Magento Forums
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Will a locked-down app/etc folder cause cron jobs to complain?

SOLVED
Go to solution
‎01-02-2016 04:17 AM
‎01-02-2016 04:17 AM

Will a locked-down app/etc folder cause cron jobs to complain?

Hello Allan

 

First off, much appreciated for this great eCommerce platform. Clearly a great deal of work went into this project! Very grateful to Magento for making this amazing platform available to the public. So far so good on my side..... other than struggling understanding how adding products works (lol); attribute sets, configurable product, etc. Lots to learn!

 

My question:

 

RE min. Security requirement: I've followed the official installation notes to the letter and successfully managed to get the platform up and running. Below are the perms that I set to the application + removing the write perms to the app/etc folder as per (installation-script) recommendation. However, when I utilize the readiness check I have a flag reminding me of what I've already done.

 

Will the locked-down app/etc folder cause cron(s) to fail in any ways? I am okay to give the /etc/ folder write access each time I need to update the application, that's not a prob, I just need a confirmation that this won't interfere with the running of the application in a prod environment.

 

Thanks for your time!

 

$ added file owner/user to apache's group

$ chown -R :www-data .

$ find . -type d -exec chmod 770 {} \; && find . -type f -exec chmod 660 {} \; && chmod u+x bin/magento

$ chmod -R g+w /var/www/magento2/pub

$ chmod -R g+w /var/www/magento2/var

$ chmod go-w var/www/magento2/app/etc

 

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
‎01-02-2016 03:56 PM
‎01-02-2016 03:56 PM

Re: Will a locked-down app/etc folder cause cron jobs to complain?

System upgrade may need the directory writable, but in production it should not be required *if* you plan to have a workflow where you make changes in a dev environment and then push the result to producstion. (I would consider it a bug if it is.)

 

Doing a system upgrade may add a new module which needs to be put into the config.php file for example. So it makes sense the system upgrade page checking to make sure it can write to files there. But in production it should not be required. For example, the update cron job can probably be removed as well.

 

The real question is about what is needed in your development environment and how to push safely to production. Most solution partners have worked out their own workflow for this, but we are looking at how to make this more standard. So I believe it is possible today, but not documented (yet). I don't have an ETA for this documentation, but cleaning up the dev to production workflow is something we are looking at this year to remove some of the friction there. 

View solution in original post

0 Kudos
2 REPLIES 2
‎01-02-2016 03:56 PM
‎01-02-2016 03:56 PM

Re: Will a locked-down app/etc folder cause cron jobs to complain?

System upgrade may need the directory writable, but in production it should not be required *if* you plan to have a workflow where you make changes in a dev environment and then push the result to producstion. (I would consider it a bug if it is.)

 

Doing a system upgrade may add a new module which needs to be put into the config.php file for example. So it makes sense the system upgrade page checking to make sure it can write to files there. But in production it should not be required. For example, the update cron job can probably be removed as well.

 

The real question is about what is needed in your development environment and how to push safely to production. Most solution partners have worked out their own workflow for this, but we are looking at how to make this more standard. So I believe it is possible today, but not documented (yet). I don't have an ETA for this documentation, but cleaning up the dev to production workflow is something we are looking at this year to remove some of the friction there. 

0 Kudos
‎01-02-2016 11:07 PM
‎01-02-2016 11:07 PM

Re: Will a locked-down app/etc folder cause cron jobs to complain?

Absolutely brilliant, thanks for taking the time to answer. Also, appreciate the heads up RE removing the 'update' cron, this haven't crossed my mind. Good call. And yes I was mainly interested to know how a fully locked-down app/etc/ behaves in a prod set-up. As mentioned I am more than happy to manually relax permissions prior updating, that won't be an issue. Makes sense in fact.

 

I have yet to design a dev-to-prod push system. Understanding what-does-what in the background is not all that simple for one who is completely new to Magento! Still learning... all good fun I reassure you.

 

Again, very grateful! Luck to you and your team with the workflow cleanup

 

Kind regards

 

0 Kudos