Site: US UK AU |
Nexcess Blog

Posts by: Chris

Magento 2.0.6+ now available with improved permissions

June 16, 2016 2 Comments RSS Feed

The problem

Magento 2 aimed to augment the security of its predecessor. One such improvement set the default permissions on certain static files to be stricter than normal. This had the unintended side effect of preventing default versions of Magento 2 from functioning on some systems, some of which we host.

Before v. 2.0.6, Magento 2 set permissions of some files to 640 and some directories to 750. These permissions restrict read-access and write-access to the owner of those files and directories, meaning other users have no access. While this successfully tightens permissions, it is incompatible with systems that rely on a web server’s ability to read and write to these files.

For example, many Magento sites use Apache or Nginx with PHP-FPM. In this setup, PHP-FPM runs as the file-owning user, and Apache or Nginx function as separate users and therefore had no file access. This prevented these systems from functioning properly with default Magento 2 installations running versions older than 2.0.6.

Read more

Posted in: Magento