Do we have a serious Joomla ownership bug?

Need help with the Administration of your Joomla! site? Pop your questions in here.

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.

Have you had problems with ownership settings that gave you grief?

Yes, but was easy to fix
8
6%
Yes, & I have no hair now
112
82%
No because I host my own website
0
No votes
No, I have root access
2
1%
No, I have shell access
4
3%
I've never looked
2
1%
No, its just perfect!
5
4%
NO, suexec available to me
4
3%
 
Total votes: 137

User avatar
N6REJ
Joomla! Explorer
Joomla! Explorer
Posts: 340
Joined: Sun Nov 27, 2005 9:25 am
Location: Ponca City, OK
Contact:

Do we have a serious Joomla ownership bug?

Post by N6REJ » Mon Jan 16, 2006 1:58 pm

I may or may not have stumbled upon a very serious bug.  For me it sure is.  With the default joomla installation ( including 1.0.7) if you then install ( for example ) JoomlaXplorer, instead of inheriting ownership of the virtualhost it gets assigned the apache ownership!  In my case I'm hosted with ixwebhosting.com my files are all owned by "cogburn" they set this at creation time.  Anything FTP's gets this, so I'm not sure why Joomla backend changes don't keep it, but lets continue.  If I then install JoomlaXplorer, it will get either httpd.cogburn ( if sticky bit is set ) OR httpd.httpd if not!  This means that I can't do ANYTHING with this file.  Same thing happens to templates installed this way.  Now, Whats REALLY interesting is I can rename or move the files, but I can't chmod or delete EXCEPT, I CAN delete a module,component or mambot using the delete function from the administrative panel but I don't think I can from JoomlaXplorer.  This seems to fly straight in the face of linux permissions behavior.
For the record ixwebhosting uses RH 7.(9?) & apache 1.3.(33?), php4, mysql 4

I hope we can resolve this because for me it means I can't seem to do alot of the things I need to.
Last edited by N6REJ on Thu Nov 09, 2006 9:49 pm, edited 1 time in total.
Bear

User avatar
Tonie
Joomla! Master
Joomla! Master
Posts: 16584
Joined: Thu Aug 18, 2005 7:13 am

Re: Do we have a serious Joomla ownership bug?

Post by Tonie » Mon Jan 16, 2006 2:03 pm

The scenario is this. You copy over all files with FTP, all ownership of files and directories is on your FTP user. After that you install a component, the owner of all files and directories for that component is the Apache user (httpd for your installation). Can't really tell what the best situation is for your install. It is more of an operating issue than specific Joomla, which user creates what data?

User avatar
N6REJ
Joomla! Explorer
Joomla! Explorer
Posts: 340
Joined: Sun Nov 27, 2005 9:25 am
Location: Ponca City, OK
Contact:

Re: Do we have a serious Joomla ownership bug?

Post by N6REJ » Mon Jan 16, 2006 2:11 pm

I've spent nearly 200 hours tracking this thing down. ???  I've gone totally  :'( but I've got a great grip on it now.  Its definetly an issue with how Joomla gets its permissions from linux.  Now, I have to use .htaccess with "php_flag register globals off" to set the register_globals properly, and that may or may not play into it.  But its Joomla that is getting the permissions not ftp.  Anything I Ftp up stays as it should.  I've even set the permissions to 7777 and it STILL changed ownership and permission levels.
But yes, you've got the scenario correct.  I'm not sure what you mean by its an "operating issue" that seems to imply that I'm doing something wrong.
How can installing say a template via "template install" and having it wind up with httpd.httpd ownership be me doing something wrong?  But yet ftping it up works great. 
I've also solved one other minor thing and that is IF the root folder does not have world writeable permissions then the "change configuration.php to unwriteable" box will not show up, & "site offline" won't work.
Bear

rjs

Re: Do we have a serious Joomla ownership bug?

