Thread

I work for a university which uses the Andrew File System (AFS). I’ve been told by our server admins and also have read in many places that AFS file systems cannot set permissions rights on a file level basis, rather all permissions must be set on a per directory basis (So essentially directories cannot contain files with mixed permissions).

Our client site is going to be on this AFS space. Since we developed locally first, the site has already been “installed” and we just moved it onto the AFS space. Everything seems to work minus the obvious permission issues

I’m trying to figure out the best way to deal with this, particularly for path.php and system/config.php. Obviously I don’t wont to make either the entire root folder or the entire system folder writable, just so those files can be writeable.

The recommended solution by our server people is to keep all files that need to be writeable on the same level in the hierarchy and set the permissions on the directories appropriately.

Would it be possible to *easily* move config.php and path.php into different folders and still have the application function appropriately? If so where in the application would I change the path to these files?

Option B would be to make the entire folder writeable during version updates (and immediately taking away those privileges after the update process) and then just manually editing path.php and config.php when I need to make a change…

Do you forsee any problems with the latter method? Other than switching some of those general/system settings, how often does config.php and/or path.php need to be written to on the fly by modules, plugins, extensions etc etc?

BTW We’re running version 1.6.7 (core version for now)

This is an interesting issue, and one that hasn’t come up yet far as I can tell.

... essentially directories cannot contain files with mixed permissions).

This should only affect path.php and system/config.php; all other permissions would be on a per directory basis anyway.

The recommended solution by our server people is to keep all files that need to be writeable on the same level in the hierarchy and set the permissions on the directories appropriately.

Just brainstorming here: does AFS support symbolic links? Would it be possible to have these files point to some other file in a different directory?

Would it be possible to *easily* move config.php and path.php into different folders and still have the application function appropriately?

You could probably hack EE as well though I’d consider this a measure of last resort.

Option B would be to make the entire folder writeable during version updates (and immediately taking away those privileges after the update process) and then just manually editing path.php and config.php when I need to make a change… Do you forsee any problems with the latter method?

In princple that should work, too, yes.

Other than switching some of those general/system settings, how often does config.php and/or path.php need to be written to on the fly by modules, plugins, extensions etc etc?

Rarely. path.php practically never, config.php only in the case of updates and such. Read permissions should be be fine for day to day operations.

In closing: it’s an interesting challenge, certainly, although we’d have a hard time to support a file system like that officially.

Using symbolic links crossed my mind as well. I’ll look into the issue a bit further and see if that would be viable solution. Worst case scenario, if the symlinks don’t work, I’ll go with the second option (I’ll stay away from hacking EE as you recommended). I think read-only (aside from updates) will work fine for us.

Thanks for the help! It is very much appreciated!