How to uninstall an update? Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern) Announcing the arrival of Valued Associate #679: Cesar Manara Unicorn Meta Zoo #1: Why another podcast?how to upgrade from magento 2.3.0 to 2.3.1 steps (composer)I am having massive trouble setting up a cron job in Magento 2SYSTEM and REPORTS menu disappeared after upgrade to 1.9Rename(/usr/lib64/plesk-9.0/composer.phar): failed to open stream: Permission deniedMagento 2 Development permissions issueMagento 2 Installation Cache Permission IssueRelease Management in Magento 2Cron job permission issue?Fatal Error - Magento update 2.1.2 --> 2.2.2 Manual Update (overwrite files) Fatal error: Uncaught Error: Cannot instantiate interfaceBackups in Magento 2.3.0 “You need more permissions to perform a rollback.”Magento 2 - Readiness check fails on Check Component Dependency
What was the last x86 CPU that did not have the x87 floating-point unit built in?
Did the new image of black hole confirm the general theory of relativity?
Strange behaviour of Check
What is the electric potential inside a point charge?
Using "nakedly" instead of "with nothing on"
Complexity of many constant time steps with occasional logarithmic steps
What did Darwin mean by 'squib' here?
How can I protect witches in combat who wear limited clothing?
Can smartphones with the same camera sensor have different image quality?
What was Bilhah and Zilpah's ancestry?
How to retrograde a note sequence in Finale?
Stop battery usage [Ubuntu 18]
How should I respond to a player wanting to catch a sword between their hands?
Autumning in love
How to dynamically generate the hash value of a file while it gets downloaded from any website?
Am I ethically obligated to go into work on an off day if the reason is sudden?
What do you call a plan that's an alternative plan in case your initial plan fails?
Determine whether f is a function, an injection, a surjection
Losing the Initialization Vector in Cipher Block Chaining
When is phishing education going too far?
Who can trigger ship-wide alerts in Star Trek?
Active filter with series inductor and resistor - do these exist?
How do you clear the ApexPages.getMessages() collection in a test?
Array/tabular for long multiplication
How to uninstall an update?
Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)
Announcing the arrival of Valued Associate #679: Cesar Manara
Unicorn Meta Zoo #1: Why another podcast?how to upgrade from magento 2.3.0 to 2.3.1 steps (composer)I am having massive trouble setting up a cron job in Magento 2SYSTEM and REPORTS menu disappeared after upgrade to 1.9Rename(/usr/lib64/plesk-9.0/composer.phar): failed to open stream: Permission deniedMagento 2 Development permissions issueMagento 2 Installation Cache Permission IssueRelease Management in Magento 2Cron job permission issue?Fatal Error - Magento update 2.1.2 --> 2.2.2 Manual Update (overwrite files) Fatal error: Uncaught Error: Cannot instantiate interfaceBackups in Magento 2.3.0 “You need more permissions to perform a rollback.”Magento 2 - Readiness check fails on Check Component Dependency
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
I tried to update magento 2.3 to magento 2.3.1, but it failed. I tried to backup from my server and that failed too. How do I roll back the changes to get it to back to 2.3? I followed the steps listed here, and got to step 3. I'm not sure what broke but now the site is down.
I am using ubuntu on plesk with lightsail. I do have sudo access and can ssh
EDIT
from answer below I am getting the error: rm cannot remove ... Permission denied for a lot of folders. I also got this error when I tried to update.
magento2 upgrade
asked Apr 10 at 18:53
Morgan SmithMorgan Smith
5810
|
show 3 more comments
I tried to update magento 2.3 to magento 2.3.1, but it failed. I tried to backup from my server and that failed too. How do I roll back the changes to get it to back to 2.3? I followed the steps listed here, and got to step 3. I'm not sure what broke but now the site is down.
I am using ubuntu on plesk with lightsail. I do have sudo access and can ssh
EDIT
from answer below I am getting the error: rm cannot remove ... Permission denied for a lot of folders. I also got this error when I tried to update.
magento2 upgrade
asked Apr 10 at 18:53
Morgan SmithMorgan Smith
5810
What error it is showing? If u do have a backup of old composer file, put it back and again composer update command ...
