Owners and directory permissions

Discussion regarding Joomla! 1.5 security issues.
Joomla! Vulnerable Extensions: http://feeds.joomla.org/JoomlaSecurityV ... Extensions

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Locked
User avatar
tommasz
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Thu Nov 29, 2007 7:01 pm
Location: Rochester, NY

Owners and directory permissions

Post by tommasz » Thu Nov 29, 2007 7:18 pm

I have my own server running Ubuntu Fiesty. I have Joomla 1.5 installed in /var/www/joomla. I have set the directory and file permissions to the recommended 755/644 and most things work fine. But I get various messages like "The Parameter-File /templates/aurora/params.ini is Unwritable!"  when I go to modify something (a theme in this example). I suspect this is a result of the Apache server not running as root (it runs as www-data). I know I could just open up the perms since I'm on a company intranet not open to the 'Net but I'm way too paranoid to do so. Am I stuck with popping into a shell on the server to temporarily allow writes or is there a way I can play with users and owners to get this to be both secure and flexible?

HESH234
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Sun Dec 09, 2007 5:38 pm

Re: Owners and directory permissions

Post by HESH234 » Sun Dec 09, 2007 5:56 pm

tommasz wrote: I have my own server running Ubuntu Fiesty. I have Joomla 1.5 installed in /var/www/joomla. I have set the directory and file permissions to the recommended 755/644 and most things work fine. But I get various messages like "The Parameter-File /templates/aurora/params.ini is Unwritable!"  when I go to modify something (a theme in this example). I suspect this is a result of the Apache server not running as root (it runs as www-data). I know I could just open up the perms since I'm on a company intranet not open to the 'Net but I'm way too paranoid to do so. Am I stuck with popping into a shell on the server to temporarily allow writes or is there a way I can play with users and owners to get this to be both secure and flexible?
This is what I came looking for too.
Does anyone have a definitive list of the attributes which should be set for known (original installation) folders and folders for other modules? I too have tried to modify a few things only to spot the message _ _ _.ini or _ _ _.php is unwritable. Im not sure which to set as writeable and which to leave alone.




Thanks!


Locked

Return to “Security in Joomla! 1.5”