PowWeb install permission questions
Permalink
First I have a question about permissions - I know config is 777 and concrete is 755, but when I look at individual files inside the dirs they were auto set to 644 (security protection I'm sure). I recently had a church website's php all hacked, so I'm concerned about changing all these php files to 777.
My question is: is it just the dir that need the permissions set and not the individual
files inside them, or is it all dir & files combined? Thanks for clarifying the details.
So how is concrete5 with security
My question is: is it just the dir that need the permissions set and not the individual
files inside them, or is it all dir & files combined? Thanks for clarifying the details.
So how is concrete5 with security
Thank you, that helps.
One other thing.... I can't find specific permissions listed in the help files.
Do all the files -ALL of them have to be at least 755?
And which dir and files, exactly, have to be 777? All I read is the vague this dir is 755 and this other is 777, but the install still won't load the first page - any page so this has to be off.
Where can I find a full listing of every files permissions?
Thank you,
Do all the files -ALL of them have to be at least 755?
And which dir and files, exactly, have to be 777? All I read is the vague this dir is 755 and this other is 777, but the install still won't load the first page - any page so this has to be off.
Where can I find a full listing of every files permissions?
Thank you,
The following is from the Documentation section of this site:
"/files/ and all items within (both files and directories) should be set to be readable and writable by the web server. That can be accomplished in the following ways, from best to worst:
If your server supports running as suexec/phpsuexec, the files should be owned by your user account, and set as 755 on all of them. That means that your web server process can do anything it likes to them, but nothing else can (although everyone can view them, which is expected.)
If 1 isn't possible, another good option is to set the apache user (either "apache" or "nobody") as having full rights to these files
If neither 1 or 2 are possible, chmod 777 to files/ and all items within (e.g. chmod -R 777 file/*)"
Permissions can be changed after install, and its possible that your page not loading could be due to some other problem. Try assigning 777 to everything to ensure your install is correct and everything loads. If it still doesn't work, we're looking at the wrong issue
"/files/ and all items within (both files and directories) should be set to be readable and writable by the web server. That can be accomplished in the following ways, from best to worst:
If your server supports running as suexec/phpsuexec, the files should be owned by your user account, and set as 755 on all of them. That means that your web server process can do anything it likes to them, but nothing else can (although everyone can view them, which is expected.)
If 1 isn't possible, another good option is to set the apache user (either "apache" or "nobody") as having full rights to these files
If neither 1 or 2 are possible, chmod 777 to files/ and all items within (e.g. chmod -R 777 file/*)"
Permissions can be changed after install, and its possible that your page not loading could be due to some other problem. Try assigning 777 to everything to ensure your install is correct and everything loads. If it still doesn't work, we're looking at the wrong issue
Thank you ~ I finally got it to load.
I believe there's a greater risk of hacking a C5 site through sloppy password management than there is through file read/write permissions. Just my 2 cents worth :)
There's a page in documentation covering this http://www.concrete5.org/documentation/installation/file-directory-...