2

What permissions(rights) should Magento 2 module files/dir have in production environment? Can I use php functions that creates a file inside a module directory (fwrite)? I am considering writing db information to js file so the module won't make too much db requests. But I am concerned if that might cause any security threats or be against Magento development best practices?

Background:

I am creating a autocomplete search form and association with that i am considering two options from three (the third that i have sorted out is xml file generation by php):

  1. Ajax call from database using like when customer types to input field.
  2. When data has changed in db Cron runs php script that replaces or generates js file from new db information. The file would be located in module directory.

I have asked similar question before, but unfortunately I could not understand the answer what i got. Also i couldn't generate a question to ask that would have made the answer more clearer for me.

asked Dec 26, 2016 at 20:34

1 Answer 1

1

The recommended file permissions for Magento 2 are explained in the devdocs:

  • separated web server user and Magento file system owner
  • Magento file system owner is in web server group
  • Code is only writable by owner

  • The following directories are group writable (i.e. writable by the web server user):

    • var
    • vendor
    • pub/static
    • pub/media
    • app/etc

  • additionally, bin/magento is executable

Your idea does not work at all if following best practice for the server setup, for several reasons:

  • the module directory is either not writable, if it is in app, or should only be written by the component installer (composer), if it is in vendor.
  • pub should be the document root, so neither vendor nor app are accessible from the web. In production mode, files from the web directories within a module are copied to pub/static, so changing those in the module dir would not have any effect either.

Besides that it also does not follow best practices for module development, that is: if you create files that must be accessible from the web, write them to pub/media. Magento writes automatically generated files to pub/static, but will also happily delete everything it finds there during deployment, so do not use it. As the name suggests, it is meant to be static, so it only changes during deployment, not dynamically.

answered Mar 9, 2017 at 20:38
1
  • Thanks! The part where you pointed out the falsity of my idea with point by point was just what I was looking for. Commented Mar 13, 2017 at 9:45

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.