Post by rjs » Mon Jan 16, 2006 2:15 pm

I always

cd /var/www/
chown -R myname html/
chgrp -R myname html/

I end up owning all components and files  recursive html/  directory. Nothing worse than sftp'ing into something you cannot alter or modify. Just don't use the root account, have a user account setup to run your sites. All but two seconds to do after you've installed a
component etc...

Any host that doesn't allow ssh access is no host. You have to have ssh access to your account to maintain site heirarchy. This does not require root access.  SFTP requires ssh. You cannot maintain a server via ftp nor should anyone be using ftp port 21. This sends passwords unencrypted. Use sftp sublevel access to ssh port 22 for ftp style file maintenance. Use ssh yourname@yourip.com to do your server maintenance.

Once you have ownership, you can do as you please. Need to remove a component?

cd /var/www/html/components/
rm -fr com_banners/
Last edited by rjs on Mon Jan 16, 2006 2:56 pm, edited 1 time in total.

progster
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 213
Joined: Thu Aug 18, 2005 7:34 pm
Location: Belgium
Contact:

Re: Do we have a serious Joomla ownership bug?

Post by progster » Mon Jan 16, 2006 2:56 pm

However if you don't have root, you probably don't have the ability to change the owner of files owned by the apache user!

Note that this is not a joomla issue! This is absolutely normal behaviour, a file uploaded via apache is owned by the apache user. There are several options to change this behaviour, my favorite being suexec where php scripts are run under your user account.

rjs

Re: Do we have a serious Joomla ownership bug?

Post by rjs » Mon Jan 16, 2006 3:01 pm

Come to think of it, I do have suexec running. Now that would be the responsibility of the host to configure.

User avatar
N6REJ
Joomla! Explorer
Joomla! Explorer
Posts: 340
Joined: Sun Nov 27, 2005 9:25 am
Location: Ponca City, OK
Contact:

Re: Do we have a serious Joomla ownership bug?

Post by N6REJ » Mon Jan 16, 2006 3:02 pm

rjs wrote: I always

cd /var/www/
chown -R myname html/
chgrp -R myname html/

I end up owning all components and files  recursive html/  directory. Nothing worse than sftp'ing into something you cannot alter or modify. Just don't use the root account, have a user account setup to run your sites. All but two seconds to do after you've installed a
component etc...

Any host that doesn't allow ssh access is no host. You have to have ssh access to your account to maintain site heirarchy. This does not require root access.  SFTP requires ssh. You cannot maintain a server via ftp nor should anyone be using ftp port 21. This sends passwords unencrypted. Use sftp sublevel access to ssh port 22 for ftp style file maintenance. Use ssh yourname@yourip.com to do your server maintenance.

Once you have ownership, you can do as you please. Need to remove a component?

cd /var/www/html/components/
rm -fr com_banners/



I agree.  This is my first time hosting with someone instead of running my own box and so far the taste is quite unpleasant.
Bear

User avatar
N6REJ
Joomla! Explorer
Joomla! Explorer
Posts: 340
Joined: Sun Nov 27, 2005 9:25 am
Location: Ponca City, OK
Contact:

Re: Do we have a serious Joomla ownership bug?

Post by N6REJ » Mon Jan 16, 2006 3:04 pm

progster wrote: However if you don't have root, you probably don't have the ability to change the owner of files owned by the apache user!

Note that this is not a joomla issue! This is absolutely normal behaviour, a file uploaded via apache is owned by the apache user. There are several options to change this behaviour, my favorite being suexec where php scripts are run under your user account.
THIS I might have control over.  I can try that.  would that be something I can put in my .httaccess file?
Bear

User avatar
Outoman
Joomla! Apprentice
Joomla! Apprentice
Posts: 25
Joined: Mon Aug 22, 2005 3:58 pm
Location: Southern Dalarna
Contact:

Re: Do we have a serious Joomla ownership bug?

Post by Outoman » Sun Jan 29, 2006 10:52 am

I belive when you install components you get the wrong ownership. My Joomla installation (apart from configuration.php) is owned by my userID, but some components is owned by the server. For example, Zoom Gallery, Akobook, TFSforMambo, MamboXplorer, GigCal.

