Joomla permissions in CentOS/ISPConfig 3 setup

Discussion in 'Tips/Tricks/Mods' started by willko, Aug 19, 2010.

  1. willko

    willko New Member

    Hi all,

    I followed the CentOS x64 5.5 perfect server guide but also added the gnome desktop and a few utils. The server works really well and I am thoroughly impressed with CentOS & ISPConfig.

    I have installed joomla on a site and ran into the permissions obstacle when trying to install/upload any modules/templates etc... (# JFTP::store: Bad response # Warning! Failed to move file.)

    As ISPConfig 3 handles the creation/setup of websites via link files/folders & uses "clients" to specify individual site security, the setting of permissions hinges on assigning ownership & group rights to the correct objects.

    For example "root" should be the owner and "client1" should be the group on my server. The default joomla install does not assign group permissions correctly. To fix this here is what I did:

    N.B. - AFAIK, This process is unique to EACH CLIENT (not website) that ISPConfig creates - a change in client means different group membership...

    chown -hR -v -f root:[clientX] [joomla install directory]/*
    (e.g. chown -hR -v -f root:client1 web/*)
    (you can check the messages log after a failed joomla upload/install to see the owner & group that needs permissions)

    PERMISSIONS: ( "find ." starts the find from current directory so navigate appropriately)
    find . -type f -exec chmod 644 {} \;   ("f" for files)
    find . -type d -exec chmod 775 {} \;  ("d" for directories)
    I did try 755 as suggested by an older post, but without write permissions the group to which the "client" belongs is unable to access the necessary files. 775 works fine and I don't think it exposes anything dangerous.

    Anyway that sorted permissions/requirements for files/folders. Everything works very well and I am extremely thankful for this forum and the many helpful people who contribute.
    Last edited: Aug 19, 2010
  2. maberglund

    maberglund New Member

    Minimize security risk?

    I used apache instead of root, and everything seems to work.
    Does that seem reasonable in an effort to minimize possible escalations?

    Just a thought.
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    You seem to ahve used wrong settings for your site as there are no changes of the website owners etc. nescessary, neither to get joomla working nor for security. The correct settings for a joomla site are:

    1) Select security level "High" in ISPConfig under System > server Config on the web tab.
    2) In the website settings, enable the suexec checkbox and select "php-fcgi" as php method.

    This ensures that all scripts are run in a security wrapper under the website user.

    Do not use mod_php. Also useing user "apache" is a security risk as this allows attacks from other sites on the same server.
  4. willko

    willko New Member

    I've also found this set of commands useful for existing Joomla sites (migration etc...) this from terminal of the directory CONTAINING the "/web" directory - e.g. "/var/www/clients/client1/web18"
    Also make sure the CLIENT is correct before pasting this script!!!

    chown -hR -v -f root:client0 web/*
    cd web
    find . -type f -exec chmod 644 {} \;
    find . -type d -exec chmod 775 {} \;
    find . -type f -name "configuration.php" -exec chmod 664 {} \;
    find . -type f -name "*.ini" -exec chmod 664 {} \;
    find . -type f -name "*.css" -exec chmod 664 {} \;
    find . -type f -name ".htaccess" -exec chmod 755 {} \;
    Hope that helps
    Last edited: Nov 17, 2010
  5. emmaluc

    emmaluc New Member

    I don't understand how it works...i have installed a new website (a joomla CMS)
    I have created a new user on my ispconfig.
    I use filezilla with my root account, to upload my files on my new website.
    After the installation, I don't have the correct rights to change my files on the joomal configuration.
    Can you explain me the steps to do that ?
    I open my terminal & connect me as SSH user on my website. That's step is ok :)
    But after i don't know how to do it...
    If someone can help a beginner :)

Share This Page