Page 1 of 1

Apache-Joomla (chmod) file permissions and ownership (chown)

Posted: Mon Oct 03, 2005 4:36 am
by visions-online
I have searched the forums and have not found a clear answer. Who should own the files and what should the file permissions be set to? so they can be modified by an ftp program or dreamweaver and also allow the CMS to add modules and media without having to chmod twice, which is tied to the ownership:group of the files and this also depends on whether the file was ftp'd or of the php script itself generated the file or folder.

A standard ftp upload will use the site admin logon name as the owner, the group is assigned to the site name.

For example the files with this method would be owner:group with an ftp logon name of rjones and the site located in the site11 directory:

rjones:site11

If Joomla creates a directory or a COM or MOD is installed the file ownership and group becomes that of the apache server which is then:

apache:apache

Then the file permissions should be set to 755 for the following folders or the folders and files? the other files would be 644, but again this would be tied to the ownership. Is there a script that could be run to set everything up properly? I do have access to the root level on the  server.

chmod -R 755 administrator/backups/ 
chmod -R 755 administrator/components/ 
chmod -R 755 administrator/modules/ 
chmod -R 755 administrator/templates/ 
chmod -R 755 cache/ 
chmod -R 755 components/ 
chmod -R 755 images/ 
chmod -R 755 images/banners/ 
chmod -R 755 images/stories/ 
chmod -R 755 language/ 
chmod -R 755 mambots/ 
chmod -R 755 mambots/content/ 
chmod -R 755 mambots/search/ 
chmod -R 755 media/ 
chmod -R 755 modules/ 
chmod -R 755 templates/

Re: Apache-Joomla (chmod) file permissions and ownership (chown)

Posted: Thu Oct 06, 2005 7:30 pm
by beuvema
Hi,

as far as I know there is no solution for this but contacting your webhost and request an ownership transfer for all maps and files to the FTP user you use!

Grtz Beuvema

Re: Apache-Joomla (chmod) file permissions and ownership (chown)

Posted: Thu Oct 06, 2005 8:41 pm
by Tonie
You can install the component MamboXplorer. With this tool, you can modify the apache:apache rights, but unfortunately you can't change the owner of files with it. Your best option is to talk to your hoster if you want to change it. You don't have to do it, my site has the same thing, and the owner of Mambo files is still apache:apache. Also, every time you install a component, they will be created with these rights.

Re: Apache-Joomla (chmod) file permissions and ownership (chown)

Posted: Thu Oct 06, 2005 8:49 pm
by beuvema
Problem is, if you have a component installed (e.g. php-shop) and you want to change something in the coding you get stuck.
I prefer to have things under control and have my FTP user set as owner.

Grtz Beuvema

Re: Apache-Joomla (chmod) file permissions and ownership (chown)

Posted: Fri Oct 07, 2005 10:58 am
by beuvema
On some servers your Attrib's have to be set to 777 during installation.
After the installation change the Attribs to 755.

This might also help, if not see previous post

Grtz Beuvema

Re: Apache-Joomla (chmod) file permissions and ownership (chown)

Posted: Thu Oct 13, 2005 12:45 pm
by webguy
What I did on my personal dedicated servers is write a small shell scripts that sets the owner of files back to the FTP account.
I let this script run by cron once every hour. It runs very fast and takes virtually no system resources.

Re: Apache-Joomla (chmod) file permissions and ownership (chown)

Posted: Thu Oct 13, 2005 2:06 pm
by crow
webguy wrote: What I did on my personal dedicated servers is write a small shell scripts that sets the owner of files back to the FTP account.
I let this script run by cron once every hour. It runs very fast and takes virtually no system resources.
Can you share that script or its only for personal use :).

Thnx

Re: Apache-Joomla (chmod) file permissions and ownership (chown)

Posted: Sat Oct 15, 2005 6:35 pm
by bigbluebottle
I also wonder if that script is feasible for those of us on a Shared Host.

Re: Apache-Joomla (chmod) file permissions and ownership (chown)

Posted: Sun Oct 16, 2005 10:22 am
by webguy
Sorry for the delay, but here is tje supersimple script.
Suppose your userid and groupid on the server that you host your Joomla site on is "peter".
And suppose the homedirectory of your site is at /home/peter/public_html

The unix script to reset all files to youw own ownerid and groupid is:

chown -R peter:peter /home/peter/public_html/*

I made a cron script /usr/local/bin/setowner that looks like this:

chown -R user1:user1 /home/user1/public_html/*
chown -R user2:user2 /home/user2/public_html/*

This "repairs" the ownerid and groupid fr the users user1 and user2.
In the crontab of user root i added the following line:

15 * * * * /usr/local/bin/setowner

This means that every hour at 15 minutes past the hour this script is run.