User avatar
Tonie
Joomla! Master
Joomla! Master
Posts: 16584
Joined: Thu Aug 18, 2005 7:13 am

Re: Do we have a serious Joomla ownership bug?

Post by Tonie » Sun Jan 29, 2006 11:21 am

Default Joomla will have FTP user ownership, all installed components and modules the Apache user.

mellw
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Fri Feb 03, 2006 3:06 am

Re: Do we have a serious Joomla ownership bug?

Post by mellw » Fri Feb 03, 2006 3:30 am

Having the same problem...
I've installed joomlaXplorer and did the dirty fix. Installed the components, downloaded it via FTP. Deleted the whole component-catalog with joomlaXplorer and uploaded it again via FTP. Don't know if this gonna make any difference in the future though...

I was hoping for a quick-fix with use of .htaccess or something, doesn't seems so simple though.

User avatar
louis.landry
Joomla! Ace
Joomla! Ace
Posts: 1388
Joined: Wed Aug 17, 2005 11:03 pm
Location: San Jose, California
Contact:

Re: Do we have a serious Joomla ownership bug?

Post by louis.landry » Fri Feb 03, 2006 3:53 am

Ok, lets clarify a few things. :)

First off... It does not matter whether your user or httpd (or nobody, apache, whatever else apache user is) owns the Joomla core files.  File ownership is determined upon file creation.  It is determined by the user that owns the operating system process that creates the file in the filesystem.

Scenario:  You are logged in as a user and you create a new file... something.txt with your favorite text editor (vi for example).

Since you execute the vi program while logged in as you (we will assume the username will be USER going forward).  So, USER owns the vi process that created the file something.txt on the filesystem.  This means that the file something.txt will be owned by USER.

Scenario:  You upload a file ... somethingElse.txt using FTP. 

Since you are logged into FTP using your user/pass combo... the FTP process that you are operating on has switched user to be owned by USER.  Therefore, when the file somethingElse.txt is uploaded (created) to the filesystem... it will be owned by the owner of the process that created it, USER.

Scenario:  You upload a file to a php script which saves it as yetSomethingElse.txt (not using suexec with php).

Ok, Apache, for security reasons, runs its processes owned by a "special" user... often named nobody, or apache, or httpd, or any other cute name that a sysadmin names it in the conf file.  So in this case we will say the apache user is named httpd.  So, you upload your file to the php script.  Php is running in an apache module, which is running in the apache process...... guess who owns it? ... thats right... user httpd. :)  Because of this... when php says... move_uploaded_file() and saves the file yetSomethingElse.txt ... it will be owned by none other than the user httpd.  Is this a bug in php? no.  Is it a bug in apache? no.  Is it a bug in the php script? no.  It is just how the filesystem ownership works.

suexec is a system by which apache Switches User and EXECutes the process based upon the user that owns the document root for the particular virtual host being requested. (catch the SUEXEC in that?)  This is a solution that some hosts offer, and allows for all files created/modified/etc... by the apache processes to be owned by the proper user. 

You may be asking yourself why apache behaves this way.... I would you suggest all those questions be directed to http://www.apache.org ;)

In summary, this is not a bug in the system, it is exactly how the system is designed to work... does that make your life any easier? no.  But it is the explanation.  There are several potential workarounds... one of them being the FTP client layer that I have written for 1.1 iI suppose.

Louis
Joomla Platform Maintainer
A hacker does for love what others would not do for money.

User avatar
focalguy
Joomla! Guru
Joomla! Guru
Posts: 909
Joined: Fri Aug 19, 2005 2:46 am
Location: Washington State, USA
Contact:

Re: Do we have a serious Joomla ownership bug?

Post by focalguy » Fri Feb 03, 2006 4:05 am

Not to minimize everyone's problems here with ownership, but what about an option on the poll for "No, I have never had an issue"? I don't have shell or root access, but I guess I've just been lucky....

