CHMOD - File Permissions

Need help installing Joomla!? For all Joomla! installation issues please use this forum.

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
User avatar
Webdesign123
Joomla! Fledgling
Joomla! Fledgling
Posts: 4
Joined: Thu Jun 28, 2007 2:42 pm
Location: Denmark, Odense
Contact:

CHMOD - File Permissions

Postby Webdesign123 » Tue Nov 20, 2007 2:00 pm

Hey!

I looked around in this forum looking for info about CHMOD but can´t find anything useful..!

I need to know what permissions i have to set for the folders and files. I know about the permisson on configuration.php but what about all the others..?

The reason why i ask is because i had problems and couldn´t see the login page and i could only see the header on the frontpage. I tried to change the permission on the administrator folder to 755 but nothing happend, i tried with 777 but nothing happend, so i changed the permission on all folders and files to 777 and then it worked. Now i want to be shure i have the right permissions, but can´t find any guide about this!

My question:

Can i, in the administrator panel choose "Global Configuration", choose "Server" and then, in the "File Creation" and "Directory Creation" choose to use server defaults - will the system set the right permissions again when i click "Apply"..?

iTechSquad
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 130
Joined: Tue Nov 13, 2007 7:01 pm
Location: Montreal
Contact:

Re: CHMOD - File Permissions

Postby iTechSquad » Tue Nov 20, 2007 7:37 pm

Sorry this isn't an answer but:
I'm looking for the same thing (for IIS). This would be nice especially as the installer doesn't take car of that for us.
Danny

BeNù Web Solutions

User avatar
mhwatson
Joomla! Explorer
Joomla! Explorer
Posts: 476
Joined: Thu Aug 18, 2005 10:26 am
Location: North Yorkshire, UK
Contact:

Re: CHMOD - File Permissions

Postby mhwatson » Tue Nov 20, 2007 8:11 pm

Hi,

I can't speak for IIS systems, but on a unix/linux server, then assuming the file ownership is correct, 755 on folders, 644 on files.

Martin.

mbaker42
Joomla! Apprentice
Joomla! Apprentice
Posts: 7
Joined: Sat Jul 21, 2007 6:59 am

Re: CHMOD - File Permissions

Postby mbaker42 » Mon Nov 26, 2007 11:24 am

Good set of information. I'm just moving from IIS to Linux and ran into this for the first time.

I took the advice above but got a number of problems from the install checker including:
  • configuration.php unwritable (as expected)
  • everything in the Directory and File Permissions Check unwritable (unexpected)

I've now used the following to get the installer to be happy:
  • configuration.php - 666 (rw-rw-rw-)
  • all directories - 777 (rwxrwxrwx)

I'm not really happy with 777 on all my directories so if it's possible to use something less open post-installation, it would be great to know.  I tried lower directory permissions but continued getting "unwritable" errors in the install checker.

And for reasons I'm not clear on, I'm still getting the following errors in the installer (will search the forums for these later...):
  • Warning: rename(../configuration.php,./oldconfiguration.php) [function.rename]: Permission denied in /data01/mark/public_html/installation/index.php on line 23
  • Warning: Cannot modify header information - headers already sent by (output started at /data01/mark/public_html/installation/index.php:23) in /data01/mark/public_html/installation/common.php on line 19
  • Warning: Cannot modify header information - headers already sent by (output started at /data01/mark/public_html/installation/index.php:23) in /data01/mark/public_html/installation/common.php on line 20

Cheers,
Mark

User avatar
mhwatson
Joomla! Explorer
Joomla! Explorer
Posts: 476
Joined: Thu Aug 18, 2005 10:26 am
Location: North Yorkshire, UK
Contact:

Re: CHMOD - File Permissions

Postby mhwatson » Mon Nov 26, 2007 11:05 pm

Hi Mark,

I run Linux servers for a living, and here's my take on all this.... File ownership is one of the hardest concepts for folks to grasp, and your mileage will vary according to the freedoms granted by your hosting company. Ideally, file ownership is granted to a user with the lowest privileges (but who is still up to the job). In the case of a scenario such as running a website, it follows that the owner of the filesystem should be the webserver process itself, as it runs with very low privileges, can be contained within its own little area, and even if it did escape it can't do much harm. You will find that the webserver process generally runs under the alias of 'apache', 'www' or 'nobody'. In this happy scenario, the filesystem permissions can be nailed to the floor, i.e. 700 on folders and 600 on files.

The installer sees things from the point of view of the webserver process, but since you FTP'd the files in, then they are owned by the FTP user, so are unwriteable to the webserver process, and you will probably find that you end up opening up permissions to get things to work, which can lead to unhappy situations such as 777/666. If that is the only way that you can work, then please remember to secure the folders/files again afterwards. Never, EVER, set the x-bit on files (unless it is a shell script or similar) so, no odd numbers on files....

My best advice, for what it's worth... get a hosting account that gives you some level of shell access. You'll soon pick up on a few one-shot commands which will make your life easier. As your confidence increases, shell out a few bucks for a VPS with root access - you'll be glad you did.

Lastly, keep one eye open for security issues with the CMS or extensions that you've installed - but don't get paranoid. Secure your environment first - 'secure' scripts running in an INSECURE environment will give you more problems than 'vulnerable' scripts in a SECURE environment.

