Foxtrek_64 Posted January 26, 2023 Posted January 26, 2023 When attempting to update a plugin via the marketplace, it fails and I get the following in the system log: Cannot extract "Application.php" to "/home/public/applications/form/Application.php", setting file permissions failed Is this caused by the apache user account attempting to run chmod or a similar command on Application.php? Permissions on the existing Application.php file are 775, so it shouldn't be an issue with writing the actual file. Is this caused by the apache user attempting to run chmod on the Application.php file and then throwing an exception because it doesn't have permissions or is there another issue here?
Foxtrek_64 Posted January 26, 2023 Author Posted January 26, 2023 (edited) After doing some digging, it seems I've identified the issue. The article @ThunderBlue linked was partially correct in that it gave me a place to look, but my analysis lead me to a different location. The stacktrace for the error refers to line 941 of Marketplace.php, but I believe the issue is actually on 942. Line 941 extracts the downloaded tarball to the applications directory. Line 942 calls a function called _checkChmod, which according to documentation for the function, "recursively check[s] and adjust[s] CHMOD permissions after uploading an application." The user account Apache is using, named `web`, which represents web users, does not have chmod permissions. This is causing an exception to be thrown, which is accurately described by the error message but not by the stack trace (though that's PHP's problem, not Invision's). I am pursuing two avenues to resolve this issue: I am working with my hosting provider to determine a viable work-around. They seem to have granular chmod permissions set up anyways, so allowing the `web` user to use chmod in the applications directory might be viable, but we are looking at alternatives. I have reached out to the plugin developer about getting the install files so I can install the update manually, though I am still waiting on a response. I would like to recommend, and I can place this somewhere else separately if need be, that the step that attempts to perform the chmod changes is modified. If it fails, instead of simply throwing an exception, it should prompt the admin to modify permissions themselves. Then they can click continue when they've finished or they can click cancel which safely aborts just like is done now. Edited January 26, 2023 by Foxtrek_64 Phrasing
Foxtrek_64 Posted January 27, 2023 Author Posted January 27, 2023 (edited) Hi all, an update on this issue. I heard back from the site host. They recommended that I place an `exit()` call just above 941 of Marketplace.php, thus aborting the install and letting me inspect the downloaded tarball. Doing so, I was able to test extraction both into the temporary folder and into the /home/public/applications/form directory from the command line. Both were successful. Finding this to be successful, I then went back in and removed my exit() modification and commented out line 942, which is the call to the _checkChmod method. Invision was able to successfully download and extract the tarball, but was unable to open Application.php for writing, which is to be expected. This tells me the exception is likely being thrown when @chmod() is called in the _checkChmod function due to invalid permissions. I have reverted the changes for now, but I believe I have discovered two potential solutions for this issue, both of which will require developer intervention: Wordpress is able to handle this via a command-line tool. I'm not too sure what that looks like or how it works, but the web host reports that Wordpress sites are able to successfully install plugins from their marketplace through this method. It may be worth giving a look. Change to a Wizard-based updater for plugins which will pause to allow administrators to manually chgrp/chmod files as appropriate. Edited January 27, 2023 by Foxtrek_64 Typo (internvention -> intervention)
Recommended Posts