User avatar
Tonie
Joomla! Master
Joomla! Master
Posts: 16584
Joined: Thu Aug 18, 2005 7:13 am

Re: Do we have a serious Joomla ownership bug?

Post by Tonie » Fri Feb 03, 2006 9:23 am

Or an option 'No, because I chose my hoster after I chose Joomla'.

User avatar
N6REJ
Joomla! Explorer
Joomla! Explorer
Posts: 340
Joined: Sun Nov 27, 2005 9:25 am
Location: Ponca City, OK
Contact:

Re: Do we have a serious Joomla ownership bug?

Post by N6REJ » Sun Feb 12, 2006 1:57 am

done, and thanks for the clarification.  That actually makes perfect sense and explains why you would or would not want to use suexec.
Bear

User avatar
tudorilisoi
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 161
Joined: Sun Nov 27, 2005 9:57 am
Location: Romania
Contact:

Re: Do we have a serious Joomla ownership bug?

Post by tudorilisoi » Sun Feb 12, 2006 5:06 pm

Yep, suexec is the only resolution.
TeachMeJoomla.net - Joomla tutorials, tips, mods, and extensions. Joomla freelance custom programming/development

User avatar
ak0rn
Joomla! Apprentice
Joomla! Apprentice
Posts: 36
Joined: Sun Oct 23, 2005 11:36 pm
Location: Russia, Irkutsk
Contact:

Re: Do we have a serious Joomla ownership bug?

Post by ak0rn » Mon Mar 13, 2006 6:39 am

When will Joomla learn to upload files through ftp?  ???  :'( ???  >:( ???  :( ???

User avatar
Websmurf
Joomla! Hero
Joomla! Hero
Posts: 2230
Joined: Fri Aug 19, 2005 2:23 pm
Location: The Netherlands
Contact:

Re: Do we have a serious Joomla ownership bug?

Post by Websmurf » Mon Mar 13, 2006 10:02 am

As of joomla 1.1.
Adam van Dongen - Developer

- Blocklist, ODT Indexer, EasyFAQ, Easy Guestbook, Easy Gallery, YaNC & Redirect -
http://www.joomla-addons.org - http://www.bandhosting.nl

User avatar
ak0rn
Joomla! Apprentice
Joomla! Apprentice
Posts: 36
Joined: Sun Oct 23, 2005 11:36 pm
Location: Russia, Irkutsk
Contact:

Re: Do we have a serious Joomla ownership bug?

Post by ak0rn » Mon Mar 13, 2006 1:23 pm

When is this great event going to happen?

User avatar
pe7er
Joomla! Master
Joomla! Master
Posts: 22157
Joined: Thu Aug 18, 2005 8:55 pm
Location: Nijmegen, The Netherlands
Contact:

Re: Do we have a serious Joomla ownership bug?

Post by pe7er » Mon Mar 13, 2006 1:28 pm

Tonie wrote: The scenario is this. You copy over all files with FTP, all ownership of files and directories is on your FTP user. After that you install a component, the owner of all files and directories for that component is the Apache user (httpd for your installation).
I had problems in the past, but I think that my hosting provider configured the server somehow that FTP & Apache are the same user (uid) now.
Kind Regards,
Peter Martin, Global Moderator
https://db8.nl - Joomla specialist, Nijmegen, Nederland
Co-developer of d2 Content https://data2site.com/joomla-extensions/d2-content

User avatar
wp1
Joomla! Explorer
Joomla! Explorer
Posts: 266
Joined: Sun Sep 04, 2005 8:41 am

Re: Do we have a serious Joomla ownership bug?

Post by wp1 » Tue Mar 14, 2006 12:46 am

Hello All!

I was really glad to see this thread.  I cannot figure out what is going on myself.  These permission problems just seem to pop-up from nowhere.  I cannot tell to what degree JoomlaXplorer is or is not involved. 

I am running Joomla v1.0.5

Please see the following threads.  I do not know what to do to correct these problems.  All advice welcomed.

