Details
-
Type:
Bug
-
Status: Done/Fixed
-
Priority:
Major
-
Resolution: Cannot Reproduce
-
Affects Version/s: 4.2.9
-
Fix Version/s: 4.4.0
-
Component/s: Core CiviCRM
-
Labels:None
Description
-
- Problem:
If CiviCRM does not have write permissions for the CiviCRM extensions directory, then it silently fails to search for extensions in that directory.
I found the problem by combing through strace output, and found this:
0.000421 access("sites/all/civicrm/extensions", W_OK) = -1 EACCES (Permission denied)
-
- Solution:
When I enabled write access for that directory, things worked correctly.
- For the purposes of adding a manually installed module, CiviCRM should not need, nor assume that it has, write access to this directory. The extensions directory should be opened in a read only mode.
- If there's an error, it should be reported. The web page should indicate that there was an error, and detail like file paths should go into the logs.
- In order that security can be locked down, it should not be necessary for civicrm to have write access to sub-directories of the extensions directory. The cache and tmp directories would be better located in a location outside the web root, like /tmp perhaps. Probably the location needs to be configurable.
- It would be nice to be able to add permissions using drush, and therefore as a user who has write access where the web user does not.
-
- Related?