Whether this can be done on a shared host, I don't know. You have to ask your hoster.

Re: Apache-Joomla (chmod) file permissions and ownership (chown)

Posted: Sun Oct 16, 2005 10:29 am
by Peter Koch
webguy wrote: Whether this can be done on a shared host, I don't know. You have to ask your hoster.
Unfortunately this will only work when you have root access, alas only on dedicated 'unmanaged' servers, and few dedicated 'managed' servers. But ask your hoster, maybe he will install the script for you.

Re: Apache-Joomla (chmod) file permissions and ownership (chown)

Posted: Sun Oct 16, 2005 12:34 pm
by webguy
My server is fully managed :D
I offer this script to my Joomla/Mambo hosting clients, and the're quite happy with it.

Re: Apache-Joomla (chmod) file permissions and ownership (chown)

Posted: Tue Oct 18, 2005 10:31 pm
by charlwillia6
webguy wrote: Sorry for the delay, but here is tje supersimple script.
Suppose your userid and groupid on the server that you host your Joomla site on is "peter".
And suppose the homedirectory of your site is at /home/peter/public_html

The unix script to reset all files to youw own ownerid and groupid is:

chown -R peter:peter /home/peter/public_html/*

I made a cron script /usr/local/bin/setowner that looks like this:

chown -R user1:user1 /home/user1/public_html/*
chown -R user2:user2 /home/user2/public_html/*

This "repairs" the ownerid and groupid fr the users user1 and user2.
In the crontab of user root i added the following line:

15 * * * * /usr/local/bin/setowner

This means that every hour at 15 minutes past the hour this script is run.

Whether this can be done on a shared host, I don't know. You have to ask your hoster.
So how do I implement this?  I know I have to have the Webhost install it, but how do I write the above into a script (I am naive to scripts)?  My webhost doesn't seem to understand and won't CHOWN my files so I was going to offer this script as an alternative to them, but I don't know what I need to do with the above code.  Thanks in advance.

Re: Apache-Joomla (chmod) file permissions and ownership (chown)

Posted: Wed Oct 19, 2005 6:37 am
by webguy
charlwillia6 wrote: So how do I implement this?  I know I have to have the Webhost instal it, but how do I write the above into a script (I am naive to scripts)?  My webhost is being a pain in the butt and won't CHOWN my files so I was going to offer this script as an alternative to them, but I don't understand what I need to do with the above code.  Thanks in advance.
Well... the script is just an ascii file with the the command

Code: Select all

chown -R peter:peter /home/peter/public_html/*
in it.
Then, under Unix with the command

Code: Select all

crontab -e
you can create and edit a crontabfile.
The crontab file is read by the cron process running on the unix system. The cron process runs commands and scripts on a predefined schedule. The schedule is defined in a crontab file.

This must be done when logged into the unix system as user "root". You can compare the root user with the super administrator in Joomla.
Because of that, your hoster has to do this for you.

My suggestion is you point your hoster to this thread in the forum here.
It'll take your hoster about 2 minutes to implement it and he wil never have to be bothered with this by you anymore ;) .

Re: Apache-Joomla (chmod) file permissions and ownership (chown)

Posted: Wed Oct 19, 2005 8:01 am
by charlwillia6
Thanks webguy,

I don't think my webhost has dealt with this issue, so I hope they will understand.

Re: Apache-Joomla (chmod) file permissions and ownership (chown)

Posted: Thu Oct 20, 2005 6:28 pm
by charlwillia6
Ok,

My webhost just got back to me and said that they have a policy not to touch customer accounts, but they will give me temporary shell access.  So I posted on another thread questions about what I have to type to get my files CHOWN back to me as the user.  I am not familiar with shell and I don't want to run up to this problem again.  I would like to implement this script that you have submitted webguy while I have access.  With my lack of knowledge of shell and Unix, is there anything else I need to know before I try to install this script on my own?  Where do I store the ascii file?  Will I be able to install this script while I have temporary shell access?

I only do webdesign and know nothing about scripts and code, so any help would be much appreciated so I don't have to deal with them again.  Thanks.