– Yash Shah
Apr 10 at 19:06
I'm not sure where I would find that
– Morgan Smith
Apr 10 at 19:09
Its okay if u dont have it, just update here what error it is showing to u ?
– Yash Shah
Apr 10 at 19:10
Do u have sudo user access ?
– Yash Shah
Apr 10 at 19:14
1
Yeah ... Must be relaxed now .. 🙂
– Yash Shah
Apr 10 at 19:29
|
show 3 more comments
I tried to update magento 2.3 to magento 2.3.1, but it failed. I tried to backup from my server and that failed too. How do I roll back the changes to get it to back to 2.3? I followed the steps listed here, and got to step 3. I'm not sure what broke but now the site is down.
I am using ubuntu on plesk with lightsail. I do have sudo access and can ssh
EDIT
from answer below I am getting the error: rm cannot remove ... Permission denied for a lot of folders. I also got this error when I tried to update.
magento2 upgrade
asked Apr 10 at 18:53
Morgan SmithMorgan Smith
5810
I tried to update magento 2.3 to magento 2.3.1, but it failed. I tried to backup from my server and that failed too. How do I roll back the changes to get it to back to 2.3? I followed the steps listed here, and got to step 3. I'm not sure what broke but now the site is down.
I am using ubuntu on plesk with lightsail. I do have sudo access and can ssh
EDIT
from answer below I am getting the error: rm cannot remove ... Permission denied for a lot of folders. I also got this error when I tried to update.
magento2 upgrade
magento2 upgrade
asked Apr 10 at 18:53
Morgan SmithMorgan Smith
5810
asked Apr 10 at 18:53
Morgan SmithMorgan Smith
5810
edited Apr 10 at 19:14
Morgan Smith
asked Apr 10 at 18:53
Morgan SmithMorgan Smith
5810
asked Apr 10 at 18:53
Morgan SmithMorgan Smith
5810
asked Apr 10 at 18:53
Morgan SmithMorgan Smith
5810
5810
What error it is showing? If u do have a backup of old composer file, put it back and again composer update command ...
– Yash Shah
Apr 10 at 19:06
I'm not sure where I would find that
– Morgan Smith
Apr 10 at 19:09
Its okay if u dont have it, just update here what error it is showing to u ?
– Yash Shah
Apr 10 at 19:10
Do u have sudo user access ?
– Yash Shah
Apr 10 at 19:14
1
Yeah ... Must be relaxed now .. 🙂
– Yash Shah
Apr 10 at 19:29
|
show 3 more comments
What error it is showing? If u do have a backup of old composer file, put it back and again composer update command ...
– Yash Shah
Apr 10 at 19:06
I'm not sure where I would find that
– Morgan Smith
Apr 10 at 19:09
Its okay if u dont have it, just update here what error it is showing to u ?
– Yash Shah
Apr 10 at 19:10
Do u have sudo user access ?
– Yash Shah
Apr 10 at 19:14
1
Yeah ... Must be relaxed now .. 🙂
– Yash Shah
Apr 10 at 19:29
What error it is showing? If u do have a backup of old composer file, put it back and again composer update command ...
– Yash Shah
Apr 10 at 19:06
What error it is showing? If u do have a backup of old composer file, put it back and again composer update command ...
– Yash Shah
Apr 10 at 19:06
I'm not sure where I would find that
– Morgan Smith
Apr 10 at 19:09
I'm not sure where I would find that
– Morgan Smith
Apr 10 at 19:09
Its okay if u dont have it, just update here what error it is showing to u ?
– Yash Shah
Apr 10 at 19:10
Its okay if u dont have it, just update here what error it is showing to u ?
– Yash Shah
Apr 10 at 19:10
Do u have sudo user access ?
– Yash Shah
Apr 10 at 19:14
Do u have sudo user access ?
