File permissions?

Discussion in 'Installation/Configuration' started by yurtboy1, May 10, 2007.

  1. yurtboy1

    yurtboy1 New Member

    Do I have a setting wrong???
    if I am in folder /var/www/web4/web for example
    and a file is -rw-r--r-- web4_admin.web4 as the permissions and owner, shouldn't this file be editable from web interfaces like joomla that update files?
    Or do they have to be -rw-r--r-- www-data.www-data (on a debian system)???
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    This depends on your PHP setup. If ypou use mod_php, the file is not editable from joomla. If you use SuPHP, php as cgi with SuEXEC or php as fastcgi, the file is editable from joomla because the php process runs under the same user that owns the files.
  3. yurtboy

    yurtboy New Member

    Okay so for the main part I just need to set files to

    www-data.www-data for the web interface to have edit ability which is what most of my clients need????
  4. falko

    falko Super Moderator ISPConfig Developer

    Yes, that's right. Or you chmod 777 your files and directories (which is insecure!).
  5. yurtboy1

    yurtboy1 New Member

    Is there any disadvantages to running php cgi?

    It seems the permissions thing would have a ton of advantages if the users got to easily edit those files.
    Not the 777 but making it owned by the users and allow the web server to serve them?
    What would be the disadvantages?
  6. falko

    falko Super Moderator ISPConfig Developer

    You always have to ask yourself who else can edit or delete a file if you set the permissions too loose. For example, if a user has shell access, and a file has 777 permissions, that user could simply delete that file.
  7. yurtboy1

    yurtboy1 New Member

    Agree, but the idea is this...

    is it possible to have web2 group and user web2_admin
    log in via say nautilus's ssh to edit files, edit them because the files are set to
    And the web server apache is running as this user/group so all is well?
    Now it seems as noted above that running as suexec and cgi/php it is possible but... this hard to set up
    Two...does this effect php performance and options
    If not to both then that seem fairly neat for the user.
    I know for me as a developer it would be nice to do the above for every client and not worry about going in at console level to set each file I need to edit to 777 before hand.
    Thanks so far for you time...
  8. Hans

    Hans Moderator ISPConfig Developer

    php-cgi with suPHP

    This is not really an answer, but it is helpful to solve your problem with permissions:

    For "traditional" let's say normal websites using php as a module is fine and probably it uses less recourses than php-cgi with suPHP.

    At the other hand, if you're hosting CMS-driven sites on your server like Joomla, php-cgi in combination with suPHP is the better option, i think. When you've set up suPHP on your ISPConfig server, you are able to run the PHP scripts under the admin user of the website instead of www-data. This means that you don't have problems with conflicts due permissions.

    If you consider to use suPHP, the guides here might help you:
  9. yurtboy

    yurtboy New Member

    I will look into this thanks a ton..

    I will put this on my list since it looks like a great feature for making it easy for the enduser to edit their own site.

Share This Page