PDA

View Full Version : Make all website directories writable (by default)


mgibson
22nd April 2009, 17:29
Hi,

Is there a way to make all site directories writable by default instead of chmod 777 everytime?

My scenario is - joomla.

- A new domain, ftp user & mysql db will be created through ISPConfig3
- Joomla is uploaded via ftp to the /web folder.
- The Joomla setup is ran, and cannot write a configuration file in the root directory (/web).

Can this be done?

Thanks,

Mark.

till
22nd April 2009, 17:32
The directory permissions are all fine, there is no need to set them to 777. You just used the wrong php type. For joomla you will have to use either suphp or php-fcgi + suexec so that the php scripts run under the correct admin user of the website user instead of the apache user.

mgibson
22nd April 2009, 18:01
I thought it might be something silly but couldn't figure this out.

thanks

mark.

tebokkel
23rd April 2009, 00:20
Simple cron-job could do the trick, but messing around with world-writable rights by a knitwit admin was once the cause I managed to get myself root-rights to get my email going again. :cool:
Even world-readable is basically dangerous on a shared server. Database passwords in config files from other users are very interesting and very difficult to prevent (without suPHP, suEXEC, basedirs, safepaths, no CGI, no shell, etc, etc, etc, etc).

Paul

robertlouwen
3rd June 2009, 01:35
The directory permissions are all fine, there is no need to set them to 777. You just used the wrong php type. For joomla you will have to use either suphp or php-fcgi + suexec so that the php scripts run under the correct admin user of the website user instead of the apache user.
@ Till,

Actually really stupid but I want to be sure I understand.

For each website select fast - CGI and put a tick in SuEXEC box.

And for your information: Finally I got my FTP- SMTP and WEB server up and running.
I did not give up and succeeded ( there are a few minnor issues )

Thanks for ISPConfig !

SamTzu
3rd June 2009, 22:22
I have noticed some issues with file/folder permissions on Joomla.
After migrating sites to ISPConfig3 some sites suffer from permissions issues.
New pictures on Virtuemart get incorrect file permissions etc.

umask 0022 is correct so what could cause this?
I'm using CGI, SSI, suEXEC and suPHP on Joomla sites.

Any suggestions?


Sam

robertlouwen
3rd June 2009, 23:50
@ Samtzu

Just like you I am struggling with this.
Tried all kinds of php ( fast-cgi, suphp, mod-php ) and so far did not find a combination that works.
On the other hand I also tried chown on the entire directory and I have reasons to believe it works.
My joomla web is here : /var/www/clients/client1/web1/web/joomla ( client1 is me ) so i did this : cd /var/www/clients/client1/web1/web (enter)
chown -R -v -f web1:client1 joomla (enter)

maybe this works for you.
Good luck

SamTzu
3rd June 2009, 23:55
I have been forced to run these commands on web folder...
find . -type d -exec chmod 755 {} \;
find . -type f -exec chmod 644 {} \;
chmod 777 tmp/ -Rf

till
4th June 2009, 09:16
This should both not be nescessary if you uploaded the files with FTP and then used either suexec + php-fastcgi or suphp. as the files will have the correct owners when uploaded with ftp and chowning is not nescessary as the files will get written by the cms systems under the same user. I run a lot of sites like that and never neded to chown or chmod something when using ispconfig 3.

robertlouwen
4th June 2009, 12:26
@ Till,

Thank you for this !

To me it seemed easier to upload joomla.tar.gz to the website then go to my linux machine do tar xvzf and after that chown.

I go try to unzip joomla.tar.gz first and than upload all files ( takes a little longer but who cares )

Croydon
4th June 2009, 12:31
@ Till,

Thank you for this !

To me it seemed easier to upload joomla.tar.gz to the website then go to my linux machine do tar xvzf and after that chown.

I go try to unzip joomla.tar.gz first and than upload all files ( takes a little longer but who cares )

Surely you can upload and untar directly on the server.
The only difference is that you have to chown all the files after that to the ftp user and group.

robertlouwen
4th June 2009, 12:32
@ Till

Again ...

Something that pop up in my dummy brain.

Like in your tut. create a compileuser so if I create a web1 or client1 user with the same password as in ISPConfig and than su web1 or client1 and then tar xvzf ?

Or is this completly crazy talk ?

robertlouwen
4th June 2009, 12:37
@ Croydon,

Surely you can upload and untar directly on the server.
The only difference is that you have to chown all the files after that to the ftp user and group.

This is only possible for me because I have the linux machine here right under my desk
My son ( the only other client ) lives somewhere else so he has to upload all files

Am I right ?

Slowhand
4th June 2009, 13:22
The directory permissions are all fine, there is no need to set them to 777. You just used the wrong php type. For joomla you will have to use either suphp or php-fcgi + suexec so that the php scripts run under the correct admin user of the website user instead of the apache user.