– Yash Shah
Apr 10 at 19:14
1
1
Yeah ... Must be relaxed now .. 🙂
– Yash Shah
Apr 10 at 19:29
Yeah ... Must be relaxed now .. 🙂
– Yash Shah
Apr 10 at 19:29
|
show 3 more comments
2 Answers
2
active
oldest
votes
Try This Command :-
sudo composer require magento/product-community-edition=2.3.0 --no-update
sudo composer update
sudo rm -rf pub/static/frontend/ pub/static/adminhtml/ pub/static/_requirejs pub/static/deployed_version.txt var/cache var/page_cache var/generation var/view_preprocessed var/session generated/code
sudo php bin/magento setup:upgrade
sudo php bin/magento setup:static-content:deploy -f
sudo php bin/magento indexer:reindex
sudo php bin/magento cache:flush
answered Apr 10 at 19:04
Rk RathodRk Rathod
1,386213
any error generate ?
– Rk Rathod
Apr 10 at 19:07
i think error generated for module version ??
– Rk Rathod
Apr 10 at 19:08
I did a warning that says don't sudo composer though
– Morgan Smith
Apr 10 at 19:09
When I tried to rm -rf I got permission denied (edited question for os stuff)
– Morgan Smith
Apr 10 at 19:10
1
most welcome buddy...:)
– Rk Rathod
Apr 10 at 19:45
|
show 4 more comments
as someone said in the comments to sudo chmod -R 777, this is the wrong thing to do if you are in production and causes severe security issues.
you would want to do:
directory with 755 and files with 644.
edit:
if your store is 777 a user can come in and change anything they want.
edit 2:
"777 is a bad permission in general and I'll show you why.
Despite how it may look in a Casino or Las Vegas, 777 doesn't mean jackpot for you. Rather, jackpot for anyone who wishes to modify your files. 777 (and its ugly cousin 666) allow Read and Write permissions (and in the case of 777, Execute) to other. You can learn more about how file permissions work, but in short there are three groups of permissions: owner, group, and other. By setting the permission to 6 or 7 (rw- or rwx) for other you give any user the ability to edit and manipulate those files and folders. Typically, as you can imagine, this is bad for security.
Here's my example:
marco@desktop:~/Projects/AskUbuntu/20105$ cd ..
marco@desktop:~/Projects/AskUbuntu$ chmod 0777 20105
marco@desktop:~/Projects/AskUbuntu$ cd 20105/
marco@desktop:~/Projects/AskUbuntu/20105$ ls -lah
total 8.0K
drwxrwxrwx 2 marco marco 4.0K 2011-01-04 20:32 .
drwxr-xr-x 3 marco marco 4.0K 2011-01-04 20:32 ..
marco@desktop:~/Projects/AskUbuntu/20105$ touch test
marco@desktop:~/Projects/AskUbuntu/20105$ chmod 0666 test
So far I have created a folder and made a file with "bad" permissions (777 and 666). Now I'll switch into another user and try to manipulate those files.
marco@desktop:~/Projects/AskUbuntu/20105$ sudo su - malicious
malicious@desktop:~$ cd /home/marco/Projects/AskUbuntu/20105
malicious@desktop:/home/marco/Projects/AskUbuntu/20105$ ls
test
malicious@desktop:/home/marco/Projects/AskUbuntu/20105$ ls -lah
total 8.0K
drwxrwxrwx 2 marco marco 4.0K 2011-01-04 20:33 .
drwxr-xr-x 3 marco marco 4.0K 2011-01-04 20:32 ..
