This page is about an old version of Active Collab that's not developed anymore.
Click here to open the documentation for the latest version.

File and Folder Permissions

One of the most common problem within activeCollab is file and folder permissions. If permissions are not set properly, it can result in various issues, such as:

  • Appearance of blank pages when using the system;
  • Users being unable to upload and attach files;
  • User avatars, company logos, notebook covers or project icons not working as expected;
  • Project exporter not exporting content;
  • Upgrade script failing to write information about the latest version, etc.

To resolve the mentioned issues, make sure that PHP can write to all the folders and files listed below. The following folders need to be writable for activeCollab to work properly:

  • /activecollab
  • /cache
  • /compile
  • /config/version.php
  • /logs
  • /public/assets
  • /public/avatars
  • /public/brand
  • /public/logos
  • /public/notebook_covers
  • /public/projects_icons
  • /thumbnails
  • /upload
  • /work

*nix Permissions #

We will explain some basic *nix permissions now, to make it easier for you to resolve permission issues that you can came across to.

There are three user types and three basic permission types. Each user type has his own permission set.

User types are:

  • user, permissions apply only to the owner of the file/folder,
  • group, permissions apply to every member of group,
  • other (world), permissions apply to all other users.

Permission types with the corresponding octal numbers:

  • read (r) = 4,
  • write (w) = 2,
  • execute (x) = 1.

By adding those numbers you can easily manipulate permissions:

  • 7 = 4 + 2 + 1 = rwx
  • 6 = 4 + 2 = rw
  • 5 = 4 + 1 = rx
  • 4 = 4 = r
  • 3 = 2 + 1 = wx
  • 2 = 2 = w
  • 1 = 1 = x

Now that we know basics about users and permissions, we can make folders and files writable. There are two ways to make a folder writable by PHP:

1. All Permissions to Everyone

The easier way is to give all permissions to everyone, meaning that every user type gets rwx permissions, which is the same as 7 in octal. You can achieve this by issuing following chmod command (we will assume activeCollab is installed in /var/www):

1
$ chmod -R 777 /var/www/cache

Permissions can be checked with the ls command:

1
2
3
4
5
$ ls -l /var/www/
total 32M
...
drwxrwxrwx  2 www-data www-data 4.0K Nov 26 14:58 cache/
...

As we can see, cache/ is a folder, and any user has read, write, and execute permissions on it.

Directory Access

To be able to access directory, a user needs to have execute permissions. In essence, the logic behind this rule is that reading file names in a directory means actually listing those files. This is considered to be an execution.

2. Folder owned by webserver user id

The other, a bit more complex and secured way, is to make a folder owned by the webserver (Apache, nginx, or any other) user id, and give full permissions only to the webserver user id. On most Debian based systems this user is www-data, and on RedHat based systems it's usually apache. You can check the webserver user in the webserver configuration.

Let's assume that our webserver runs as www-data. To get our permissions right we will first change the ownership of the cache folder, after which we'll change the permissions itself:

1
2
$ chown -R www-data /var/www/cache
$ chmod -R 755 /var/www/cache

This is all that needs to be done. Now only www-data user can write and change files in the cache folder. Any other user can just see the files in the folder. Again, we can our permissions with ls:

1
2
3
4
5
$ ls -l /var/www/activecollab/
total 32M
...
drwxr-xr-x  2 www-data www-data 4.0K Nov 26 14:58 cache/
...
  • In examples above we use the -R switch, to change the ownership and the permissions of the folder and its subfolder. Without the -R switch only the parent folder would be affected.