Charles

Re: Apache-Joomla (chmod) file permissions and ownership (chown)

Posted: Thu Oct 20, 2005 6:56 pm
by webguy
Charles,

Unfortunately that will not help you. Because the files added by installations within Joomla, automatically get the ownership of apache, you (even if you you have shell access) cannot change the ownership back to your account.

That is something that only can be done by a system administrator account (i.e. user "root").
Your hoster should know that...

Re: Apache-Joomla (chmod) file permissions and ownership (chown)

Posted: Thu Oct 20, 2005 7:04 pm
by charlwillia6
Ok, thanks Webguy, I will try to talk them into it.

Re: Apache-Joomla (chmod) file permissions and ownership (chown)

Posted: Fri Oct 21, 2005 5:35 pm
by FotoTrust
What is being done about this problem? The older versions of Mbo didn't do this, so it must be caused by some error in the current code. I installed a component yesterday that wouldn't run because of the permissions in the associated com_ folder. I got a 500 permission denied error when I tried to open the com_ folder in ftp. I got the same error when I tried to CHMOD, overwrite, and even delete the folder. The only thing I was able to do was rename it. So i did, and then manually uploaded the same com_ folder which then set ownership to me so I could make the appropriate "tweaks". Eventhough this work around got my component working, I've got the first com_ folder, though renamed, sitting on the server taking up space that I can't do anything with, not even delete it. This Joomla! permission problem basically makes the auto installation of components, mods, and bots worthless, and what's worse causes unusable folders and files to pile up on the server. Is this something that the team is working to fix?

Re: Apache-Joomla (chmod) file permissions and ownership (chown)

Posted: Sat Oct 22, 2005 12:07 pm
by Elpie
FotoTrust wrote: What is being done about this problem? The older versions of Mbo didn't do this, so it must be caused by some error in the current code.
Nope, this isn't a new issue, it's been around as far back as I remember with using Mambo.  It relates to the way the Apache server is set up.
If you ftp everything up, the problem only kicks in when something is automatically added by Mambo or Joomla!  Even then, most of the time ownership isn't an issue.  The times that it is, if you don't have root access, your host should be happy to chown files for you.

Re: Apache-Joomla (chmod) file permissions and ownership (chown)

Posted: Thu Oct 27, 2005 6:27 am
by crow
THnx to Webguy my hosting company have add fev lines to cronjob and no more ownership problem:
From Hosting:
We have placed a cronjob on the server to make all the files in his home to his ownership. Now there wont be any issue of "nobody". Please check now and let us know if there is any trouble.
So all who have this problem should contact the Hosting Support (point to this link) as i have and they make thing happy :)))

Re: Apache-Joomla (chmod) file permissions and ownership (chown)

Posted: Thu Oct 27, 2005 6:54 am
by webguy
Thanks crow for letting us know: it might convince other hosting companies that this is an acceptable solution...

Re: Apache-Joomla (chmod) file permissions and ownership (chown)

Posted: Thu Oct 27, 2005 1:08 pm
by d2o
Hey,

I've posted this in another thread, but maybe its title is to special to be read, and I am sure the problem is somewhat related.
On Sourceforge they run Apache as user "nobody:nobody". And, of course, they wouldn't change it for projects nor set the ownership to nobody. Hence, I have a problem with file permissions and ownership, as the files all belong to me and the project group, but not nobody.
Their notes on file permissions say, that all files to be written have to be placed to /tmp somewhere. Now, I wonder if that is possible with Joomla, as none of the folders named in setup is writeable.
I still did the installation and copied the configuration to configuration.php, but I cannot log in as admin for any reason, always returning to the login form. Sounds like a session problem to me. Does Joomla need filesystem write access for sessions?
Anyone having a suggestion? Anyone having experience with relocating parts of Joomla to /tmp or similar?

Any help very appreciated :)

Cheers,
Stefan

Re: Apache-Joomla (chmod) file permissions and ownership (chown)

Posted: Fri Oct 28, 2005 3:26 am
by d2o
Just to make a note: I solved the problem and described the solution (for sourceforge) at http://forum.joomla.org/index.php/topic,12812.0.html. It's all about sessions.

Re: Apache-Joomla (chmod) file permissions and ownership (chown)

Posted: Thu Jan 26, 2006 4:05 am
by different
My host gave me a script which works very well for changing the ownership of files, you will however, need SSH access on your account.

I use this on shared hosting and it has saved me endless grief.

