Plugins do not work well

jkimmerling

I have just installed Grav CMS on my cloudron droplet, and I am having issues. Many of the plugins are unable to save settings, they give me back errors like:

Failed to save file /app/code/config/plugins/aboutme.yaml

I have had this happen with several plugins.

jkimmerling

I'm wondering if this has to do with file permissions in Cloudron. Or could it just be the app itself is broken? I could not find any similar issues when doing a web search, so I am thinking it is on the cloudron side.

jdaviescoates

@jkimmerling said in Plugins do not work well:

I'm wondering if this has to do with file permissions in Cloudron.

Probably.

I've not used Grav but on Cloudron you often need to use the web terminal to install plugins and stuff see https://cloudron.io/documentation/apps/grav/

nebulon

I tried to reproduce this, but the aboutme and other plugins work fine. In the cases I've tried from a fresh install, the configs are saved to /app/code/user/config/plugins/ which is symlinked into the writeable /app/data/

@jkimmerling do you have made any special configuration which could affect those paths being different?

jkimmerling

@nebulon said in Plugins do not work well:

is, but the aboutme and other plugins work fine. In the cases I've tried from a fresh install, the configs are sa

no i did not. I will try to nuke the setup and start fresh.

girish

I think Grav has two ways of installing plugins - one via CLI and another via the UI. Both should be the same but maybe there is a difference we are not aware of. @nebulon @jkimmerling How did you guys install plugins?

marcusquinn

Does sound like a potential file-permissions issue.

I know in Wordpress you don't definitely don't want the /plugins directory writeable and only the /uploads dir should be.

Grav I'm guessing could be different if they are all non-executable files?

Maybe a Cloudron button for Reset File Permissions... might at-least help solve or diagnose this as the issue in most cases.

I can't speak for Grav - but with Wordpress any plugin that is writing data to anywhere other than /uploads should be reported back to the developer as bad security practice because otherwise any plugin could pull and save executable code in /plugins that isn't vetted by the usually transparent, monitored and tested processes they would go through.

Be interested to see how this issue plays out as both curious about Grav and certainly very interested in file-permissions maintenance being as tight as possible for app security from rogue plugins.

nebulon

In my case I was installing the plugin via the webinterface.
To reset the permissions usually in all apps an app restart does this already. So maybe indeed a simply app restart fixes that.