-rw-rw-rw- 1 marco marco 0 2011-01-04 20:33 test
malicious@desktop:/home/marco/Projects/AskUbuntu/20105$ touch bad
malicious@desktop:/home/marco/Projects/AskUbuntu/20105$ echo "OVERWRITE" > test
malicious@desktop:/home/marco/Projects/AskUbuntu/20105$ cat test
OVERWRITE
As this "malicious" user I was able to place files into the directory and inject text into already existent files. Whereas below, in a directory with 755 and files with 644, I am able to see inside files and directories but I can not edit the files nor create new ones:
malicious@desktop:/home/marco/Projects/AskUbuntu/20105$ cd /home/marco/Projects
malicious@desktop:/home/marco/Projects$ touch hey
touch: cannot touch `hey': Permission denied
For Apache permissions, you're going to want to stick to 0755 and 0644 (AKA umask 022) for folders and files respectively. This allows you, as the owner of the files, to edit and manipulate them while giving Apache the bare minimum levels of access needed to operate." - written by user Marco Ceppi (https://askubuntu.com/users/41/marco-ceppi) on thread: https://askubuntu.com/questions/20105/why-shouldnt-var-www-have-chmod-777
answered Apr 10 at 20:31
BovolioBovolio
165
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "479"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmagento.stackexchange.com%2fquestions%2f269590%2fhow-to-uninstall-an-update%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
Try This Command :-
sudo composer require magento/product-community-edition=2.3.0 --no-update
sudo composer update
sudo rm -rf pub/static/frontend/ pub/static/adminhtml/ pub/static/_requirejs pub/static/deployed_version.txt var/cache var/page_cache var/generation var/view_preprocessed var/session generated/code
sudo php bin/magento setup:upgrade
sudo php bin/magento setup:static-content:deploy -f
sudo php bin/magento indexer:reindex
sudo php bin/magento cache:flush
answered Apr 10 at 19:04
Rk RathodRk Rathod
1,386213
any error generate ?
– Rk Rathod
Apr 10 at 19:07
i think error generated for module version ??
– Rk Rathod
Apr 10 at 19:08
I did a warning that says don't sudo composer though
– Morgan Smith
Apr 10 at 19:09
When I tried to rm -rf I got permission denied (edited question for os stuff)
– Morgan Smith
Apr 10 at 19:10
1
most welcome buddy...:)
– Rk Rathod
Apr 10 at 19:45
|
show 4 more comments
Try This Command :-
sudo composer require magento/product-community-edition=2.3.0 --no-update
sudo composer update
sudo rm -rf pub/static/frontend/ pub/static/adminhtml/ pub/static/_requirejs pub/static/deployed_version.txt var/cache var/page_cache var/generation var/view_preprocessed var/session generated/code
sudo php bin/magento setup:upgrade
sudo php bin/magento setup:static-content:deploy -f
sudo php bin/magento indexer:reindex
sudo php bin/magento cache:flush
answered Apr 10 at 19:04
Rk RathodRk Rathod
1,386213
any error generate ?
– Rk Rathod
Apr 10 at 19:07
i think error generated for module version ??
– Rk Rathod
Apr 10 at 19:08
I did a warning that says don't sudo composer though
– Morgan Smith
Apr 10 at 19:09
When I tried to rm -rf I got permission denied (edited question for os stuff)
– Morgan Smith
Apr 10 at 19:10
1
most welcome buddy...:)
– Rk Rathod
Apr 10 at 19:45
|
show 4 more comments
Try This Command :-
sudo composer require magento/product-community-edition=2.3.0 --no-update
sudo composer update
sudo rm -rf pub/static/frontend/ pub/static/adminhtml/ pub/static/_requirejs pub/static/deployed_version.txt var/cache var/page_cache var/generation var/view_preprocessed var/session generated/code
sudo php bin/magento setup:upgrade
sudo php bin/magento setup:static-content:deploy -f
sudo php bin/magento indexer:reindex
sudo php bin/magento cache:flush
answered Apr 10 at 19:04
Rk RathodRk Rathod
1,386213
Try This Command :-
sudo composer require magento/product-community-edition=2.3.0 --no-update
sudo composer update
sudo rm -rf pub/static/frontend/ pub/static/adminhtml/ pub/static/_requirejs pub/static/deployed_version.txt var/cache var/page_cache var/generation var/view_preprocessed var/session generated/code
sudo php bin/magento setup:upgrade
sudo php bin/magento setup:static-content:deploy -f
sudo php bin/magento indexer:reindex
sudo php bin/magento cache:flush
answered Apr 10 at 19:04
Rk RathodRk Rathod
1,386213
answered Apr 10 at 19:04
Rk RathodRk Rathod
1,386213
answered Apr 10 at 19:04
Rk RathodRk Rathod
1,386213
answered Apr 10 at 19:04
Rk RathodRk Rathod
1,386213
1,386213
any error generate ?
