1

When I am trying to use Gii Controller Generator I get:

file_put_contents(.../gii-1.1.14/ControllerCode.php): failed to open stream: Permission denied

I have created a Yii demo project as a root so I recursively changed yiidemo(project's folder) owner and group to 'web-data'. I left permissions unchanged. This didn't help.

Then I have recursively changed permissions inside this folder to 777. All worked.

I've tried different combinations(eg. dir/file: 755/644) for directories/files but none worked. I know that 777 is not the best solution. How do I find the optimal working permissions combination for this case?

Alan
  • 1,322
  • 1
  • 21
  • 36

1 Answers1

4

when using Gii it creates new files in protected directory. In other words php and apache needs to write in your protected dir.

By default, for security reasons, Gii is configured to be accessible only on development (localhost). Therefore, it should only be installed on a development machine. Because it can generate new PHP script files in the application, we should pay sufficient attention to its security measures (e.g. password, IP filters). If you want to make it accessible on other trustable computers, you can configure the Gii Module like .

return array(
......
'modules'=>array(
    'gii'=>array(
        'class'=>'system.gii.GiiModule',
        'password'=>'pick up a password here',
        // 'ipFilters'=>array(...a list of IPs...),
        // 'newFileMode'=>0666,
        // 'newDirMode'=>0777,
    ),
),
);

Because Gii may generate and save new code files in the existing application, we need to make sure that the Web server process has the proper permission to do so. The above GiiModule::newFileMode and GiiModule::newDirMode properties control how the new files and directories should be generated.

for permission you can change your protected owner:group using:

$ sudo chown yourUserName:www-data path/to/protected
$ sudo chmod 775 path/to/protected -R

read more about gii here

user468891
  • 321
  • 3
  • 11
  • Sorry for late reply. I was trying to make it work. So now I have `drwxrwxr-x 3 {me} www-data 4096 Mai 5 22:12 runtime` which is in protected and I get an error `Application runtime path "/opt/lampp/htdocs/helloworld/protected/runtime" is not valid. Please make sure it is a directory writable by the Web server process.` all 'helloworld' directory is owned by {me}:www-data with permissions 775. Changig owners to `www-data:www-data` does not fix the problem. What else can I do? – Alan May 06 '14 at 21:42
  • Again, everything works with 777 permissions set for `protected`. It seems as server process runs outside `www-data` group. But then who shall I set as a group to avoid setting 777? Or(if I understand you well) should I leave 777 on development machine and then change to 775 on production one? – Alan May 06 '14 at 22:03