Weird file access behavior

Still a Modx (revo 2.2) beginner, I've only just discovered that I ought to be able to edit files after selecting them in the Modx File Manager tab.

Since day one I've seen all my files at the root level with an icon of a lock beside them and assumed that was normal. After exploring deeper into the tree, I found many files that didn't have the lock icon and were editable.

I've observed that this seems to be caused by the method I use to create directories or upload files.

Example 1:
If i create a directory and upload a file to it within Modx Manager, I can also edit/save that file in Modx. However, if I try to add another file to the new directory via an external FTP program (SSH Secure File Transfer), I get an error.

Example 2:
If i create a directory and upload a file to it with my external FTP program, when I navigate to that new file in Modx, it has the lock icon and can be viewed but not edited.

I have full administrator rights, but I am not an IT person. I rely on a system administrator, so I'm wondering if he is unknowingly making access settings on the server that would conflict with the ACL/permissions controlled within Modx (which I have not touched, by the way)?

1) Anyone have any ideas why this is happening?
2) Is there an easy way to unlock a file (remove the lock icon) in Modx Manager?

Thanks! -Dwayne

This is because of the ownership and permssions on the files. When you upload a file with FTP, the file is owned by you. When a file is created or uploaded via the Manager, it's owned by the web server user (apache, www, nobody - depending on how your server was configured).

The way I solve this problem is a little convoluted. I add my user to the web server's group, and add the web server user to my group. Then I configure MODx to use file permissions of 664 and folder permissions of 775 so user and group can edit them. I also configure my FTP client to set permissions the same when I upload files or folders via FTP, and this way the web server user can edit them, since it belongs to my group.

Those three permission numbers mean 7 = owner can open folder, read what's in it, and add files to it. 7 means group can also open, read and write. 5 means everybody else can only open and read.

664, for files, means 6 = owner can read and write, 6= group can read and write, 4= everybody else can only read.

Thanks for the quick reply. It actually makes some sense to me, despite my lack of IT knowledge. I will pass your reply on to my system administrator and report back to the thread.
-Dwayne

The best thing is if the web server can be configured to use some kind of "suexec", as what this does is cause the user to be switched to the owner of the file (in our case the index.php file and its friends) instead of the web server user. (su exec means "switch user execute") Apache can be configured to use such a function. So everything MODx would do with this would be owned by your FTP user, just as the files you upload are. And since MODx would be running as you, it has full access all of your files and folders.

Susan, it looks like we'll be able to fix this problem with WebDAV. My SA and I ran a test using Apache mod_dav and it worked.

Essentially, I'll be able to access my Modx web directory like a system drive or folder (depending on whether I'm using my PC or Mac). Just click and drag any file without any permission problems.

Thanks again for your input. It helped us come up with a solution on our end.