Joomla permissions in CentOS/ISPConfig 3 setup
I followed the CentOS x64 5.5 perfect server guide but also added the gnome desktop and a few utils. The server works really well and I am thoroughly impressed with CentOS & ISPConfig.
I have installed joomla on a site and ran into the permissions obstacle when trying to install/upload any modules/templates etc... (# JFTP::store: Bad response # Warning! Failed to move file.)
As ISPConfig 3 handles the creation/setup of websites via link files/folders & uses "clients" to specify individual site security, the setting of permissions hinges on assigning ownership & group rights to the correct objects.
For example "root" should be the owner and "client1" should be the group on my server. The default joomla install does not assign group permissions correctly. To fix this here is what I did:
N.B. - AFAIK, This process is unique to EACH CLIENT (not website) that ISPConfig creates - a change in client means different group membership...
(you can check the messages log after a failed joomla upload/install to see the owner & group that needs permissions)
PERMISSIONS: ( "find ." starts the find from current directory so navigate appropriately)
Anyway that sorted permissions/requirements for files/folders. Everything works very well and I am extremely thankful for this forum and the many helpful people who contribute.
Minimize security risk?
I used apache instead of root, and everything seems to work.
Does that seem reasonable in an effort to minimize possible escalations?
Just a thought.
1) Select security level "High" in ISPConfig under System > server Config on the web tab.
2) In the website settings, enable the suexec checkbox and select "php-fcgi" as php method.
This ensures that all scripts are run in a security wrapper under the website user.
Do not use mod_php. Also useing user "apache" is a security risk as this allows attacks from other sites on the same server.
I've also found this set of commands useful for existing Joomla sites (migration etc...)
N.B.run this from terminal of the directory CONTAINING the "/web" directory - e.g. "/var/www/clients/client1/web18"
Also make sure the CLIENT is correct before pasting this script!!!
|All times are GMT +2. The time now is 12:43.|
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.