Installing 3.2 in a test forum

Get help with installation and running phpBB 3.2.x here. Please do not post bug reports, feature requests, or extension related questions here.
User avatar
Lumpy Burgertushie
Registered User
Posts: 66268
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: Installing 3.2 in a test forum

Post by Lumpy Burgertushie » Wed Dec 28, 2016 3:15 am

just FYI, almost all users are on shared accounts with their hosting company.

this is only a problem on a few hosts that seem to set up their servers differently from the majority.

not saying a fix in phpbb can't solve it, just that it is not that common of a problem with shared hosting accounts.


robert
I am going to be out of town and off line for a week . see ya when I get back.

Premium phpBB 3.2 Styles by PlanetStyles.net

If a tree falls in the forest and nobody is there, does it make a sound?

User avatar
John connor
Registered User
Posts: 2073
Joined: Fri Nov 14, 2014 5:14 pm
Location: U S Of A
Name: Aaron
Contact:

Re: Installing 3.2 in a test forum

Post by John connor » Wed Dec 28, 2016 3:25 am

Hopefully this gets fixed.


I also see an error_log in the adm folder that says:
[27-Dec-2016 21:16:04 America/Chicago] PHP Catchable fatal error: Object of class phpbb\template\twig\twig could not be converted to string in /home/systechf/public_html/test/phpbb/extension/metadata_manager.php on line 130
I can't get upload extensions or s9 Mediaembed to work either and they should, so I'm wondering if that is related to this error?

User avatar
3Di
Former Team Member
Posts: 13687
Joined: Mon Apr 04, 2005 11:09 pm
Location: Milan (IT) Frankfurt (DE)
Name: Marco
Contact:

Re: Installing 3.2 in a test forum

Post by 3Di » Wed Dec 28, 2016 3:32 am

John connor wrote:upload extensions or s9 Mediaembed
are for 3.1.x.

s9 media embed for 3.2 is now an extension from the phpBB Extension Team
viewtopic.php?f=456&t=2386631
Please PM me only to request paid works. Thx.
Want to compensate me for my interest? Donate
My development's activity º PhpStorm's proud user
Extensions, Scripts, MOD porting, Update/Upgrades
👨‍🏫 | Take a tour to | The Studio | 👨‍🏫

User avatar
RMcGirr83
Recognised Extension Developer
Posts: 21034
Joined: Wed Jun 22, 2005 4:33 pm
Location: Your display
Name: Rich McGirr
Contact:

Re: Installing 3.2 in a test forum

Post by RMcGirr83 » Wed Dec 28, 2016 9:23 am

and the upload extension has to be changed for 3.2 https://www.phpbb.com/customise/db/exte ... pic/168416
In times of change, learners inherit the earth, while the learned find themselves beautifully equipped to deal with a world that no longer exists - Eric Hoffer
Former Modifications/Extensions Team Member | My extensions
Appreciate the extensions/mods/support then buy me a beer
All requests for support via PM will be ignored

User avatar
mrgtb
Registered User
Posts: 557
Joined: Wed Oct 03, 2007 10:51 am

Re: Installing 3.2 in a test forum

Post by mrgtb » Wed Dec 28, 2016 9:39 am

I noticed when testing phpBB 3.2. That unlike 3.1 some folders are being set as 777 chmod permission after installation. A lot of shared host won't allow 777 chmod these days (NameCheap shared hosting "mine" won't allow it either) and results in a Server Error page if using that chmod.

I had to change chmod from 777 to 755 for all the folders, about 4-5 of them. Uploading still works with folders set at safer 755 permission. But a heads ups here, why you using 777 chmod for now after installation forced on some folders uploaded too? That is going to cause issues for a lot of people using shared hosting and many won't be sure why they're getting a server error page served up for because of it?

I think these was the folders set at 777

cache
files
store
/images/avatars/upload

User avatar
Scanialady
Registered User
Posts: 265
Joined: Thu Jan 17, 2013 7:09 pm
Location: Germany
Name: Annette
Contact:

Re: Installing 3.2 in a test forum

Post by Scanialady » Wed Dec 28, 2016 1:27 pm

3Di wrote:
John connor wrote:My host says that the script shouldn't be checking for a particular binary in /usr/bin/.