– Rk Rathod
Apr 10 at 19:07
i think error generated for module version ??
– Rk Rathod
Apr 10 at 19:08
I did a warning that says don't sudo composer though
– Morgan Smith
Apr 10 at 19:09
When I tried to rm -rf I got permission denied (edited question for os stuff)
– Morgan Smith
Apr 10 at 19:10
1
most welcome buddy...:)
– Rk Rathod
Apr 10 at 19:45
|
show 4 more comments
any error generate ?
– Rk Rathod
Apr 10 at 19:07
i think error generated for module version ??
– Rk Rathod
Apr 10 at 19:08
I did a warning that says don't sudo composer though
– Morgan Smith
Apr 10 at 19:09
When I tried to rm -rf I got permission denied (edited question for os stuff)
– Morgan Smith
Apr 10 at 19:10
1
most welcome buddy...:)
– Rk Rathod
Apr 10 at 19:45
any error generate ?
– Rk Rathod
Apr 10 at 19:07
any error generate ?
– Rk Rathod
Apr 10 at 19:07
i think error generated for module version ??
– Rk Rathod
Apr 10 at 19:08
i think error generated for module version ??
– Rk Rathod
Apr 10 at 19:08
I did a warning that says don't sudo composer though
– Morgan Smith
Apr 10 at 19:09
I did a warning that says don't sudo composer though
– Morgan Smith
Apr 10 at 19:09
When I tried to rm -rf I got permission denied (edited question for os stuff)
– Morgan Smith
Apr 10 at 19:10
When I tried to rm -rf I got permission denied (edited question for os stuff)
– Morgan Smith
Apr 10 at 19:10
1
1
most welcome buddy...:)
– Rk Rathod
Apr 10 at 19:45
most welcome buddy...:)
– Rk Rathod
Apr 10 at 19:45
|
show 4 more comments
as someone said in the comments to sudo chmod -R 777, this is the wrong thing to do if you are in production and causes severe security issues.
you would want to do:
directory with 755 and files with 644.
edit:
if your store is 777 a user can come in and change anything they want.
edit 2:
"777 is a bad permission in general and I'll show you why.
Despite how it may look in a Casino or Las Vegas, 777 doesn't mean jackpot for you. Rather, jackpot for anyone who wishes to modify your files. 777 (and its ugly cousin 666) allow Read and Write permissions (and in the case of 777, Execute) to other. You can learn more about how file permissions work, but in short there are three groups of permissions: owner, group, and other. By setting the permission to 6 or 7 (rw- or rwx) for other you give any user the ability to edit and manipulate those files and folders. Typically, as you can imagine, this is bad for security.
Here's my example:
marco@desktop:~/Projects/AskUbuntu/20105$ cd ..
marco@desktop:~/Projects/AskUbuntu$ chmod 0777 20105
marco@desktop:~/Projects/AskUbuntu$ cd 20105/
marco@desktop:~/Projects/AskUbuntu/20105$ ls -lah
total 8.0K
drwxrwxrwx 2 marco marco 4.0K 2011-01-04 20:32 .
drwxr-xr-x 3 marco marco 4.0K 2011-01-04 20:32 ..
marco@desktop:~/Projects/AskUbuntu/20105$ touch test
marco@desktop:~/Projects/AskUbuntu/20105$ chmod 0666 test
So far I have created a folder and made a file with "bad" permissions (777 and 666). Now I'll switch into another user and try to manipulate those files.
marco@desktop:~/Projects/AskUbuntu/20105$ sudo su - malicious
malicious@desktop:~$ cd /home/marco/Projects/AskUbuntu/20105
malicious@desktop:/home/marco/Projects/AskUbuntu/20105$ ls
test
malicious@desktop:/home/marco/Projects/AskUbuntu/20105$ ls -lah
total 8.0K
drwxrwxrwx 2 marco marco 4.0K 2011-01-04 20:33 .
drwxr-xr-x 3 marco marco 4.0K 2011-01-04 20:32 ..
