Apache-Joomla (chmod) file permissions and ownership (chown)

Joomla version 1.0 is end-of-life and are no longer supported. Please use Joomla 3.x instead.

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Locked
visions-online
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Mon Oct 03, 2005 4:19 am

Apache-Joomla (chmod) file permissions and ownership (chown)

Post by visions-online » Mon Oct 03, 2005 4:36 am

I have searched the forums and have not found a clear answer. Who should own the files and what should the file permissions be set to? so they can be modified by an ftp program or dreamweaver and also allow the CMS to add modules and media without having to chmod twice, which is tied to the ownership:group of the files and this also depends on whether the file was ftp'd or of the php script itself generated the file or folder.

A standard ftp upload will use the site admin logon name as the owner, the group is assigned to the site name.

For example the files with this method would be owner:group with an ftp logon name of rjones and the site located in the site11 directory:

rjones:site11

If Joomla creates a directory or a COM or MOD is installed the file ownership and group becomes that of the apache server which is then:

apache:apache

Then the file permissions should be set to 755 for the following folders or the folders and files? the other files would be 644, but again this would be tied to the ownership. Is there a script that could be run to set everything up properly? I do have access to the root level on the  server.

chmod -R 755 administrator/backups/ 
chmod -R 755 administrator/components/ 
chmod -R 755 administrator/modules/ 
chmod -R 755 administrator/templates/ 
chmod -R 755 cache/ 
chmod -R 755 components/ 
chmod -R 755 images/ 
chmod -R 755 images/banners/ 
chmod -R 755 images/stories/ 
chmod -R 755 language/ 
chmod -R 755 mambots/ 
chmod -R 755 mambots/content/ 
chmod -R 755 mambots/search/ 
chmod -R 755 media/ 
chmod -R 755 modules/ 
chmod -R 755 templates/

User avatar
beuvema
Joomla! Explorer
Joomla! Explorer
Posts: 441
Joined: Thu Aug 18, 2005 8:15 am
Location: the Netherlands
Contact:

Re: Apache-Joomla (chmod) file permissions and ownership (chown)

Post by beuvema » Thu Oct 06, 2005 7:30 pm

Hi,

as far as I know there is no solution for this but contacting your webhost and request an ownership transfer for all maps and files to the FTP user you use!

Grtz Beuvema
!! September 1, 2005 is a beautifull day, JOOMLA! day !!
Webexperiences http://www.oltech.nl

User avatar
Tonie
Joomla! Master
Joomla! Master
Posts: 16584
Joined: Thu Aug 18, 2005 7:13 am

Re: Apache-Joomla (chmod) file permissions and ownership (chown)

Post by Tonie » Thu Oct 06, 2005 8:41 pm

You can install the component MamboXplorer. With this tool, you can modify the apache:apache rights, but unfortunately you can't change the owner of files with it. Your best option is to talk to your hoster if you want to change it. You don't have to do it, my site has the same thing, and the owner of Mambo files is still apache:apache. Also, every time you install a component, they will be created with these rights.

User avatar
beuvema
Joomla! Explorer
Joomla! Explorer
Posts: 441
Joined: Thu Aug 18, 2005 8:15 am
Location: the Netherlands
Contact:

Re: Apache-Joomla (chmod) file permissions and ownership (chown)

Post by beuvema » Thu Oct 06, 2005 8:49 pm

Problem is, if you have a component installed (e.g. php-shop) and you want to change something in the coding you get stuck.
I prefer to have things under control and have my FTP user set as owner.

Grtz Beuvema
!! September 1, 2005 is a beautifull day, JOOMLA! day !!
Webexperiences http://www.oltech.nl

User avatar
beuvema
Joomla! Explorer
Joomla! Explorer
Posts: 441
Joined: Thu Aug 18, 2005 8:15 am
Location: the Netherlands
Contact:

Re: Apache-Joomla (chmod) file permissions and ownership (chown)

Post by beuvema » Fri Oct 07, 2005 10:58 am

On some servers your Attrib's have to be set to 777 during installation.
After the installation change the Attribs to 755.

