Plesk Question posted in
The official documentation for Plesk Obsidian can be found here.

TYPO3 9LTS – Images won't render after moving instance to a linux rootserver with plesk onyx

I recently moved a typo3 9lts instance from a managed server to a rootserver with linux plesk onyx. It seems to work fine, except the image won’t render although they are there. I get a ‘HTTP/2 403 Forbidden 21ms’ error So I assume its a permission issue. If I look at an image e.g.

/fileadmin/_processed_/2/9/csm_typo3-book-backend-login_af97155c7b.png

… and compare the path, I have the following permission set for the managed server (MS) and root server (rs):

fileadmin
MS: rwx rwx r-x
RS: rwx r-x r-x 

_processed_
MS: rwx r-x ---
RS: rwx r-x --- 

2
MS: rwx rwx r-x
RS: rwx r-x r-x 

9
MS: rwx rwx r-x
RS: rwx r-x r-x 

csm_typo3-book-backend-login_af97155c7b.png
MS: rw- rw- r--
RS: rw- r-- r--

What do I need to do to render the images again? And if I need to change the permission what’s the best way to I do that?

Tags:

2

Answers


  1. 0

    Re-render images

    You can use the InstallTool (Maintenance › Remove Temporary Assets) to re-render images.

    Permissions

    You should think about a permission concept that fits your use case.

    I’ll just suggest how I do it – there are many other ways that are equally possible.

    Find out which usergroup your webserver uses

    # search for php-fpm (or apache, or nginx, ... depending on which process runs PHP when accessed via the web on your server)
sudo ps -o command,user,group -p $(pgrep php-fpm)

    Put the user that is changing files into the same group

    That might be the user(s) that you use for deployment to the server, the user an FTP-daemon runs on, …

    sudo usermod -a -G WEBSERVER_GROUP YOUR_USERNAME

    Set user/group/permissions on the web app directory

    cd YOUR_APP_ROOT_DIR # e.g. /var/www/my_typo3
sudo chown -R WEBSERVER_USER:WEBSERVER_GROUP .
sudo find . -type f -exec chmod 660 {} ;
sudo find . -type d -exec chmod 2770 {} ;

    This also sets the setgid-bit on directories which means that newly created subdirectories will have the same group.

    Make sure new files do also get created with these permissions

    Check that new files created by your user (or FTP daemon, or …) will give full permissions to the group! 

    umask
# that should start with 000 - e.g. 0002 is OK, 0007 would be most secure

    If it is wrong (commonly found: 0022), set it with umask 0002. The easiest to persist is usually to set it in /etc/profile or ~/.bashrc.

    Also make sure TYPO3 gives full write permissions to the group and sets the setgid: 

    # In LocalConfiguration.php: (or wherever you set your TYPO3 configuration):
SYS/fileCreateMask = '0660' # you can ignore the last digit, 0 for maximum security
SYS/folderCreateMask = '2770' # you can ignore the last digit

    Checks

    Log out and back in again.

    umask # should be 000x
groups # should include the webserver group

# create files and folders with your user 
# create files and folders in TYPO3 "File List" module and check permissions

    This should be a safe setup that is very resilient against running into permission problems. It allows direct upload from an IDE. It allows files to be changed by multiple users/daemons.

    Login or Signup to reply.
  2. 0

    First you should try clear TYPO3 maintenance > flush cache , remove temp file , process file, give required permissions , check other issues and then Try to fix with permission , some time major problems solved by backend flush cache ..

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search