Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Tips/Tricks/Mods

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 19th August 2010, 14:27
willko willko is offline
Junior Member
 
Join Date: Aug 2010
Posts: 9
Thanks: 1
Thanked 4 Times in 2 Posts
Default Joomla permissions in CentOS/ISPConfig 3 setup

Hi all,

I followed the CentOS x64 5.5 perfect server guide but also added the gnome desktop and a few utils. The server works really well and I am thoroughly impressed with CentOS & ISPConfig.

I have installed joomla on a site and ran into the permissions obstacle when trying to install/upload any modules/templates etc... (# JFTP::store: Bad response # Warning! Failed to move file.)

As ISPConfig 3 handles the creation/setup of websites via link files/folders & uses "clients" to specify individual site security, the setting of permissions hinges on assigning ownership & group rights to the correct objects.

For example "root" should be the owner and "client1" should be the group on my server. The default joomla install does not assign group permissions correctly. To fix this here is what I did:

N.B. - AFAIK, This process is unique to EACH CLIENT (not website) that ISPConfig creates - a change in client means different group membership...

OWNERSHIP:
Code:
chown -hR -v -f root:[clientX] [joomla install directory]/*
(e.g. chown -hR -v -f root:client1 web/*)
(you can check the messages log after a failed joomla upload/install to see the owner & group that needs permissions)

PERMISSIONS: ( "find ." starts the find from current directory so navigate appropriately)
Code:
find . -type f -exec chmod 644 {} \;   ("f" for files)
find . -type d -exec chmod 775 {} \;  ("d" for directories)
I did try 755 as suggested by an older post, but without write permissions the group to which the "client" belongs is unable to access the necessary files. 775 works fine and I don't think it exposes anything dangerous.

Anyway that sorted permissions/requirements for files/folders. Everything works very well and I am extremely thankful for this forum and the many helpful people who contribute.

Last edited by willko; 19th August 2010 at 14:45.
Reply With Quote
The Following User Says Thank You to willko For This Useful Post:
falko (20th August 2010)
Sponsored Links
  #2  
Old 24th September 2010, 06:05
maberglund maberglund is offline
Junior Member
 
Join Date: Sep 2010
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default Minimize security risk?

I used apache instead of root, and everything seems to work.
Does that seem reasonable in an effort to minimize possible escalations?

Just a thought.
Reply With Quote
  #3  
Old 24th September 2010, 13:20
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,355
Thanks: 810
Thanked 5,174 Times in 4,056 Posts
Default

Quote:
I used apache instead of root, and everything seems to work.
Does that seem reasonable in an effort to minimize possible escalations?
You seem to ahve used wrong settings for your site as there are no changes of the website owners etc. nescessary, neither to get joomla working nor for security. The correct settings for a joomla site are:

1) Select security level "High" in ISPConfig under System > server Config on the web tab.
2) In the website settings, enable the suexec checkbox and select "php-fcgi" as php method.

This ensures that all scripts are run in a security wrapper under the website user.

Do not use mod_php. Also useing user "apache" is a security risk as this allows attacks from other sites on the same server.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #4  
Old 17th November 2010, 11:13
willko willko is offline
Junior Member
 
Join Date: Aug 2010
Posts: 9
Thanks: 1
Thanked 4 Times in 2 Posts
 
Default

I've also found this set of commands useful for existing Joomla sites (migration etc...)

N.B.run this from terminal of the directory CONTAINING the "/web" directory - e.g. "/var/www/clients/client1/web18"
Also make sure the CLIENT is correct before pasting this script!!!


Code:
chown -hR -v -f root:client0 web/*
cd web
find . -type f -exec chmod 644 {} \;
find . -type d -exec chmod 775 {} \;
find . -type f -name "configuration.php" -exec chmod 664 {} \;
find . -type f -name "*.ini" -exec chmod 664 {} \;
find . -type f -name "*.css" -exec chmod 664 {} \;
find . -type f -name ".htaccess" -exec chmod 755 {} \;
Hope that helps

Last edited by willko; 17th November 2010 at 18:44.
Reply With Quote
The Following 3 Users Say Thank You to willko For This Useful Post:
falko (18th November 2010), pineapple (24th October 2011), SamTzu (1st December 2010)
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Chrome + Ubuntu + Flash player andor Desktop Operation 1 25th May 2010 16:59
suPHP, Joomla! 1.5, file & diretory permissions pjdevries Installation/Configuration 17 19th June 2008 02:58
Setup problem ? affecting Joomla 1.5 install luoto Installation/Configuration 9 11th January 2008 09:38
Joomla & MySql config and chmod permissions normdouglas Installation/Configuration 6 27th December 2006 12:39
Perfect setup Joomla with ISPConfig ? bogdinator Installation/Configuration 22 19th January 2006 18:34


All times are GMT +2. The time now is 17:18.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.