This might also help, if not see previous post

Grtz Beuvema
!! September 1, 2005 is a beautifull day, JOOMLA! day !!
Webexperiences http://www.oltech.nl

User avatar
webguy
Joomla! Ace
Joomla! Ace
Posts: 1397
Joined: Thu Aug 18, 2005 6:40 am
Location: Best, Netherlands
Contact:

Re: Apache-Joomla (chmod) file permissions and ownership (chown)

Post by webguy » Thu Oct 13, 2005 12:45 pm

What I did on my personal dedicated servers is write a small shell scripts that sets the owner of files back to the FTP account.
I let this script run by cron once every hour. It runs very fast and takes virtually no system resources.
René Kreijveld
http://www.renekreijveld.nl | Joomla! professional

User avatar
crow
Joomla! Explorer
Joomla! Explorer
Posts: 304
Joined: Mon Aug 29, 2005 5:17 pm
Location: Austria
Contact:

Re: Apache-Joomla (chmod) file permissions and ownership (chown)

Post by crow » Thu Oct 13, 2005 2:06 pm

webguy wrote: What I did on my personal dedicated servers is write a small shell scripts that sets the owner of files back to the FTP account.
I let this script run by cron once every hour. It runs very fast and takes virtually no system resources.
Can you share that script or its only for personal use :).

Thnx
BosanskoHercegovacki Chat Komjuniti
http://www.chat.ba

User avatar
bigbluebottle
Joomla! Apprentice
Joomla! Apprentice
Posts: 11
Joined: Thu Sep 29, 2005 4:05 am

Re: Apache-Joomla (chmod) file permissions and ownership (chown)

Post by bigbluebottle » Sat Oct 15, 2005 6:35 pm

I also wonder if that script is feasible for those of us on a Shared Host.

User avatar
webguy
Joomla! Ace
Joomla! Ace
Posts: 1397
Joined: Thu Aug 18, 2005 6:40 am
Location: Best, Netherlands
Contact:

Re: Apache-Joomla (chmod) file permissions and ownership (chown)

Post by webguy » Sun Oct 16, 2005 10:22 am

Sorry for the delay, but here is tje supersimple script.
Suppose your userid and groupid on the server that you host your Joomla site on is "peter".
And suppose the homedirectory of your site is at /home/peter/public_html

The unix script to reset all files to youw own ownerid and groupid is:

chown -R peter:peter /home/peter/public_html/*

I made a cron script /usr/local/bin/setowner that looks like this:

chown -R user1:user1 /home/user1/public_html/*
chown -R user2:user2 /home/user2/public_html/*

This "repairs" the ownerid and groupid fr the users user1 and user2.
In the crontab of user root i added the following line:

15 * * * * /usr/local/bin/setowner

This means that every hour at 15 minutes past the hour this script is run.

Whether this can be done on a shared host, I don't know. You have to ask your hoster.
René Kreijveld
http://www.renekreijveld.nl | Joomla! professional

Peter Koch
Joomla! Explorer
Joomla! Explorer
Posts: 374
Joined: Thu Aug 18, 2005 8:54 pm

Re: Apache-Joomla (chmod) file permissions and ownership (chown)

Post by Peter Koch » Sun Oct 16, 2005 10:29 am

webguy wrote: Whether this can be done on a shared host, I don't know. You have to ask your hoster.
Unfortunately this will only work when you have root access, alas only on dedicated 'unmanaged' servers, and few dedicated 'managed' servers. But ask your hoster, maybe he will install the script for you.
Last edited by Anonymous on Sun Oct 16, 2005 10:33 am, edited 1 time in total.

