Joomla Permissions - permissions

I am new to Joomla and have been given the task of supporting a site that was created in Joomla 1.5.25. They keep getting errors that files are not writable. They also can't add or delete anything to and from the media manager even in a Super Administrator account. I was able to override these errors with changing folder permissions from 755 (Joomla's recommended permission set) to 777, but was wondering if there is a better way of going about this (I don't want to leave a security hole on their site with the 777 permission set). From what I have read through my research is Joomla permissions requirements can vary based on your hosting company, so I want to get other peoples input before I give my hosting company a call.
On a side note, is there a way of getting the error messages to display longer then 2 seconds?

Why don't you try changing the permissions only to the folders that are written to temporarily? Another solution is to find out under which user apache is running and make sure that user is the owner or at least in a group that owns your Joomla! directory.

Related

What should the permissions and ownership for Drupal on LAMP stack?

What has me confused is why a directory or part of my Drupal site to suddenly return the message of "Forbidden" - that I, as first use, cannot access various parts of the site in the admin area. I changed the permission on the default/sites/files directory to 777. That probably is giving to too much access to everyone. However, it was only after doing that, that I got a message of Forbidden - that I don't have access to various parts of the admin area. I am the first user.
I changed the permissions on this directory because when I tried to update some modules, I got an error that file could not be created.
I have cpanel/whm on a dedicated vps server. So, one issue is how to find out what the user and group ownership should be on a server that hosts various domains through cpanel. It appears that for other accounts have user:owner permissions that match the account name. I am not sure if the default group:owner should remain as www-data:www-data for example, on Ubuntu or if cpanel/whm says, "make the apache group and user equal to the account name."
Thanks in advance for any help,
Bruce
First of all, I'm going to assume you're talking about Drupal 7, but really, there's little difference in this case.
Try reading about permissions here
Its very simple that the folder should have user:user ownership and correct permissions with folders having 755 permissions respectively. The server might be running on suphp hence you cannot have wrong user with wrong permissions.

Drupal 7: problems with file permissions and IMCE in sites/default/files directory

I have looked around a great deal on the Drupal forum and elsewhere but I cannot yet resolve this.
I have had to reinstall a large, fully functional site (Drupal 7.18) onto a new server. This has gone very smoothly. However, I do not seem to be able to set permissions for my sites/default/files directory in a manner that keeps it accessible and safe when browsing using the IMCE file browser.
Usually I set sites/default/files (and subdirectories within it) as 755, with files within these directories as 664. This works well on many other Drupal 7 sites I have built.
HOWEVER in this case, with these permissions I get the message "Unable to get a working directory for the file browser".
Only by setting directory permissions as 777 can I browse the files in these directories using IMCE - and I know that is really bad practice on shared hosting.
Please can someone advise on troubleshooting this? I have spent hours but I am getting nowhere.
I wonder if the ownership of the files and directories themselves is wrong. If they are wrong, can anyone direct me to step-by-step instructions for changing them?
Examining the 'problem' files and directories using FireFTP, I see
that both user and group names are the same as the FTP username that
was given me by my web host.
Looking at another Drupal site that works properly, I see that files
and directories in sites/default/files are set to user 531/group 528.
Thanks in anticipation! I am running D7.18 on PHP 5.2.10 with extensions enabled. Everything else seems to be working very well indeed. However, I am not sure I have the Apache or Linux skills needed to resolve this, or even to ask my hosts the correct questions ...
755 basically means that only the owner of the files can modify them, so you could try changing the directory permissions to 775 so that the owner and group can modify.
If you are using shared hosting I suggest you ask your hosting provider to help as they will have a better understanding of the users and groups on the server.
Cheers

How to limit access to an FTP folder?

I'm using a shared webserver on which I can manage FTP accounts. I'm wondering how to set access restrictions a folder,
Say I have a file in:
www.somepage.com/ftp/import/
which is named someData.txt
Why is it that I can access this file by hitting:
www.somepage.com/ftp/import/someData.txt
If the file is just lying there, why make an FTP user with login/password to access it. If I check the file restrictions, public has read/write/execute/sticky, so I don't understand why I can just pull the fill by hitting it's URL.
Article on permissions
Try using chmod to change the permissions on your files/folders on the server through command line/terminal. It seems like your permissions are currently set to 777 which allows anyone to do anything.
7 allow user to read/write/execute
7 allow group to read/write/execute
7 allow world to read/write/execute
You would probably want to use something like 770 which will prevent anyone except the user and groups doing anything to the files and folders. These permissions are pretty important for security as you could be the victim of an attack if they aren't set properly.

ModX Cache: Files Being Written with Wrong Permissions

The title doesn't really sum it all up...
I have recently installed ModX Revolution 2.2.4 on an Apache server and I am having complications with the cache folder. Occasionally I have to manually clear the cache folder via ftp, but any files written there are owned by Apache and my account can't delete them. I have tried adding the "new_file_permissions" and "new_folder_permissions" to the system settings, but there is no change. The cache files are always owned by Apache and I have no access via ftp.
Also, files such as the .htaccess and really anything I upload (css etc) are seen as uneditable to modx unless I manually change them to 777 via ftp. I can't change owner and group though.
The server tech can't figure it out. This has come up before on the modx forums but it has never been answered.
Obviously, this is a server problem.
I had this problem (with an IIS server though), and the host needed to change some of their settings.
Especially, if MODX works on your different host(s).
That is the way it is supposed to work, your FTP account does not have permission to write files written by apache, your ftp may be a member of the group but does not have write permission. [needed to delete]. I suspect this is by design for security purposes.
Your new_file_permissions, new_folder_permissions are used for the modx file manager.
So you can do a couple of things:
Run modx under fastcgi, that way the user writing the files should be the same user as the ftp user.
OR
write a little script [you can even stuff it in a snippet] that will delete the cache files for you. [since it will be running as the apache user, it should be no problem.

should apache upload dir have 777 permissions or belong to www-data user?

I'm running apache and my php site uploads images to the server. should apache upload dir have 777 permissions or belong to www-data user? How would this affect backing things up?
I think read + write permission is enough. read for backup, write for upload. It seems that no one ever need to execute anything.
And you should only grant permissions to who really need them. For example, grant write permission to www-data. And if you use another-user to do back up, only grant read permission to another-user.
You'd better avoid using 777
That depends on what you need from it. You should always use the most restrictive permissions that will let you do what you need.
Read the man page for chmod(1) to learn what the various permission bits mean. And maybe provide some more detail about your situation, so someone can provide a specific answer for you.
First and foremost the apache server needs to run as a non-privileged user. Second the upload directory should only need 600 as the permission (rw) iirc. This will allow the user that is running apache to write to that directory. The practical attack against a web server is to trick it into writing to a directory and having it execute the code that is placed there.