Cannot save "configuration.php" although it is writable.
http://forum.joomla.org/index.php/topic ... cseen.html

404 error and "download.php"
http://forum.joomla.org/index.php/topic,45709.0.html

Thanks in advance.

WP1
Last edited by wp1 on Tue Mar 14, 2006 12:48 am, edited 1 time in total.
Webbing Along!! ;) :)

jroussel
Joomla! Apprentice
Joomla! Apprentice
Posts: 32
Joined: Wed Aug 24, 2005 3:42 pm
Location: Ottawa

Re: Do we have a serious Joomla ownership bug?

Post by jroussel » Sat Mar 25, 2006 3:07 pm

I have read through all of these post with great interest, as I am having the same problem.  We are just in the processing of switching over to a new webhosting company and have signed up for a Linux account. The first component that I installed through the Joomla autoinstaller gave the permissions to Apache and I was unable to make any changes to the directories/files that were upload.  I had to get my webhosting company to change the file permissions for me.  Unfortunately, this was a onetime deal as they only "assist" you with your CMS if you have an application maintenance contract with them.

So my question is:

If I manually create the file structure by uploading the files through ftp and then use the manual install through the Joomla backend, will it still cause the same problem with the file permissions being assigned to Apache?

Any help from someone with more experience in this area than I have would be GREATLY appreciated.  I'm just a novice and am still learning.  :-[

Juanita

Sageth
Joomla! Apprentice
Joomla! Apprentice
Posts: 32
Joined: Fri Jan 06, 2006 4:05 am
Location: NJ
Contact:

Re: Do we have a serious Joomla ownership bug?

Post by Sageth » Sat Mar 25, 2006 5:21 pm

While this is not the cleanest resolution, I found something that works for me:

I don't have root access with my host, so I upload the files through the Joomla Installer, then copy the new directory back down to my local PC through FTP.  THen I use JoomlaXplorer to delete the directory on the host and then re-upload.  Most of the things that I install are only a handful of files, so while I'm sure there's an easier way, this works for me.

jroussel
Joomla! Apprentice
Joomla! Apprentice
Posts: 32
Joined: Wed Aug 24, 2005 3:42 pm
Location: Ottawa

Re: Do we have a serious Joomla ownership bug?

Post by jroussel » Sat Mar 25, 2006 5:36 pm

Sageth wrote: THen I use JoomlaXplorer to delete the directory on the host and then re-upload.  Most of the things that I install are only a handful of files, so while I'm sure there's an easier way, this works for me.
Thanks Sageth,

I'm not sure if this solution will work for me. If I'm understanding it correctly, everything that I have read so far indicates that JoomlaXplorer needs to be installed on the host.  Unless it gets installed through the FTP program, I lose all file permissions.  They then become the ownership of apache.  I was wondering if I manually create the file structure/upload the files through FTP, edited the xml file to remove the recreation of the file structure, but keep the db query intact and then run it manually through the backend of Joomla, if this would work.

Have you ever tried this before?

Juanita

Sageth
Joomla! Apprentice
Joomla! Apprentice
Posts: 32
Joined: Fri Jan 06, 2006 4:05 am
Location: NJ
Contact:

Re: Do we have a serious Joomla ownership bug?

Post by Sageth » Sat Mar 25, 2006 5:46 pm

I suppose it could work.  I've never tried it, though. 

To answer your question about JoomlaXplorer, I was really against using it at first, but it seems that this is my only solution because my host doesn't want to keep changing my file permissions.  Here's an idea... can permissions be changed via a CRON job that is scheduled periodically?  I don't know the answer to that, but maybe that's a route to follow.  ???

jroussel
Joomla! Apprentice
Joomla! Apprentice
Posts: 32
Joined: Wed Aug 24, 2005 3:42 pm
Location: Ottawa

Re: Do we have a serious Joomla ownership bug?