User avatar
webguy
Joomla! Ace
Joomla! Ace
Posts: 1397
Joined: Thu Aug 18, 2005 6:40 am
Location: Best, Netherlands
Contact:

Re: Apache-Joomla (chmod) file permissions and ownership (chown)

Post by webguy » Sun Oct 16, 2005 12:34 pm

My server is fully managed :D
I offer this script to my Joomla/Mambo hosting clients, and the're quite happy with it.
René Kreijveld
http://www.renekreijveld.nl | Joomla! professional

User avatar
charlwillia6
Joomla! Guru
Joomla! Guru
Posts: 687
Joined: Tue Aug 23, 2005 9:45 am
Location: La Grande, Oregon
Contact:

Re: Apache-Joomla (chmod) file permissions and ownership (chown)

Post by charlwillia6 » Tue Oct 18, 2005 10:31 pm

webguy wrote: Sorry for the delay, but here is tje supersimple script.
Suppose your userid and groupid on the server that you host your Joomla site on is "peter".
And suppose the homedirectory of your site is at /home/peter/public_html

The unix script to reset all files to youw own ownerid and groupid is:

chown -R peter:peter /home/peter/public_html/*

I made a cron script /usr/local/bin/setowner that looks like this:

chown -R user1:user1 /home/user1/public_html/*
chown -R user2:user2 /home/user2/public_html/*

This "repairs" the ownerid and groupid fr the users user1 and user2.
In the crontab of user root i added the following line:

15 * * * * /usr/local/bin/setowner

This means that every hour at 15 minutes past the hour this script is run.

Whether this can be done on a shared host, I don't know. You have to ask your hoster.
So how do I implement this?  I know I have to have the Webhost install it, but how do I write the above into a script (I am naive to scripts)?  My webhost doesn't seem to understand and won't CHOWN my files so I was going to offer this script as an alternative to them, but I don't know what I need to do with the above code.  Thanks in advance.
Last edited by charlwillia6 on Wed Oct 19, 2005 8:00 am, edited 1 time in total.
From the beginning...

User avatar
webguy
Joomla! Ace
Joomla! Ace
Posts: 1397
Joined: Thu Aug 18, 2005 6:40 am
Location: Best, Netherlands
Contact:

Re: Apache-Joomla (chmod) file permissions and ownership (chown)

Post by webguy » Wed Oct 19, 2005 6:37 am

charlwillia6 wrote: So how do I implement this?  I know I have to have the Webhost instal it, but how do I write the above into a script (I am naive to scripts)?  My webhost is being a pain in the butt and won't CHOWN my files so I was going to offer this script as an alternative to them, but I don't understand what I need to do with the above code.  Thanks in advance.
Well... the script is just an ascii file with the the command

Code: Select all

chown -R peter:peter /home/peter/public_html/*
in it.
Then, under Unix with the command

Code: Select all

crontab -e
you can create and edit a crontabfile.
The crontab file is read by the cron process running on the unix system. The cron process runs commands and scripts on a predefined schedule. The schedule is defined in a crontab file.

This must be done when logged into the unix system as user "root". You can compare the root user with the super administrator in Joomla.
Because of that, your hoster has to do this for you.

My suggestion is you point your hoster to this thread in the forum here.
It'll take your hoster about 2 minutes to implement it and he wil never have to be bothered with this by you anymore ;) .
René Kreijveld
http://www.renekreijveld.nl | Joomla! professional

User avatar
charlwillia6
Joomla! Guru
Joomla! Guru
Posts: 687
Joined: Tue Aug 23, 2005 9:45 am
Location: La Grande, Oregon
Contact:

Re: Apache-Joomla (chmod) file permissions and ownership (chown)

Post by charlwillia6 » Wed Oct 19, 2005 8:01 am

Thanks webguy,

I don't think my webhost has dealt with this issue, so I hope they will understand.
From the beginning...

User avatar
charlwillia6
Joomla! Guru
Joomla! Guru
Posts: 687
Joined: Tue Aug 23, 2005 9:45 am
Location: La Grande, Oregon
Contact:

Re: Apache-Joomla (chmod) file permissions and ownership (chown)

Post by charlwillia6 » Thu Oct 20, 2005 6:28 pm

Ok,

My webhost just got back to me and said that they have a policy not to touch customer accounts, but they will give me temporary shell access.  So I posted on another thread questions about what I have to type to get my files CHOWN back to me as the user.  I am not familiar with shell and I don't want to run up to this problem again.  I would like to implement this script that you have submitted webguy while I have access.  With my lack of knowledge of shell and Unix, is there anything else I need to know before I try to install this script on my own?  Where do I store the ascii file?  Will I be able to install this script while I have temporary shell access?