-rw-rw-rw- 1 marco marco 0 2011-01-04 20:33 test
malicious@desktop:/home/marco/Projects/AskUbuntu/20105$ touch bad
malicious@desktop:/home/marco/Projects/AskUbuntu/20105$ echo "OVERWRITE" > test
malicious@desktop:/home/marco/Projects/AskUbuntu/20105$ cat test
OVERWRITE
As this "malicious" user I was able to place files into the directory and inject text into already existent files. Whereas below, in a directory with 755 and files with 644, I am able to see inside files and directories but I can not edit the files nor create new ones:
malicious@desktop:/home/marco/Projects/AskUbuntu/20105$ cd /home/marco/Projects
malicious@desktop:/home/marco/Projects$ touch hey
touch: cannot touch `hey': Permission denied
For Apache permissions, you're going to want to stick to 0755 and 0644 (AKA umask 022) for folders and files respectively. This allows you, as the owner of the files, to edit and manipulate them while giving Apache the bare minimum levels of access needed to operate." - written by user Marco Ceppi (https://askubuntu.com/users/41/marco-ceppi) on thread: https://askubuntu.com/questions/20105/why-shouldnt-var-www-have-chmod-777
answered Apr 10 at 20:31
BovolioBovolio
165
add a comment |
as someone said in the comments to sudo chmod -R 777, this is the wrong thing to do if you are in production and causes severe security issues.
you would want to do:
directory with 755 and files with 644.
edit:
if your store is 777 a user can come in and change anything they want.
edit 2:
"777 is a bad permission in general and I'll show you why.
Despite how it may look in a Casino or Las Vegas, 777 doesn't mean jackpot for you. Rather, jackpot for anyone who wishes to modify your files. 777 (and its ugly cousin 666) allow Read and Write permissions (and in the case of 777, Execute) to other. You can learn more about how file permissions work, but in short there are three groups of permissions: owner, group, and other. By setting the permission to 6 or 7 (rw- or rwx) for other you give any user the ability to edit and manipulate those files and folders. Typically, as you can imagine, this is bad for security.
Here's my example:
marco@desktop:~/Projects/AskUbuntu/20105$ cd ..
marco@desktop:~/Projects/AskUbuntu$ chmod 0777 20105
marco@desktop:~/Projects/AskUbuntu$ cd 20105/
marco@desktop:~/Projects/AskUbuntu/20105$ ls -lah
total 8.0K
drwxrwxrwx 2 marco marco 4.0K 2011-01-04 20:32 .
drwxr-xr-x 3 marco marco 4.0K 2011-01-04 20:32 ..
marco@desktop:~/Projects/AskUbuntu/20105$ touch test
marco@desktop:~/Projects/AskUbuntu/20105$ chmod 0666 test
So far I have created a folder and made a file with "bad" permissions (777 and 666). Now I'll switch into another user and try to manipulate those files.
marco@desktop:~/Projects/AskUbuntu/20105$ sudo su - malicious
malicious@desktop:~$ cd /home/marco/Projects/AskUbuntu/20105
malicious@desktop:/home/marco/Projects/AskUbuntu/20105$ ls
test
malicious@desktop:/home/marco/Projects/AskUbuntu/20105$ ls -lah
total 8.0K
drwxrwxrwx 2 marco marco 4.0K 2011-01-04 20:33 .
drwxr-xr-x 3 marco marco 4.0K 2011-01-04 20:32 ..
-rw-rw-rw- 1 marco marco 0 2011-01-04 20:33 test
malicious@desktop:/home/marco/Projects/AskUbuntu/20105$ touch bad
malicious@desktop:/home/marco/Projects/AskUbuntu/20105$ echo "OVERWRITE" > test
malicious@desktop:/home/marco/Projects/AskUbuntu/20105$ cat test
OVERWRITE
As this "malicious" user I was able to place files into the directory and inject text into already existent files. Whereas below, in a directory with 755 and files with 644, I am able to see inside files and directories but I can not edit the files nor create new ones:
malicious@desktop:/home/marco/Projects/AskUbuntu/20105$ cd /home/marco/Projects
malicious@desktop:/home/marco/Projects$ touch hey
touch: cannot touch `hey': Permission denied
For Apache permissions, you're going to want to stick to 0755 and 0644 (AKA umask 022) for folders and files respectively. This allows you, as the owner of the files, to edit and manipulate them while giving Apache the bare minimum levels of access needed to operate." - written by user Marco Ceppi (https://askubuntu.com/users/41/marco-ceppi) on thread: https://askubuntu.com/questions/20105/why-shouldnt-var-www-have-chmod-777
answered Apr 10 at 20:31
BovolioBovolio
165
add a comment |
as someone said in the comments to sudo chmod -R 777, this is the wrong thing to do if you are in production and causes severe security issues.