Does anyone have a ticket for this at Area 51? I'm not good at creating tickets and this needs to be brought up. Other wise this new version will alienate users who use shared accounts.
The fix is work in progress.
https://tracker.phpbb.com/browse/PHPBB3-14934
The fix https://tracker.phpbb.com/browse/PHPBB3-14934 / https://github.com/phpbb/phpbb/pull/4591 is working for me (problem with searching folder /tmp during installation on the wrong path) on my shared host test board.
Webseite, Blog, Wiki Deutsche Übersetzungen - german language files
My 2 cents: Whether an extension is in the CDB says nothing about its quality. It is more important to read the support topics for it. Better to avoid authors who do not answer support questions themselves, who do not update their stuff, and who do not fix bugs for years.

User avatar
Lumpy Burgertushie
Registered User
Posts: 66268
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: Installing 3.2 in a test forum

Post by Lumpy Burgertushie » Wed Dec 28, 2016 5:03 pm

mrgtb wrote:I noticed when testing phpBB 3.2. That unlike 3.1 some folders are being set as 777 chmod permission after installation. A lot of shared host won't allow 777 chmod these days (NameCheap shared hosting "mine" won't allow it either) and results in a Server Error page if using that chmod.

I had to change chmod from 777 to 755 for all the folders, about 4-5 of them. Uploading still works with folders set at safer 755 permission. But a heads ups here, why you using 777 chmod for now after installation forced on some folders uploaded too? That is going to cause issues for a lot of people using shared hosting and many won't be sure why they're getting a server error page served up for because of it?

I think these was the folders set at 777

cache
files
store
/images/avatars/upload
I haven't seen any host that doesn't allow 777. If they do then they really are a bit paranoid.

I have never heard of a case where having a directory chmod 777 was ever hacked because of it.


anyway, phpbb has always worked this way and continues to work just fine this way. you are the first person I have seen mention having an issue with the chmod 777 settings.

the reality is that it is more likely that your board will not work properly if the cache folder in particular, is not set to 777

bottom line is, whatever works for you is the way you have to do it.

luck,
robert
I am going to be out of town and off line for a week . see ya when I get back.

Premium phpBB 3.2 Styles by PlanetStyles.net

If a tree falls in the forest and nobody is there, does it make a sound?

User avatar
GoBieN
Registered User
Posts: 538
Joined: Fri Mar 05, 2004 5:22 pm
Location: Belgium
Contact:

Re: Installing 3.2 in a test forum

Post by GoBieN » Wed Dec 28, 2016 8:33 pm

My previous host had that as well. if you chmod 777 a file or folder you'd get an error 500 page. Now I use my self-managed VPS.

User avatar
John connor
Registered User
Posts: 2073
Joined: Fri Nov 14, 2014 5:14 pm
Location: U S Of A
Name: Aaron
Contact:

Re: Installing 3.2 in a test forum

Post by John connor » Thu Dec 29, 2016 12:25 am

3Di wrote:
John connor wrote:upload extensions or s9 Mediaembed
are for 3.1.x.

s9 media embed for 3.2 is now an extension from the phpBB Extension Team
viewtopic.php?f=456&t=2386631

Tried this version, went to enable and got this: http://imgur.com/JaMS5Yo

User avatar
3Di
Former Team Member
Posts: 13687
Joined: Mon Apr 04, 2005 11:09 pm
Location: Milan (IT) Frankfurt (DE)
Name: Marco
Contact:

Re: Installing 3.2 in a test forum

Post by 3Di » Thu Dec 29, 2016 12:33 am

John connor wrote:
3Di wrote:
John connor wrote:upload extensions or s9 Mediaembed
are for 3.1.x.

s9 media embed for 3.2 is now an extension from the phpBB Extension Team
viewtopic.php?f=456&t=2386631
Tried this version, went to enable and got this: http://imgur.com/JaMS5Yo
If s9e MediaEmbed extension for phpBB is installed (the 3.1.x version) that one refuses to install, disable/delete data of the 3.1.x extension first, (and also delete the folder from FTP since you don't need it).