I only do webdesign and know nothing about scripts and code, so any help would be much appreciated so I don't have to deal with them again.  Thanks.

Charles
Last edited by charlwillia6 on Thu Oct 20, 2005 6:30 pm, edited 1 time in total.
From the beginning...

User avatar
webguy
Joomla! Ace
Joomla! Ace
Posts: 1397
Joined: Thu Aug 18, 2005 6:40 am
Location: Best, Netherlands
Contact:

Re: Apache-Joomla (chmod) file permissions and ownership (chown)

Post by webguy » Thu Oct 20, 2005 6:56 pm

Charles,

Unfortunately that will not help you. Because the files added by installations within Joomla, automatically get the ownership of apache, you (even if you you have shell access) cannot change the ownership back to your account.

That is something that only can be done by a system administrator account (i.e. user "root").
Your hoster should know that...
René Kreijveld
http://www.renekreijveld.nl | Joomla! professional

User avatar
charlwillia6
Joomla! Guru
Joomla! Guru
Posts: 687
Joined: Tue Aug 23, 2005 9:45 am
Location: La Grande, Oregon
Contact:

Re: Apache-Joomla (chmod) file permissions and ownership (chown)

Post by charlwillia6 » Thu Oct 20, 2005 7:04 pm

Ok, thanks Webguy, I will try to talk them into it.
From the beginning...

FotoTrust
Joomla! Apprentice
Joomla! Apprentice
Posts: 25
Joined: Fri Aug 19, 2005 1:54 pm
Location: Cleveland, Ohio USA
Contact:

Re: Apache-Joomla (chmod) file permissions and ownership (chown)

Post by FotoTrust » Fri Oct 21, 2005 5:35 pm

What is being done about this problem? The older versions of Mbo didn't do this, so it must be caused by some error in the current code. I installed a component yesterday that wouldn't run because of the permissions in the associated com_ folder. I got a 500 permission denied error when I tried to open the com_ folder in ftp. I got the same error when I tried to CHMOD, overwrite, and even delete the folder. The only thing I was able to do was rename it. So i did, and then manually uploaded the same com_ folder which then set ownership to me so I could make the appropriate "tweaks". Eventhough this work around got my component working, I've got the first com_ folder, though renamed, sitting on the server taking up space that I can't do anything with, not even delete it. This Joomla! permission problem basically makes the auto installation of components, mods, and bots worthless, and what's worse causes unusable folders and files to pile up on the server. Is this something that the team is working to fix?
Last edited by FotoTrust on Fri Oct 21, 2005 5:36 pm, edited 1 time in total.

User avatar
Elpie
Joomla! Guru
Joomla! Guru
Posts: 903
Joined: Wed Aug 17, 2005 11:26 pm
Contact:

Re: Apache-Joomla (chmod) file permissions and ownership (chown)

Post by Elpie » Sat Oct 22, 2005 12:07 pm

FotoTrust wrote: What is being done about this problem? The older versions of Mbo didn't do this, so it must be caused by some error in the current code.
Nope, this isn't a new issue, it's been around as far back as I remember with using Mambo.  It relates to the way the Apache server is set up.
If you ftp everything up, the problem only kicks in when something is automatically added by Mambo or Joomla!  Even then, most of the time ownership isn't an issue.  The times that it is, if you don't have root access, your host should be happy to chown files for you.
For Mambo assistance: http://forum.mambo-foundation.org
Open Source Research & Best Practice: http://osprojects.info

User avatar
crow
Joomla! Explorer
Joomla! Explorer
Posts: 304
Joined: Mon Aug 29, 2005 5:17 pm
Location: Austria
Contact:

Re: Apache-Joomla (chmod) file permissions and ownership (chown)

