when using Gii it creates new files in protected directory. In other words php and apache needs to write in your protected dir.
By default, for security reasons, Gii is configured to be accessible only on development (localhost). Therefore, it should only be installed on a development machine. Because it can generate new PHP script files in the application, we should pay sufficient attention to its security measures (e.g. password, IP filters). If you want to make it accessible on other trustable computers, you can configure the Gii Module like .
return array(
......
'modules'=>array(
'gii'=>array(
'class'=>'system.gii.GiiModule',
'password'=>'pick up a password here',
// 'ipFilters'=>array(...a list of IPs...),
// 'newFileMode'=>0666,
// 'newDirMode'=>0777,
),
),
);
Because Gii may generate and save new code files in the existing application, we need to make sure that the Web server process has the proper permission to do so. The above GiiModule::newFileMode and GiiModule::newDirMode properties control how the new files and directories should be generated.
for permission you can change your protected owner:group using:
$ sudo chown yourUserName:www-data path/to/protected
$ sudo chmod 775 path/to/protected -R