Joomla! Discussion Forums

Greetings All,
I have been installing and working Joomla for a few weeks and one thign that is still unlcear to me is the CHMOD settings for the directories and files??

1. What is the reall, actual, sure-fire, settings all the directories and files?
2. What should the configuration.php file be set to?
    If it is 777 to edit why on earth is this the case? Why should it ever need to be 777?
3. Does apache have to be added to the group owner of the folders? My install seems like folders are not writable unles sthey are 777 .. please help??

Please provide as much detail as possible and point me anyplace in the documentation that this information may already exist because I cant find it in a clear way????

Please know I may sound a little frustrated because I have been looking for a definitive answer all day but.... I love Joomla and you all rock!

Warm regards,
Jeffrey

The only place this is mentioned in the documentation is here in the Manual Installation instructions.
http://help.joomla.org/content/view/40/132/
About half way down the page.
That appears to be out of date.

The current Joomla installation defaults are:
- Files: 0644
- Directories: 0755
This is from looking in the code.
I have not found any other documentation discussion.
There was a post from one of the devs back in the old forum discussing this issue,
but I have not been able to find it again.

Manually editing configuration.php:
Usually I set configuration.php to 0777 to edit,
and then back to 0644 to lock it for normal operations.

If you make changes from the Joomla back-end, it is all done for you.

Newbie here... plus I'm a Microsoft captive so please be gentle 8-)

I understand that I need to make configuration.php writeable so I can do some Global Configuration stuff, and I understand about file permissions. But I don't know how to actually do it.

1. How/where do I set configuration.php to 0777? Do I do that from some tab in Joomla?

2. Kenmcd says "If you make changes from the Joomla back-end, it is all done for you." That sounds really good... but how/where do I make changes from the Joomla back-end?

Thanks! - Mike

Do you have mambEoxplorer installed? You can do it through that.

FTP is much quicker for multiple changes, but using mamboxplorer means you can do it without leaving your browser. In Joomla, when you edit your "global" configuration settings, the permissions are temporarily modified to enable saving, and then they are immediately reset to 644 for files and 755 for directories (or something like that). Always make sure that these are appropriate settings for the files/directories in question however!

But security goes beyond basic permission setting. It also involves an awareness of to what degree important files are available for the public viewing.

If you have performed a migration by dropping files over the top of an existing mambo installation, you might find that http://www.mysite.com/configuration.php-dist page can be viewed, and has execution priveleges.

This is no big deal but it helps illustrate how a file and its settings can be overlooked, and if you used it as a backup to your existing configuration.php (on your local machine for instance) or haven't changed the $mosConfig_secret in your global configuration, this info is now fairly easy to obtain.

It isn't necessary provided once you have done your migration so just take it off your online server if you haven't already done so.

Some components allow you make their config files "unwriteable" (e.g. template manager, and other addons) which is great, and if you have finished with a particular item, then i would definately recommend doing that. 

This being said, if you need to edit an "unwriteable" file, you may need to use ftp or mamboXplorer to change change the settings back to writeable, but for most maintenance requirements joomla manages the setting of permissions of files and directories very well in of and by itself.

Hope this basic discussion helps make things a little clearer... ?

I'd really like to see this subject addressed by the core dev group since there doesn't seem to be a definitive 'official' answer.

For example, while setting up a project for a school district in a testbed at my company's own host, 1and1.com,  the 'suggested' settings of 755 on dirs and 644 for files worked fine and dandy, as they should.  However when I then moved the site to another hosting provider, totalchoicehosting.com, I have found that much to my dismay that many core functions of the Joomla won't work AT ALL unless certain directories were set to 777 - permanently - not just when installing a com/mod/bot.

As you can imagine, I'm quite uncomfortable allowing such permissions and I'm at a loss for why the move necessitated setting them.  I know that 1and1.com runs PHP as CGI (I'm assuming through an Apache handler, though I'm still learning how all THAT works); could this be a possible explanation?

I really need someone to explain to me why this is, and what I may be able to do with my host (who seems pretty knowledgeable and cooperative) to get things back to a more secure footing?  And can we have, once and for all, a DEFNITIVE guide of the Joomla directory in tree form with the NECESSARY permissions notated?  Core Devs, please weigh in!!

I know I speak for many when I say that answers to this question would be very helpful indeed and should be part of the FAQ.  In helping one user in these forums, I was given access via FTP and was flabbergasted to see that ALL their dirs were marked 777!  But the user insisted that this was the only way she could get Joomla to function.  I'm afraid that if we don't address this there will be a lot of busy script kiddies out there in the near future....

Thanks for your indulgence 

Well after a bit of research, I have come up with an explanation as to why the issue I brought up is happening; on TCH (and I suspect many other ISPs) PHP scripts run as user 'nobody'.  Here's a post on the subject from TCH's forums:



Any comments from the core devs?

I have everything at 755/644. Only when I install/uninstall components, or change configuration.php, I change it to 777 for just this purpose. If I can only run Joomla at 777, it would be time to find a new hoster who does have a decent configuration.

Hosts that use phpSuExec (or similar) will allow Joomla/Mambo to write to any files/folders with chmod settings at 0644/0755. If you are not using it they will need to be tweaked to be more open.

I'm using 775 for directories and 644 for files but don't really know how should they be set.
My account is userA and apache is runned by userB and userB is in group userA. So when my user is the owner of the joomla files should the file permissions be set to 664 so that joomla will have permission to write files? Is this so hard or am I so d*mn slow that I don't get this?

SMF must not have a good searching mechanism because it completely missed this thread when I searched for "permissions."

I am having a weird permissions problem and am unable to fix them. It seems to be a Joomla related problem but I can't be sure at this time. For the most part, I always change my files to 666 for internal writing purposes because 777 invites trouble. Joomla performs fine but for a strange reason I cannot access files to manipulate unless I am SU and even then I have problems. perhaps based upon your explanations files are in use. I would now know why your server would require 777 for Joomla to run although that is the only setting for which I can move a number of files between directories or even delete them. As others do not seem to have this problem, I'm wonder whether this is all host related although I have my own dedicated server.

Hello, my understanding is that PhpSuExec is being installed on more and more shared hosting environments these days. My host just did this update, and now I am eager to see if I can run Joomla! with even stricter file and folder permissions.

Can someone please tell me what the lowest file and directory chmod I can use with Joomla!? All files owned by my (ftp)user.

I see I can run 755/644 while developing a site, but when everything is installed, could the directories be secured even more? I'm happy to run such a low setting that I'll need to chmod before installing stuff.