Post by crow » Thu Oct 27, 2005 6:27 am

THnx to Webguy my hosting company have add fev lines to cronjob and no more ownership problem:
From Hosting:
We have placed a cronjob on the server to make all the files in his home to his ownership. Now there wont be any issue of "nobody". Please check now and let us know if there is any trouble.
So all who have this problem should contact the Hosting Support (point to this link) as i have and they make thing happy :)))
BosanskoHercegovacki Chat Komjuniti
http://www.chat.ba

User avatar
webguy
Joomla! Ace
Joomla! Ace
Posts: 1397
Joined: Thu Aug 18, 2005 6:40 am
Location: Best, Netherlands
Contact:

Re: Apache-Joomla (chmod) file permissions and ownership (chown)

Post by webguy » Thu Oct 27, 2005 6:54 am

Thanks crow for letting us know: it might convince other hosting companies that this is an acceptable solution...
René Kreijveld
http://www.renekreijveld.nl | Joomla! professional

User avatar
d2o
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 172
Joined: Sat Aug 20, 2005 1:28 pm
Location: Witten, Germany

Re: Apache-Joomla (chmod) file permissions and ownership (chown)

Post by d2o » Thu Oct 27, 2005 1:08 pm

Hey,

I've posted this in another thread, but maybe its title is to special to be read, and I am sure the problem is somewhat related.
On Sourceforge they run Apache as user "nobody:nobody". And, of course, they wouldn't change it for projects nor set the ownership to nobody. Hence, I have a problem with file permissions and ownership, as the files all belong to me and the project group, but not nobody.
Their notes on file permissions say, that all files to be written have to be placed to /tmp somewhere. Now, I wonder if that is possible with Joomla, as none of the folders named in setup is writeable.
I still did the installation and copied the configuration to configuration.php, but I cannot log in as admin for any reason, always returning to the login form. Sounds like a session problem to me. Does Joomla need filesystem write access for sessions?
Anyone having a suggestion? Anyone having experience with relocating parts of Joomla to /tmp or similar?

Any help very appreciated :)

Cheers,
Stefan
°°°°'°°°°
"All you need is Bytes" (Bitles, 2368)

User avatar
d2o
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 172
Joined: Sat Aug 20, 2005 1:28 pm
Location: Witten, Germany

Re: Apache-Joomla (chmod) file permissions and ownership (chown)

Post by d2o » Fri Oct 28, 2005 3:26 am

Just to make a note: I solved the problem and described the solution (for sourceforge) at http://forum.joomla.org/index.php/topic,12812.0.html. It's all about sessions.
°°°°'°°°°
"All you need is Bytes" (Bitles, 2368)

different
Joomla! Apprentice
Joomla! Apprentice
Posts: 7
Joined: Thu Dec 15, 2005 6:04 am

Re: Apache-Joomla (chmod) file permissions and ownership (chown)

Post by different » Thu Jan 26, 2006 4:05 am

My host gave me a script which works very well for changing the ownership of files, you will however, need SSH access on your account.

I use this on shared hosting and it has saved me endless grief.

Upload said script (to your home directory) and make it executable.
SSH in and

~/fixperm ~/public_html/path/to/nobody/file_or_directory

the script will make the file or directory
(and anything in it) owned by you instead of nobody.

It works by writing a quick PHP script which chmods the file/directory
(recursivly) such that you have full access, hits that script through the web
server, copies the files/directory to /tmp, deletes them, moves the /tmp ones
back into the correct place, and deletes the PHP script it wrote.

Of course, then you should make sure that when your PHP creates
files/directories it does so with permissions useful to you - hint: have it
create them in a SETGID directory owned by you, then it can give the file(s)
user (it) + group (you) permissions and no "other" permissions.