Martin.

cantthinkofanickname
Joomla! Ace
Joomla! Ace
Posts: 1334
Joined: Sat Oct 21, 2006 8:53 am

Re: CHMOD - File Permissions

Postby cantthinkofanickname » Tue Dec 04, 2007 5:20 pm

I've got a host (zeus) where I do not have access to set 600 permissions and because the install of most modules sets this to "nobody", I appear to be stumped if I want to upload a changed file. Mhwatson (or any other expert on permissions), do you know how this can be changed so I do not get FTP refusals? I have tried changing the Joomla! server configuration to allow CHMOD but this has not changed the FTP client behaviour.

Thanks.
Thanks for your time.

User avatar
mhwatson
Joomla! Explorer
Joomla! Explorer
Posts: 476
Joined: Thu Aug 18, 2005 10:26 am
Location: North Yorkshire, UK
Contact:

Re: CHMOD - File Permissions

Postby mhwatson » Wed Dec 05, 2007 10:45 pm

Hi,

Like I said, your mileage will vary with the host. Anything uploaded through a browser interface will end up being owned by the webserver process (or its alias) - that includes modules etc. Assuming the filesystem is owned by the webserver process, then yes, the FTP user will be locked out. Question is, do you really need FTP access on a daily basis? From a security point of view, the least number of 'users' having access to the filesystem the better - personally I restrict the whole thing to the webserver process, and no one else.

Best scenario is being able to use SFTP (such as WinSCP) as root to transfer files (yes, they end up owned by root...), then just chown -R the lot back to the webserver process afterwards. WinSCP includes a terminal client, so it's a one-hit command.

If your host is unwilling to give any form of shell access (maybe they allow 'su ' though?), then you can use components such as JoomlaXplorer to move files around as the webserver process, and you can always use the media manager. Sometimes you just have to take the deal you have and modify your way of working.

Blow a few bucks on a VPS - at least you'll get a decent nights sleep.

Martin.

purplepc
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Sat Feb 02, 2008 9:15 am

Re: CHMOD - File Permissions

Postby purplepc » Sat Feb 02, 2008 9:29 am

I've been doing some reading on these file permission issues because I'm having  the same problem.

I run a VPS so I have root access.  I keep reading that people are needing CHOWN permissions back to USER:USER.

My server process is nobody.  Here are the senarios I've come up with - is this normal behavour?

With permissions set to 755 and 644

USER:USER - FTP client can read/write.  Joomla all directories say unwritable

NOBODY:NOBODY - FTP can read, but not write. Joomla has full write access.

USER:NOBODY - FTP client can read/write.  Joomla all directories say unwritable

NOBODY:USER - FTP can read, but not write. Joomla has full write access.

What is setup do most people use? Thanks.  Luke

User avatar
mhwatson
Joomla! Explorer
Joomla! Explorer
Posts: 476
Joined: Thu Aug 18, 2005 10:26 am
Location: North Yorkshire, UK
Contact:

Re: CHMOD - File Permissions

Postby mhwatson » Sat Feb 02, 2008 10:47 pm

Hi,

Since your webserver is running under the alias of 'nobody', then nobody:nobody is the way to go. Only the webserver process should have write access. OK, so this can get tricky if you like FTP, but why not just run your FTP sessions as root and change ownership afterwards - like I said, it's a one hit command.

Bear in mind that you can use media manager etc for uploading files as 'nobody', but WinSCP is a great tool for everyday use. For shell access to your VPS use PuTTY. WinSCP has a command shell built in, but it's not interactive.

This topic has been the subject of lots of posts. At the end of the day, although it can seem inconvenient, it is the correct behaviour of an apache server in a unix or unix-like environment.

Ownership problems can't be corrected by changing permissions - only by correcting the ownership...

Martin.

||NeX||
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 177
Joined: Mon May 29, 2006 6:58 pm
Location: Stuttgart - Travnik
Contact:

Re: CHMOD - File Permissions

Postby ||NeX|| » Wed Mar 12, 2008 11:03 pm

Is there any way I can check automatically if the permissions are set right 755/644?
Signature Rules: viewtopic.php?f=8&t=65

cantthinkofanickname
Joomla! Ace
Joomla! Ace
Posts: 1334
Joined: Sat Oct 21, 2006 8:53 am

Re: CHMOD - File Permissions

Postby cantthinkofanickname » Thu Mar 13, 2008 10:33 am

Once you have Xplorer or similar then any permissions can be changed. I just wonder if another way of doing this is to install the component, module or whatever (thus setting the DB tables), then extract a copy via your FTP client of all the dirs and files of that component (both administrator/components and components folders if you need access to both) to your client PC. Then delete all the server dirs.files relating to that component thus making them non existant on the server. Then re-upload them from your client. I would have thought this would recreate all the dirs and files with permissions changeable from the client FTP program.

No guarantees with this process so do it at your own risk!, but I have noticed that if I create folders and files fresh from my client (Dreamweaver) then I do not have permissions issues later.

Comment welcome as I would like to know if this is a "safe" way of avoiding server ownership even if it is really only academic.
Thanks for your time.


Return to “Installation - 1.0.x”

Who is online

Users browsing this forum: No registered users and 8 guests