X-Payments:Setting up file permissions for X-Payments

From X-Payments Help
Jump to: navigation, search
X-Payments user manual
  1. X-Payments:General information
  2. What's New
  3. System requirements
  4. Installation
  5. Two-factor user authentication
  6. Configuring X-Payments
  7. Managing users
  8. Customizing the interface
  9. Managing payments
  10. Unistalling X-Payments
  11. Upgrading
  12. Moving X-Payments from one host to another
  13. Viewing X-Payments logs
  14. FAQ
  15. Troubleshooting
  16. Glossary
  17. Supported payment gateways

General info

The exact set of file permissions would depend on whether the scripts are run in the privileged mode or non-privileged mode. The privileged mode means that scripts are run under the user who is the owner of the files while in the non-privileged mode scripts are run under a different user. This implies two different approaches to setting up file permissions:

  • In the privileged mode, permissions must be granted to the owner of the files only as the scripts run under that user. Permissions for the members of the files' group and other users must be disabled then.
  • In the non-privileged mode, permissions must be granted to the owner of the files, members of the files' group and other users who are not the owner of the file or members of the group.

On the Apache web server running on a UNIX-like operating system you can find out the current mode by running in a web browser the PHP script below. The script will display two user names: the name of the script owner who put the files to the server through FTP or SSH, and the name of the user who runs the scripts. If the two names coincide, the privileged mode is enabled; otherwise, you work in the non-privileged mode.

<?php

$processUser = posix_getpwuid(posix_geteuid());

print get_current_user() . " / " . $processUser['name'];

?>

On a UNIX-like operating system file permissions for a file are changed through the the following shell command.

chmod <permissions_code> <file_path>

The permissions_code part must be a three-digit number where each digit represents a different component of the permission set: file owner, members of the group who the file owner belongs to and other users who are not the file owner or group members. Each digit is a sum of three digits, which can be 0 (no permission), 1 (execute a file or search in a directory), 2 (write) or 4 (read). Below is a list of all available values and their meaning:

  • 0 : No permission
  • 1 : Execute/search
  • 2 : Write
  • 3 : Write and execute/search
  • 4 : Read
  • 5 : Read and execute/search
  • 6 : Read and write
  • 7 : Read, write and execute/search

For example, the permissions code 740 for a file would mean that the file owner can read, write and execute the file (7), the group members can only read the file (4) and other users can do nothing with the file (0); the permissions code 511 for a directory would mean that the file owner read the contents of the directory and search in the directory (5) while the group members and other users can only search in the directory (1).

Setting up file permissions for X-Payments files and directories

Scripts and directories containing scripts

Privileged Mode Non-privileged Mode
Directories: 711
  • Owner: read, write and search
  • Group: search
  • Other: search

Files: 600

  • Owner: read and write
  • Group: no permission
  • Other: no permission
Directories: 755
  • Owner: read, write and search
  • Group: read and search
  • Other: read and search

Files: 644

  • Owner: read and write
  • Group: read
  • Other: read

These permissions must be set for all directories except the following ones:

- <xp-dir>/var - <xp-dir>/public - <xp-dir>/lib/XPay/Skin - <xp-dir>/lib/XPay/Templates

For these ones the permissions should be adjusted as follows:

Privileged Mode Non-privileged Mode
Directories: 711
  • Owner: read, write and search
  • Group: search
  • Other: search

Files: 644

  • Owner: read and write
  • Group: read
  • Other: read
Directories: 777
  • Owner: read, write and search
  • Group: read, write and search
  • Other: read, write and search

Files: 666

  • Owner: read and write
  • Group: read and write
  • Other: read and write

The general set of shell commands which adjust the necessary permissions is listed below:

Privileged Mode

$ find . -name '*' -type d -exec chmod 0711 {} \;
$ find . -name '*' -type f -exec chmod 0600 {} \;
$ chmod -R 755 var public lib/XPay/Templates lib/XPay/Skin

Non-privileged Mode

$ find . -name '*' -type d -exec chmod 0755 {} \;
$ find . -name '*' -type f -exec chmod 0644 {} \;
$ chmod -R 777 var public lib/XPay/Templates lib/XPay/Skin
$ chmod 644 .htaccess public/.htaccess

Those commands should be executed from the X-Payments root directory.