-------------------------- Script Begin----------

#!/bin/sh

TOFIX=`dirname "$1/This_Is_To_Canonicalize_The_Path"`
echo "Fixing permissions on $TOFIX..."
HOSTNAME=`hostname`
WHO=`whoami`

echo "" >~/public_html/fixperm.php
wget "http://$HOSTNAME/~$WHO/fixperm.php"
rm fixperm.php
rm ~/public_html/fixperm.php

cp -r $TOFIX /tmp/fixtmp
rm -rf $TOFIX
mv /tmp/fixtmp $TOFIX 
echo "Permissions fixed."

trachy
Joomla! Apprentice
Joomla! Apprentice
Posts: 22
Joined: Sat Oct 01, 2005 11:03 pm

Re: Apache-Joomla (chmod) file permissions and ownership (chown)

Post by trachy » Sat Jun 17, 2006 4:02 am

webguy wrote: Charles,

Unfortunately that will not help you. Because the files added by installations within Joomla, automatically get the ownership of apache, you (even if you you have shell access) cannot change the ownership back to your account.

That is something that only can be done by a system administrator account (i.e. user "root").
Your hoster should know that...
I hope this thread isn't dead, because I'm having big issues with my host about it.  They are adamantly against allowing apache to own any files or directories, and I think I understand why.  If allowed, couldn't someone else on my shared host find a way to write to my directories/files by emulating Apache?  For that matter, couldn't someone browsing my site find a way to write to it, since I assume they are Apache (nobody) when they arrive?

I've researched the forums over and over again in an attempt to find a definitive answer about ownership and permissions, and I still haven't come up with anything conclusive.  Security is such an important aspect of our sites that it surprises me there isn't something more concrete in the admin guide.  What I have found is that the general rule of thumb is to set files to 644 and directories to 755.  The problem I see with these instructions are that an assumption is being made that Joomla is the owner of everything, when in fact it is usually the user account that performed the install.

I don't expect a magic potion here, but I thought I remember reading somwhere that this issue was going to be addressed in v1.5.  Can anyone elaborate if so?  I wouldn't be so bothered by this if I had shell acess with ownership of all my files.  If I did I'd just 777 everything long enough to make changes and then set it back to something more secure.  Instead I have to wrangle with my host every time I want to update a component or module.

User avatar
Tonie
Joomla! Master
Joomla! Master
Posts: 16584
Joined: Thu Aug 18, 2005 7:13 am

Re: Apache-Joomla (chmod) file permissions and ownership (chown)

Post by Tonie » Sat Jun 17, 2006 11:27 am

It's hard to come up with a "one size fits all" solution, there are too many variables. What webserver is running, what operating system, what settings for Apache/IIS/PHP/Mysql exist, shared hosting or server, PHPexec or note, Fantastico or self install, etc.

You can use JoomlaExplorer to change rights of files owned by the Apache user (but not change the owner). In combination with settings rights with your FTP account, you can basically get everything as secure as possible. Disadvantage is that you need to know how Joomla operates after installing and know your permissions.

Joomla! 1.5 will have the possibility to install extensions (Components, modules, mambots) with the FTP account credentials. This way, all can be done with the FTP account.

trachy
Joomla! Apprentice
Joomla! Apprentice
Posts: 22
Joined: Sat Oct 01, 2005 11:03 pm

Re: Apache-Joomla (chmod) file permissions and ownership (chown)

Post by trachy » Sat Jun 17, 2006 1:39 pm

I have to say I'm excited to hear about the new 1.5 feature you described.  Being able to keep everything owned by the same account is a huge improvement for both ease of administration and security.  I'm giddy just thinking about it.  ;D

User avatar
Ogy
Joomla! Intern
Joomla! Intern
Posts: 64
Joined: Sat Nov 25, 2006 4:59 am
Location: Portland, Maine, USA & Banjaluka, Bosnia
Contact:

Re: Apache-Joomla (chmod) file permissions and ownership (chown)

Post by Ogy » Wed Apr 25, 2007 10:18 pm

Hello,

I would like to be able to adjust settings for Apache/IIS/PHP/Mysql, PHPexec or anything else necessary on my Fedora Core server to prevent the permission file and folder issues listed in this tread. It seems that anyone who can do this could make tons of money because so many people have issues with it. I have root access to the server and would like to solve this issue forever. Obviously, some hosts have been able to do this successfully.

Does anyone have a permanent solution or know where to find it?

Thanks.
Ogy Nikolic | CEO | OGO Sense
http://www.ogosense.com


Locked

Return to “Installation - 1.0.x”