HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Tips/Tricks/Mods (http://www.howtoforge.com/forums/forumdisplay.php?f=29)
-   -   Joomla permissions in CentOS/ISPConfig 3 setup (http://www.howtoforge.com/forums/showthread.php?t=48081)

willko 19th August 2010 14:27
Joomla permissions in CentOS/ISPConfig 3 setup
 
Hi all,

I followed the CentOS x64 5.5 perfect server guide but also added the gnome desktop and a few utils. The server works really well and I am thoroughly impressed with CentOS & ISPConfig.

I have installed joomla on a site and ran into the permissions obstacle when trying to install/upload any modules/templates etc... (# JFTP::store: Bad response # Warning! Failed to move file.)

As ISPConfig 3 handles the creation/setup of websites via link files/folders & uses "clients" to specify individual site security, the setting of permissions hinges on assigning ownership & group rights to the correct objects.

For example "root" should be the owner and "client1" should be the group on my server. The default joomla install does not assign group permissions correctly. To fix this here is what I did:

N.B. - AFAIK, This process is unique to EACH CLIENT (not website) that ISPConfig creates - a change in client means different group membership...

OWNERSHIP:
Code:
chown -hR -v -f root:[clientX] [joomla install directory]/*
(e.g. chown -hR -v -f root:client1 web/*)
(you can check the messages log after a failed joomla upload/install to see the owner & group that needs permissions)

PERMISSIONS: ( "find ." starts the find from current directory so navigate appropriately)
Code:
find . -type f -exec chmod 644 {} \;  ("f" for files)
find . -type d -exec chmod 775 {} \;  ("d" for directories)
I did try 755 as suggested by an older post, but without write permissions the group to which the "client" belongs is unable to access the necessary files. 775 works fine and I don't think it exposes anything dangerous.

Anyway that sorted permissions/requirements for files/folders. Everything works very well and I am extremely thankful for this forum and the many helpful people who contribute.

maberglund 24th September 2010 06:05
Minimize security risk?
 
I used apache instead of root, and everything seems to work.
Does that seem reasonable in an effort to minimize possible escalations?

Just a thought.

till 24th September 2010 13:20
Quote:
I used apache instead of root, and everything seems to work.
Does that seem reasonable in an effort to minimize possible escalations?
You seem to ahve used wrong settings for your site as there are no changes of the website owners etc. nescessary, neither to get joomla working nor for security. The correct settings for a joomla site are:

1) Select security level "High" in ISPConfig under System > server Config on the web tab.
2) In the website settings, enable the suexec checkbox and select "php-fcgi" as php method.

This ensures that all scripts are run in a security wrapper under the website user.

Do not use mod_php. Also useing user "apache" is a security risk as this allows attacks from other sites on the same server.

willko 17th November 2010 11:13
I've also found this set of commands useful for existing Joomla sites (migration etc...)

N.B.run this from terminal of the directory CONTAINING the "/web" directory - e.g. "/var/www/clients/client1/web18"
Also make sure the CLIENT is correct before pasting this script!!!


Code:
chown -hR -v -f root:client0 web/*
cd web
find . -type f -exec chmod 644 {} \;
find . -type d -exec chmod 775 {} \;
find . -type f -name "configuration.php" -exec chmod 664 {} \;
find . -type f -name "*.ini" -exec chmod 664 {} \;
find . -type f -name "*.css" -exec chmod 664 {} \;
find . -type f -name ".htaccess" -exec chmod 755 {} \;
Hope that helps


All times are GMT +2. The time now is 14:16.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2013, vBulletin Solutions, Inc.