Chamilo, new course, error about group permissions
There is a common problem appearing when installing a new Chamilo portal that I have seen a lot recently, so I thought I’d share the details here.
When installing Chamilo on a cPanel-kind-of-hosting, it might happen that you complete the installation, but when you want to enter a newly-created course, an ugly error appears. Something of the likes of:
Internal Server Error
or, if you are lucky
/…/courses/COURSECODE/index.php cannot be displayed because it is writable by the group.
Either way, those two error message precisely when the URL of your browser shows http://your-domain-name/courses/YOURCOURSECODE/index.php mean that you have a “secured” version of Linux.
This implies that for any PHP script that you want to execute, this message will appear if the script is writable by any other user than the owner of the file.
In a cPanel system, you will see that this file (and possibly the directory it’s in) have write permissions for the group.
The permissions syntax
I’m reviewing basic stuff here, so if you know about UNIX permissions or just don’t want to know, just skip to the next section.
This is represented by the permissions indicator
which can be translated as: the owner can read, write and execute this script, the owner *group* can read, write and execute this script, and all other users can read the script, but not write or execute it.
The write permission gives you the right to edit the file, but you need a write permission on the containing *folder* to actually create or remove this file.
Anyway, so the risk is that, by letting too many people access this script, it could be used (and modified) by a cracker (an evil hacker) to execute his code instead of yours on your server.
Fixing the problem now on the server
Now the quick fix is to read carefully the error message and change the permissions accordingly. The server tells us that this script cannot be opened because it is writable by the group. So all we need to do is remove the write permission on this file. Just click on whatever option allows you to change the permissions on that cPanel and remove the write permission for the group.
This should result in your file’s new permissions to look like this:
If the server bothers you with write permissions about the directory, you need to set the directory’s permissions to
Execution permissions are needed to read inside this directory (and get to index.php).
This should solve your problem for this course. Now you want to avoid doing that for all courses to come, don’t you? Read on…
Fixing the problem for the future from inside Chamilo
Since Dokeos 1.8.4 (or a little before that), we added a few settings inside the database that lets you mention what type of permissions you want new files and directories to use. Well, this is precisely one case for which we did that.
You want to head towards your “Portal Administration” tab, “Platform” section, “Configuration settings” link, then “Security”, then the “Permissions for new directories” and “Permissions for new files” settings. By default, these are set to 0777 and 0666. Considering you want the groups not to have write permissions, and considering 0777 is representing rwxrwxrwx and 0666 is representing rw-rw-rw-, you just want to change these to 0555 and 0444 respectively.
That’s it, you can now create a new course without having to worry about files permissions!