I have just installed Grav CMS on my cloudron droplet, and I am having issues. Many of the plugins are unable to save settings, they give me back errors like:
Failed to save file /app/code/config/plugins/aboutme.yaml
I have had this happen with several plugins.
I tried to reproduce this, but the aboutme and other plugins work fine. In the cases I've tried from a fresh install, the configs are saved to
/app/code/user/config/plugins/which is symlinked into the writeable
@jkimmerling do you have made any special configuration which could affect those paths being different?
Does sound like a potential file-permissions issue.
I know in Wordpress you don't definitely don't want the
/pluginsdirectory writeable and only the
/uploadsdir should be.
Grav I'm guessing could be different if they are all non-executable files?
Maybe a Cloudron button for
Reset File Permissions...might at-least help solve or diagnose this as the issue in most cases.
I can't speak for Grav - but with Wordpress any plugin that is writing data to anywhere other than
/uploadsshould be reported back to the developer as bad security practice because otherwise any plugin could pull and save executable code in
/pluginsthat isn't vetted by the usually transparent, monitored and tested processes they would go through.
Be interested to see how this issue plays out as both curious about Grav and certainly very interested in file-permissions maintenance being as tight as possible for app security from rogue plugins.