you would want to do:
directory with 755 and files with 644.
edit:
if your store is 777 a user can come in and change anything they want.
edit 2:
"777 is a bad permission in general and I'll show you why.
Despite how it may look in a Casino or Las Vegas, 777 doesn't mean jackpot for you. Rather, jackpot for anyone who wishes to modify your files. 777 (and its ugly cousin 666) allow Read and Write permissions (and in the case of 777, Execute) to other. You can learn more about how file permissions work, but in short there are three groups of permissions: owner, group, and other. By setting the permission to 6 or 7 (rw- or rwx) for other you give any user the ability to edit and manipulate those files and folders. Typically, as you can imagine, this is bad for security.
Here's my example:
marco@desktop:~/Projects/AskUbuntu/20105$ cd ..
marco@desktop:~/Projects/AskUbuntu$ chmod 0777 20105
marco@desktop:~/Projects/AskUbuntu$ cd 20105/
marco@desktop:~/Projects/AskUbuntu/20105$ ls -lah
total 8.0K
drwxrwxrwx 2 marco marco 4.0K 2011-01-04 20:32 .
drwxr-xr-x 3 marco marco 4.0K 2011-01-04 20:32 ..
marco@desktop:~/Projects/AskUbuntu/20105$ touch test
marco@desktop:~/Projects/AskUbuntu/20105$ chmod 0666 test
So far I have created a folder and made a file with "bad" permissions (777 and 666). Now I'll switch into another user and try to manipulate those files.
marco@desktop:~/Projects/AskUbuntu/20105$ sudo su - malicious
malicious@desktop:~$ cd /home/marco/Projects/AskUbuntu/20105
malicious@desktop:/home/marco/Projects/AskUbuntu/20105$ ls
test
malicious@desktop:/home/marco/Projects/AskUbuntu/20105$ ls -lah
total 8.0K
drwxrwxrwx 2 marco marco 4.0K 2011-01-04 20:33 .
drwxr-xr-x 3 marco marco 4.0K 2011-01-04 20:32 ..
-rw-rw-rw- 1 marco marco 0 2011-01-04 20:33 test
malicious@desktop:/home/marco/Projects/AskUbuntu/20105$ touch bad
malicious@desktop:/home/marco/Projects/AskUbuntu/20105$ echo "OVERWRITE" > test
malicious@desktop:/home/marco/Projects/AskUbuntu/20105$ cat test
OVERWRITE
As this "malicious" user I was able to place files into the directory and inject text into already existent files. Whereas below, in a directory with 755 and files with 644, I am able to see inside files and directories but I can not edit the files nor create new ones:
malicious@desktop:/home/marco/Projects/AskUbuntu/20105$ cd /home/marco/Projects
malicious@desktop:/home/marco/Projects$ touch hey
touch: cannot touch `hey': Permission denied
For Apache permissions, you're going to want to stick to 0755 and 0644 (AKA umask 022) for folders and files respectively. This allows you, as the owner of the files, to edit and manipulate them while giving Apache the bare minimum levels of access needed to operate." - written by user Marco Ceppi (https://askubuntu.com/users/41/marco-ceppi) on thread: https://askubuntu.com/questions/20105/why-shouldnt-var-www-have-chmod-777
answered Apr 10 at 20:31
BovolioBovolio
165
as someone said in the comments to sudo chmod -R 777, this is the wrong thing to do if you are in production and causes severe security issues.
you would want to do:
directory with 755 and files with 644.
edit:
if your store is 777 a user can come in and change anything they want.
edit 2:
"777 is a bad permission in general and I'll show you why.
