I tried to setup a new site with Grav CMS 1.5.10 and ran into permission problems after unpacking one of the skeleton .zip files. The reason is that on my Linux machine I am running as user+group "cweiske", while Apache is running under "www-data" - and Grav wants to write some files even when it tries to reach the setup check screen.
Grav has a manual page about permissions which is complete nonsense if you want a secure system, and only give the web server process as few writable files and directories as possible. The manual page instructs you to change the permissions and group of every file and directory, which is unneeded.
Errors
Error messages I encountered before the setup check page worked:
Fatal error: Uncaught RuntimeException: Creating directory '/.../cache/compiled/files' failed on error
This is simple:
$ chgrp -R www-data cache $ chmod -R g+w cache/
But now:
Fatal error: Uncaught RuntimeException: Opening file for writing failed on error
No more information. And what's worse: No stack trace, because Grav catches the Exception and throws it again.
The solution is to edit vendor/rockettheme/toolbox/File/src/File.php and let it output the file it tried to write:
- throw new \RuntimeException("Opening file for writing failed on error {$error['message']}"); + throw new \RuntimeException("Opening file for writing failed on error {$error['message']}" . $this->filename);
We now see that it wants to write into user/config/security.yaml.
$ chgrp -R www-data user/config/ $ chmod -R g+w user/config/
And now I saw the setup check page.
Final solution
In the end I had to give this permissions:
$ chgrp -R www-data assets/ backup/ cache/ images/ logs/ system/config/ tmp/ user/accounts/ user/config/ user/data/ user/pages/ $ chmod -R g+w assets/ backup/ cache/ images/ logs/ system/config/ tmp/ user/accounts/ user/config/ user/data/ user/pages/
I'm also disappointed that Grav puts all files publicly available into the server's document root directory, because it does not have a public/ or www/ directory. The issue was closed without a proper solution; Grav's authors chose to patch their .htaccess file instead :/