Upload said script (to your home directory) and make it executable.
SSH in and

~/fixperm ~/public_html/path/to/nobody/file_or_directory

the script will make the file or directory
(and anything in it) owned by you instead of nobody.

It works by writing a quick PHP script which chmods the file/directory
(recursivly) such that you have full access, hits that script through the web
server, copies the files/directory to /tmp, deletes them, moves the /tmp ones
back into the correct place, and deletes the PHP script it wrote.

Of course, then you should make sure that when your PHP creates
files/directories it does so with permissions useful to you - hint: have it
create them in a SETGID directory owned by you, then it can give the file(s)
user (it) + group (you) permissions and no "other" permissions.




-------------------------- Script Begin----------

#!/bin/sh

TOFIX=`dirname "$1/This_Is_To_Canonicalize_The_Path"`
echo "Fixing permissions on $TOFIX..."
HOSTNAME=`hostname`
WHO=`whoami`

echo "" >~/public_html/fixperm.php
wget "http://$HOSTNAME/~$WHO/fixperm.php"
rm fixperm.php
rm ~/public_html/fixperm.php

cp -r $TOFIX /tmp/fixtmp
rm -rf $TOFIX
mv /tmp/fixtmp $TOFIX 
echo "Permissions fixed."

Re: Apache-Joomla (chmod) file permissions and ownership (chown)

Posted: Sat Jun 17, 2006 4:02 am
by trachy
webguy wrote: Charles,

Unfortunately that will not help you. Because the files added by installations within Joomla, automatically get the ownership of apache, you (even if you you have shell access) cannot change the ownership back to your account.

That is something that only can be done by a system administrator account (i.e. user "root").
Your hoster should know that...
I hope this thread isn't dead, because I'm having big issues with my host about it.  They are adamantly against allowing apache to own any files or directories, and I think I understand why.  If allowed, couldn't someone else on my shared host find a way to write to my directories/files by emulating Apache?  For that matter, couldn't someone browsing my site find a way to write to it, since I assume they are Apache (nobody) when they arrive?

I've researched the forums over and over again in an attempt to find a definitive answer about ownership and permissions, and I still haven't come up with anything conclusive.  Security is such an important aspect of our sites that it surprises me there isn't something more concrete in the admin guide.  What I have found is that the general rule of thumb is to set files to 644 and directories to 755.  The problem I see with these instructions are that an assumption is being made that Joomla is the owner of everything, when in fact it is usually the user account that performed the install.

I don't expect a magic potion here, but I thought I remember reading somwhere that this issue was going to be addressed in v1.5.  Can anyone elaborate if so?  I wouldn't be so bothered by this if I had shell acess with ownership of all my files.  If I did I'd just 777 everything long enough to make changes and then set it back to something more secure.  Instead I have to wrangle with my host every time I want to update a component or module.

Re: Apache-Joomla (chmod) file permissions and ownership (chown)

Posted: Sat Jun 17, 2006 11:27 am
by Tonie
It's hard to come up with a "one size fits all" solution, there are too many variables. What webserver is running, what operating system, what settings for Apache/IIS/PHP/Mysql exist, shared hosting or server, PHPexec or note, Fantastico or self install, etc.

You can use JoomlaExplorer to change rights of files owned by the Apache user (but not change the owner). In combination with settings rights with your FTP account, you can basically get everything as secure as possible. Disadvantage is that you need to know how Joomla operates after installing and know your permissions.

Joomla! 1.5 will have the possibility to install extensions (Components, modules, mambots) with the FTP account credentials. This way, all can be done with the FTP account.

Re: Apache-Joomla (chmod) file permissions and ownership (chown)

Posted: Sat Jun 17, 2006 1:39 pm
by trachy
I have to say I'm excited to hear about the new 1.5 feature you described.  Being able to keep everything owned by the same account is a huge improvement for both ease of administration and security.  I'm giddy just thinking about it.  ;D

Re: Apache-Joomla (chmod) file permissions and ownership (chown)

Posted: Wed Apr 25, 2007 10:18 pm
by Ogy
Hello,

I would like to be able to adjust settings for Apache/IIS/PHP/Mysql, PHPexec or anything else necessary on my Fedora Core server to prevent the permission file and folder issues listed in this tread. It seems that anyone who can do this could make tons of money because so many people have issues with it. I have root access to the server and would like to solve this issue forever. Obviously, some hosts have been able to do this successfully.

Does anyone have a permanent solution or know where to find it?

Thanks.