Despite how it may look in a Casino or Las Vegas, 777 doesn't mean jackpot for you. Rather, jackpot for anyone who wishes to modify your files. 777 (and its ugly cousin 666) allow Read and Write permissions (and in the case of 777, Execute) to other. You can learn more about how file permissions work, but in short there are three groups of permissions: owner, group, and other. By setting the permission to 6 or 7 (rw- or rwx) for other you give any user the ability to edit and manipulate those files and folders. Typically, as you can imagine, this is bad for security.
Here's my example:
marco@desktop:~/Projects/AskUbuntu/20105$ cd ..
marco@desktop:~/Projects/AskUbuntu$ chmod 0777 20105
marco@desktop:~/Projects/AskUbuntu$ cd 20105/
marco@desktop:~/Projects/AskUbuntu/20105$ ls -lah
total 8.0K
drwxrwxrwx 2 marco marco 4.0K 2011-01-04 20:32 .
drwxr-xr-x 3 marco marco 4.0K 2011-01-04 20:32 ..
marco@desktop:~/Projects/AskUbuntu/20105$ touch test
marco@desktop:~/Projects/AskUbuntu/20105$ chmod 0666 test
So far I have created a folder and made a file with "bad" permissions (777 and 666). Now I'll switch into another user and try to manipulate those files.
marco@desktop:~/Projects/AskUbuntu/20105$ sudo su - malicious
malicious@desktop:~$ cd /home/marco/Projects/AskUbuntu/20105
malicious@desktop:/home/marco/Projects/AskUbuntu/20105$ ls
test
malicious@desktop:/home/marco/Projects/AskUbuntu/20105$ ls -lah
total 8.0K
drwxrwxrwx 2 marco marco 4.0K 2011-01-04 20:33 .
drwxr-xr-x 3 marco marco 4.0K 2011-01-04 20:32 ..
-rw-rw-rw- 1 marco marco 0 2011-01-04 20:33 test
malicious@desktop:/home/marco/Projects/AskUbuntu/20105$ touch bad
malicious@desktop:/home/marco/Projects/AskUbuntu/20105$ echo "OVERWRITE" > test
malicious@desktop:/home/marco/Projects/AskUbuntu/20105$ cat test
OVERWRITE
As this "malicious" user I was able to place files into the directory and inject text into already existent files. Whereas below, in a directory with 755 and files with 644, I am able to see inside files and directories but I can not edit the files nor create new ones:
malicious@desktop:/home/marco/Projects/AskUbuntu/20105$ cd /home/marco/Projects
malicious@desktop:/home/marco/Projects$ touch hey
touch: cannot touch `hey': Permission denied
For Apache permissions, you're going to want to stick to 0755 and 0644 (AKA umask 022) for folders and files respectively. This allows you, as the owner of the files, to edit and manipulate them while giving Apache the bare minimum levels of access needed to operate." - written by user Marco Ceppi (https://askubuntu.com/users/41/marco-ceppi) on thread: https://askubuntu.com/questions/20105/why-shouldnt-var-www-have-chmod-777
answered Apr 10 at 20:31
BovolioBovolio
165
edited Apr 10 at 20:37
answered Apr 10 at 20:31
BovolioBovolio
165
answered Apr 10 at 20:31
BovolioBovolio
165
answered Apr 10 at 20:31
BovolioBovolio
165
165
add a comment |
add a comment |
Thanks for contributing an answer to Magento Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmagento.stackexchange.com%2fquestions%2f269590%2fhow-to-uninstall-an-update%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
What error it is showing? If u do have a backup of old composer file, put it back and again composer update command ...
– Yash Shah
Apr 10 at 19:06
I'm not sure where I would find that
– Morgan Smith
Apr 10 at 19:09
Its okay if u dont have it, just update here what error it is showing to u ?
– Yash Shah
Apr 10 at 19:10
Do u have sudo user access ?
– Yash Shah
Apr 10 at 19:14
1
Yeah ... Must be relaxed now .. 🙂
– Yash Shah
Apr 10 at 19:29