You are not a novice here mate, you know you should ask where you got the extension from, isn't? :)
Please PM me only to request paid works. Thx.
Want to compensate me for my interest? Donate
My development's activity º PhpStorm's proud user
Extensions, Scripts, MOD porting, Update/Upgrades
👨‍🏫 | Take a tour to | The Studio | 👨‍🏫

User avatar
John connor
Registered User
Posts: 2073
Joined: Fri Nov 14, 2014 5:14 pm
Location: U S Of A
Name: Aaron
Contact:

Re: Installing 3.2 in a test forum

Post by John connor » Thu Dec 29, 2016 3:34 am

The s9e Mediaembed was disabled, but I don't think I deleted it's database files. I will check that and try again. Just thought this was another 3.2 RC2 screw up is all.


All and all this has been a freaking headache testing extensions and then finding out my host may not be compatible with 3.2. That -- better change with 3.2 code. I will simply not move from what has been a great host and/or move to and pay more for a VPS. I'd like to have a VPS for better management and security. But my Linux CLI skills are dismal and I keep forgetting commands practicing in VMware with CentOS. I have a notepad of all these commands. I was lucky to get Webmin installed without any issues. Now I need to figure out how to update PHP. Tried everything and fail. Must be a repository some crap, I don't know. Way to damn nerdy for me.

eorisis
Registered User
Posts: 1
Joined: Fri Jul 15, 2016 12:14 pm
Name: George
Contact:

Installing 3.2 in a test forum

Post by eorisis » Mon Jan 09, 2017 1:00 am

Lumpy Burgertushie wrote:
Wed Dec 28, 2016 5:03 pm
I haven't seen any host that doesn't allow 777. If they do then they really are a bit paranoid.

I have never heard of a case where having a directory chmod 777 was ever hacked because of it.


anyway, phpbb has always worked this way and continues to work just fine this way. you are the first person I have seen mention having an issue with the chmod 777 settings.

the reality is that it is more likely that your board will not work properly if the cache folder in particular, is not set to 777

bottom line is, whatever works for you is the way you have to do it.

luck,
robert
Robert, and anyone else not knowing what 777 is.
777 permissions means that the file (on unix/linux even a directory is considered a file) has public read/write/execute permissions. What public means in this case ? the whole machine -- your file is public to all users to do whatever they wish. This means that any other user on the same machine has read/write/execute access to your file/dir -- to read it, to modify it, to delete it, or execute it. Usually, if not always, every website is a user (not you). This means that on that same machine if one has a website, this person can go on and delete a file that has 777 permissions from a different user. Even worse, it can modify it with malicious code. So if a website is hacked and has a virus, the virus will most possibly automatically try to hack other websites on the same machine to expand by finding directories or files with 777 permissions. There are ways to restrict this and one is open_basedir, another one is jailkit.

In any case, once you know the basics, you never set 777 on a file unless you are on a development machine at a very restricted environment such as your own local network.

I would like to suggest people without basic understanding of security to do something else than giving advices to the public like Robert did.

EDIT:
Setting directories to 755 and files to 644 gives you as the owner of them the read/write/execute access you need. If your web application cannot work otherwise, then you either do something very wrong, or the application itself, or the server has issues. If an application requires 777 permissions stay away from it. If a server requires 777 permissions while there are other users on it and you need the basic security, you know what to do ? yes you do already. Now once phpBB 3.2.0 does chmod some directories to 777 upon update or even initial install, I consider it a vulnerable version and I would not advice anyone to update before the developers fix this. I would also advice this forum administrator to chmod those directories to 755 unless they own the whole machine this forum is hosted at and they are sure no other user will be able to access your files.

And Robert, no, phpBB does not require 777 permissions in order to work. It is an application that works from the same directory it is installed at, meaning it can fully work from the same user that owns those files on the file system. Your ideology there which says "whatever works for you is the way you have to do it" is something you can keep for yourself. And there is absolutely no reality even in a multiverse that a cache directory requires it's owner to chmod it with 777 permissions and expose it to everyone. If you really believe that what you say is right, go on and chmod your /config.php with 666 permissions, you do not even need to go up to 777 to expose your phpbb database user/password to all the users on the machine and be hacked yesterday.

Post Reply

Return to “[3.2.x] Support Forum”