Post by jroussel » Sat Mar 25, 2006 5:51 pm

Sageth wrote: Here's an idea... can permissions be changed via a CRON job that is scheduled periodically?  I don't know the answer to that, but maybe that's a route to follow.  ???
When researching this problem this morning, I did come across someone who was using this as a solution.  I don't have the link to the post, but it's somewhere in the Joomla Forum.

DeZzL
Joomla! Apprentice
Joomla! Apprentice
Posts: 24
Joined: Fri Jun 02, 2006 12:37 pm
Contact:

Re: Do we have a serious Joomla ownership bug?

Post by DeZzL » Fri Jun 02, 2006 12:45 pm

For those without SSH accesss:
i had the permission problem as well. I'm using PHP Filemanager now to get rid of these ownershipissues.
PHP filemanager can delete or change 'locked' files beause it inherits the webserver's ownership . Make sure to secure access to the program with a password. ;)

User avatar
k4lch
Joomla! Hero
Joomla! Hero
Posts: 2796
Joined: Sat Dec 31, 2005 1:58 am
Contact:

Re: Do we have a serious Joomla ownership bug?

Post by k4lch » Mon Jun 05, 2006 12:14 am

Hi All
I have this same problem one one of my sites. the way I fixed the problem was to use ftp to download the problem file then rename it to some other name reload it to site, change name of original to something then name the uploaded file back to orginal name then have ownership permissions.  after that delete the problem file


k4lch
Loyd Headrick

designtech11
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Tue Jun 06, 2006 9:06 am

Re: Do we have a serious Joomla ownership bug?

Post by designtech11 » Tue Jun 06, 2006 9:31 am

I've been dealing with this issue for about a week now, as it started when I was having some problems with the Google map component. Unfortunately, I didn't know what was happening as this is a different server than some other Joomla installs and is the only server that is owning the components I install  :-\.

But in any case, I have found this thread answering some questions. That said, I'm not a full time developer and was wondering what lengths i will need to go to. I had installed the Google component, tried unsuccessfully to delete it, asked my host to change the ownership to my account, deleted and reinstalled the component and now when i try to set up the config for the Google component I get a blank screen with no changes upon saving.

I also noticed that the change of permissions screwed up my Gallery2 bridge install and now I get all sorts of error messages. So I had them change the ownership back and now neither of the components work and I can't delete them.

I guess the bottom line question is...Do I have to understand how to do all of this server side ssh and suexec to get components working easily? or can they be controlled by using a method such as the JoomlaXplorer?

I've already fooled around a little bit too much to be dangerous and I'd rather not really screw stuff up!

Btw, i'm using v1.0.8. It's 2:31 am and I need more coffee!

Thanks for any feedback,
designtech11

Ricksvil
Joomla! Intern
Joomla! Intern
Posts: 69
Joined: Fri Apr 28, 2006 6:03 pm
Location: Louisville, KY

Re: Do we have a serious Joomla ownership bug?

Post by Ricksvil » Mon Jul 17, 2006 4:11 pm

I am so glad to find this topic being discussed.  I recently switched from a host that had an easy Joomla install and never had any major issues with file permissions. I just switched to a virtual suerve Host to giove me more control, but not any thing I install thru Joomla has Apache as the User.

I read thru the comments and still am not sure what I need to do to corect the problem. I do have access to the root thru Viruosso and I currently have log in as the virtuosso admin and follow the path to joomla and then manually change EVERY file that has been installed to give me permission thru Joomla Admin.  Since I use quite a lot of Joomla components/modules, this is hundreds of files and I don't always fine them all (components install to many differnt directories).  This makes using Joomla doublework. 

I am not a developer (but eventually figure things out) and need pretty step by step instructions how to change stuff.  Any sugestions or help will be GREATLY appreciated.

I love Joomla.  I promote it and talk about it to everyone. But unless I can find out how to fix this, I'll have to change CMS software. 

Rick
Rick Sneed
Go Louisville Cardinals!


Post Reply

Return to “Administration - 1.0.x”