Can i make the root user owner of Joomla files?

Need help installing Joomla! 3.x? For all Joomla! 3.x installation issues please use this forum.
Post Reply
vasmed
Joomla! Apprentice
Joomla! Apprentice
Posts: 5
Joined: Mon Aug 24, 2020 8:39 am

Can i make the root user owner of Joomla files?

Post by vasmed » Wed Dec 23, 2020 8:21 am

I log on to freebsd 12.1 by ssh with su root user. So when i unpack Joomla files they have the root owner.
I change folders "cache" and "tmp" to www:wheel. Is this correct? Or should i change all files owner to www:wheel?
Permissions are 755 for folders, 644 for files, and 444 for configuration.php.
Last edited by toivo on Wed Dec 23, 2020 8:39 am, edited 1 time in total.
Reason: mod note: moved from 3.x Security

User avatar
pe7er
Joomla! Master
Joomla! Master
Posts: 22963
Joined: Thu Aug 18, 2005 8:55 pm
Location: Nijmegen, Netherlands
Contact:

Re: Can i make the root user owner of Joomla files?

Post by pe7er » Wed Dec 23, 2020 8:58 am

Permissions are fine.

I would "chown" all files + folders to the same user as the web server process (under Apache it's commonly www-data).
That way you can upload files via the Joomla website (because it runs under the web server user).

However, if you try to upload via FTP you might have issues because the FTP is usually under another user/group.
Kind Regards,
Peter Martin, Global Moderator
https://db8.nl - Joomla specialist, Nijmegen, Nederland
The best website: https://the-best-website.com

vasmed
Joomla! Apprentice
Joomla! Apprentice
Posts: 5
Joined: Mon Aug 24, 2020 8:39 am

Re: Can i make the root user owner of Joomla files?

Post by vasmed » Wed Dec 23, 2020 9:40 am

pe7er wrote:
Wed Dec 23, 2020 8:58 am
Permissions are fine.

I would "chown" all files + folders to the same user as the web server process (under Apache it's commonly www-data).
That way you can upload files via the Joomla website (because it runs under the web server user).

However, if you try to upload via FTP you might have issues because the FTP is usually under another user/group.
what is more secure: root owner or www owner?
Can hacker change files or run script if all files + folders are www owner?
Why i need chown all folders to www, when i can chown only some folders?

User avatar
pe7er
Joomla! Master
Joomla! Master
Posts: 22963
Joined: Thu Aug 18, 2005 8:55 pm
Location: Nijmegen, Netherlands
Contact:

Re: Can i make the root user owner of Joomla files?

Post by pe7er » Wed Dec 23, 2020 10:09 am

vasmed wrote:
Wed Dec 23, 2020 9:40 am
what is more secure: root owner or www owner?
Can hacker change files or run script if all files + folders are www owner?
That depends on what permissions they have on your system.
As you know all folders + files have permissions for 3 kinds of groups: owner, group, public.

Why i need chown all folders to www, when i can chown only some folders?
If you want to be able to keep Joomla + non core extensions up-to-date (which is recommended from security point of view) then the webserver should be able to overwrite the files with the files it gets from the updates.
Kind Regards,
Peter Martin, Global Moderator
https://db8.nl - Joomla specialist, Nijmegen, Nederland
The best website: https://the-best-website.com

vasmed
Joomla! Apprentice
Joomla! Apprentice
Posts: 5
Joined: Mon Aug 24, 2020 8:39 am

Re: Can i make the root user owner of Joomla files?

Post by vasmed » Thu Dec 24, 2020 3:43 am

pe7er wrote:
Wed Dec 23, 2020 10:09 am
vasmed wrote:
Wed Dec 23, 2020 9:40 am
what is more secure: root owner or www owner?
Can hacker change files or run script if all files + folders are www owner?
That depends on what permissions they have on your system.
As you know all folders + files have permissions for 3 kinds of groups: owner, group, public.
Why i need chown all folders to www, when i can chown only some folders?
If you want to be able to keep Joomla + non core extensions up-to-date (which is recommended from security point of view) then the webserver should be able to overwrite the files with the files it gets from the updates.
For example after unpack joomla by su root (by ssh) i have owner name = root, group name = wheel,
folders = 40755, files = 100644. And so only root user can change any file, and it seems to be safe.
When i need update i can change owner name to www (apache user) to all folders+files. After update i can change back to root owner. And for cache purposes set some folders+files to www owner.


Post Reply

Return to “Installation Joomla! 3.x”