Till,

Is this true only for Joomla or should suphp always be used?

Or only for cms-type installs...?

Slowhand

till
4th June 2009, 14:29
@ Till

Again ...

Something that pop up in my dummy brain.

Like in your tut. create a compileuser so if I create a web1 or client1 user with the same password as in ISPConfig and than su web1 or client1 and then tar xvzf ?

Or is this completly crazy talk ?

there is no need to create a user. Just login to our server and then run for example (if you want to install the files in web1):

su web1

before you untar the files and all files will have the correct user.

till
4th June 2009, 14:30
Till,

Is this true only for Joomla or should suphp always be used?

Or only for cms-type installs...?

Slowhand

This is recommended for every cms system that will upload files or images. Choose either suphp or php-fastcgi + suexec.

till
4th June 2009, 14:31
This is only possible for me because I have the linux machine here right under my desk
My son ( the only other client ) lives somewhere else so he has to upload all files

Am I right ?

No, it does not depend on were the server is. You can always login with SSH on the shell and then do these tasks rom everywhere.

SamTzu
5th June 2009, 19:53
I'm now wondering if my problems are actually OpenVZ related. I have noticed that su in Proxmox's Debian Lenny does not seem to work. Could this be an issue since we have built our Joomlas on top of ISPConfig3 that lies on top of Proxmox/OpenVZ.

Anyway the problems are not clearly defined. Difficult to make conclusions.

falko
6th June 2009, 11:39
I have noticed that su in Proxmox's Debian Lenny does not seem to work.
On the host or in the guest systems?

SamTzu
6th June 2009, 21:32
On the guest.

till
7th June 2009, 15:27
Any errors in the log files from apache or the syslog? Also check the user_beancounters, most likely you hit any limits that causes these problems.


I'am useing openvz for several servers and ispconfig 3 + several cms systems work fin. As proxmox uses openvz as virtualisation system too, it should work.

SamTzu
7th June 2009, 17:00
Nothing in Apache or Syslog files.
I found this in my brand new website logs...

[Fri Jun 05 19:00:16 2009] [error] [client 62.78.242.70] File does not exist: /var/www/clients/client1/web1/web/index.php
[Fri Jun 05 19:35:37 2009] [error] [client 62.78.242.70] (13)Permission denied: file permissions deny server access: /var/www/clients/client1/web1/web/administrator/components/com_extplorer/images/eXtplorer.gif, referer: http://samimattila.com/administrator/index.php

To fix the perms I did the usual chmod's on files/folders and tmp folder.
It seems that everytime something 'new' is installed (like eXtplorer) new files are installed with insufficient permission and I have to manually fix the perms afterwards.

I'm not sure how to check the 'user_beancounters' in Proxmox/OpenVZ

till
7th June 2009, 17:10
IN ISPCOnfig 3 you dont have to change any permissions for Joomla as long as you used the correct user to install it (the admin user of the website) or uploaded it with FTP.

I'm not sure how to check the 'user_beancounters' in Proxmox/OpenVZ

cat /proc/user_beancounters

SamTzu
7th June 2009, 22:06
That could be it.
Since the su command does not seem to work in the Container I have always used root to install Joomla.

Sam

SamTzu
10th June 2009, 11:10
It looks like every time a user uploads a picture it gets minimal (rw) permissions. Then I have to manually give read permissions to it.

drwxr-xr-x 2 web4 client2 4.0K 2009-06-10 08:07 .
drwxr-xr-x 6 web4 client2 4.0K 2009-06-10 08:03 ..
-rw-r--r-- 1 web4 client2 2.2K 2009-06-10 08:03 2160_80.jpg
-rw------- 1 web4 client2 2.3K 2009-06-10 08:07 2161_80.jpg

SamTzu
10th June 2009, 11:34
Ok. Looks like it's in the suPHP.
If I change to fast-CGI uploads work fine.

Sam

aethereum
12th June 2009, 18:21
I completed the Perfect Server Setup using SuSE 11.1 with no errors, I create a Client User, a Website, a Database and FTP user.

I uploaded the files by FTP with the user I create for it on ISPC3 and installed Joomla and all was fine until I try to change the joomla's global configuration.

A new conf file is generated and named "configuration.1 instead configuration.php I tried to chmod "configuration.php" but I get 550 error "Operation not permitted"

The site is running php cgi ssi fast-cgi+suExec

Thanks in advance for the help.

till
13th June 2009, 09:49
Take a look at the error log of the website to get the detailed error message.

aethereum
1st July 2009, 22:51
Take a look at the error log of the website to get the detailed error message.

Ok, but where is that? Just found the System Log under Monitor section of ISPC

falko
2nd July 2009, 15:36
It's in the log subdirectory of the web site (e.g. /var/www/www.example.com/log).