at all or attempting to set their permissions.
do you use any javascript minfier?
grep is your friend.