The Joomla! Forum ™

Hey!

I looked around in this forum looking for info about CHMOD but can´t find anything useful..!

I need to know what permissions i have to set for the folders and files. I know about the permisson on configuration.php but what about all the others..?

The reason why i ask is because i had problems and couldn´t see the login page and i could only see the header on the frontpage. I tried to change the permission on the administrator folder to 755 but nothing happend, i tried with 777 but nothing happend, so i changed the permission on all folders and files to 777 and then it worked. Now i want to be shure i have the right permissions, but can´t find any guide about this!

My question:

Can i, in the administrator panel choose "Global Configuration", choose "Server" and then, in the "File Creation" and "Directory Creation" choose to use server defaults - will the system set the right permissions again when i click "Apply"..?

Sorry this isn't an answer but:
I'm looking for the same thing (for IIS). This would be nice especially as the installer doesn't take car of that for us.

_________________
Danny

BeNù Web Solutions

Hi,

I can't speak for IIS systems, but on a unix/linux server, then assuming the file ownership is correct, 755 on folders, 644 on files.

Martin.

_________________
http://games.craven-community.com - A Joomla games arcade.
http://www.watson-trant.com

Good set of information. I'm just moving from IIS to Linux and ran into this for the first time.

I took the advice above but got a number of problems from the install checker including:

• configuration.php unwritable (as expected)
• everything in the Directory and File Permissions Check unwritable (unexpected)

I've now used the following to get the installer to be happy:

• configuration.php - 666 (rw-rw-rw-)
• all directories - 777 (rwxrwxrwx)

I'm not really happy with 777 on all my directories so if it's possible to use something less open post-installation, it would be great to know.  I tried lower directory permissions but continued getting "unwritable" errors in the install checker.

And for reasons I'm not clear on, I'm still getting the following errors in the installer (will search the forums for these later...):

• Warning: rename(../configuration.php,./oldconfiguration.php) [function.rename]: Permission denied in /data01/mark/public_html/installation/index.php on line 23
• Warning: Cannot modify header information - headers already sent by (output started at /data01/mark/public_html/installation/index.php:23) in /data01/mark/public_html/installation/common.php on line 19
• Warning: Cannot modify header information - headers already sent by (output started at /data01/mark/public_html/installation/index.php:23) in /data01/mark/public_html/installation/common.php on line 20

Cheers,
Mark

Hi Mark,

I run Linux servers for a living, and here's my take on all this.... File ownership is one of the hardest concepts for folks to grasp, and your mileage will vary according to the freedoms granted by your hosting company. Ideally, file ownership is granted to a user with the lowest privileges (but who is still up to the job). In the case of a scenario such as running a website, it follows that the owner of the filesystem should be the webserver process itself, as it runs with very low privileges, can be contained within its own little area, and even if it did escape it can't do much harm. You will find that the webserver process generally runs under the alias of 'apache', 'www' or 'nobody'. In this happy scenario, the filesystem permissions can be nailed to the floor, i.e. 700 on folders and 600 on files.

The installer sees things from the point of view of the webserver process, but since you FTP'd the files in, then they are owned by the FTP user, so are unwriteable to the webserver process, and you will probably find that you end up opening up permissions to get things to work, which can lead to unhappy situations such as 777/666. If that is the only way that you can work, then please remember to secure the folders/files again afterwards. Never, EVER, set the x-bit on files (unless it is a shell script or similar) so, no odd numbers on files....

My best advice, for what it's worth... get a hosting account that gives you some level of shell access. You'll soon pick up on a few one-shot commands which will make your life easier. As your confidence increases, shell out a few bucks for a VPS with root access - you'll be glad you did.

Lastly, keep one eye open for security issues with the CMS or extensions that you've installed - but don't get paranoid. Secure your environment first - 'secure' scripts running in an INSECURE environment will give you more problems than 'vulnerable' scripts in a SECURE environment.

Martin.

_________________
http://games.craven-community.com - A Joomla games arcade.
http://www.watson-trant.com

I've got a host (zeus) where I do not have access to set 600 permissions and because the install of most modules sets this to "nobody", I appear to be stumped if I want to upload a changed file. Mhwatson (or any other expert on permissions), do you know how this can be changed so I do not get FTP refusals? I have tried changing the Joomla! server configuration to allow CHMOD but this has not changed the FTP client behaviour.

Thanks.

_________________
Thanks for your time.

Hi,

Like I said, your mileage will vary with the host. Anything uploaded through a browser interface will end up being owned by the webserver process (or its alias) - that includes modules etc. Assuming the filesystem is owned by the webserver process, then yes, the FTP user will be locked out. Question is, do you really need FTP access on a daily basis? From a security point of view, the least number of 'users' having access to the filesystem the better - personally I restrict the whole thing to the webserver process, and no one else.

Best scenario is being able to use SFTP (such as WinSCP) as root to transfer files (yes, they end up owned by root...), then just chown -R the lot back to the webserver process afterwards. WinSCP includes a terminal client, so it's a one-hit command.

If your host is unwilling to give any form of shell access (maybe they allow 'su ' though?), then you can use components such as JoomlaXplorer to move files around as the webserver process, and you can always use the media manager. Sometimes you just have to take the deal you have and modify your way of working.

Blow a few bucks on a VPS - at least you'll get a decent nights sleep.

Martin.

_________________
http://games.craven-community.com - A Joomla games arcade.
http://www.watson-trant.com

I've been doing some reading on these file permission issues because I'm having  the same problem.

I run a VPS so I have root access.  I keep reading that people are needing CHOWN permissions back to USER:USER.

My server process is nobody.  Here are the senarios I've come up with - is this normal behavour?

With permissions set to 755 and 644

USER:USER - FTP client can read/write.  Joomla all directories say unwritable

NOBODY:NOBODY - FTP can read, but not write. Joomla has full write access.

USER:NOBODY - FTP client can read/write.  Joomla all directories say unwritable

NOBODY:USER - FTP can read, but not write. Joomla has full write access.

What is setup do most people use? Thanks.  Luke

Hi,

Since your webserver is running under the alias of 'nobody', then nobody:nobody is the way to go. Only the webserver process should have write access. OK, so this can get tricky if you like FTP, but why not just run your FTP sessions as root and change ownership afterwards - like I said, it's a one hit command.

Bear in mind that you can use media manager etc for uploading files as 'nobody', but WinSCP is a great tool for everyday use. For shell access to your VPS use PuTTY. WinSCP has a command shell built in, but it's not interactive.

This topic has been the subject of lots of posts. At the end of the day, although it can seem inconvenient, it is the correct behaviour of an apache server in a unix or unix-like environment.

Ownership problems can't be corrected by changing permissions - only by correcting the ownership...

Martin.

_________________
http://games.craven-community.com - A Joomla games arcade.
http://www.watson-trant.com

Is there any way I can check automatically if the permissions are set right 755/644?

_________________
Signature Rules: viewtopic.php?f=8&t=65

Once you have Xplorer or similar then any permissions can be changed. I just wonder if another way of doing this is to install the component, module or whatever (thus setting the DB tables), then extract a copy via your FTP client of all the dirs and files of that component (both administrator/components and components folders if you need access to both) to your client PC. Then delete all the server dirs.files relating to that component thus making them non existant on the server. Then re-upload them from your client. I would have thought this would recreate all the dirs and files with permissions changeable from the client FTP program.

No guarantees with this process so do it at your own risk!, but I have noticed that if I create folders and files fresh from my client (Dreamweaver) then I do not have permissions issues later.

Comment welcome as I would like to know if this is a "safe" way of avoiding server ownership even if it is really only academic.

_________________
Thanks for your time.