What permissions should the other directories have?

Permalink 1 user found helpful
Hello

I've stuck my updates/ directory at 777 because my stupid host won't give me SSH access to give ownership to the web server. This is clearly a security risk. What's the alternative? The server has mod_suexec installed.

Help would be much appreciated :)

melat0nin
 
mose replied on at Permalink Reply
mose
If mod_suexec is installed, then the web server should be running C5 with your user/group permissions. Is that not the case?
melat0nin replied on at Permalink Reply
melat0nin
I'm not sure, how can I check?

I installed c5 by unzipping and uploading the directory structure (a long and laborious process!). I made files/ and updates/ 777 via FTP, because nothing else seemed to work, but now I've updated it to both 5.4.0.2 and 5.4.0.3 but their entire directory structures are 777, which is clearly no good :(

Any help would be appreciated. I'm strongly considering moving host, but if I can avoid it for now that would be helpful.
mose replied on at Permalink Reply
mose
What you are asking is a bit involved for a forum. It isn't a "tell me what button to click" kind of answer. It really needs some hands-on digging into the problem.

The quickest way to get all of the information about the environment and the server is to create a simple .php file named anything you want (e.g., phpinfo.php) with the following lines.



Include the <?php and ?> tags just as they appear. Put that file at the root of your concrete directory and then access it with a web browser (e.g.,http://www.mysite.com/phpinfo.php ). You should get a long report with all kinds of information. Scroll to the section apache2handler, and look for the row labeled User/Group. That will tell you if the web server executed your file with your user/group information or not.

If you were at 5.4.0, you should have been able to perform the entire update all from within c5. The web server would have downloaded the update to the updates folder for you, which would have been faster and easier. One of the reasons updates are now handled this way is to avoid the kind of problems you are experiencing.
melat0nin replied on at Permalink Reply
melat0nin
Thanks, phpinfo() shows the user/group is nobody(99)/99. I'm not entirely sure what that means.

As I say, I have upgraded from 5.4>5.4.0.2>5.4.0.3 all within c5, but it only works if the updates/ directory is chmodded to 777.

Is there a blanket ownership change I can make to the whole c5 directory to get this to work without needing 777 permissions? I ask because the host will only change ownership on their side (I have to email them), so if I can fix it in one fell swoop that would be good.
mose replied on at Permalink Reply
mose
The user/group "nobody" is a generic user that generally has very few or no privileges on the local system. The reason they would be using this group to execute your files is that if someone broke into the web server, they wouldn't be able to do much on the system.

If you are the owner of the updates directory, it make sense that the web server couldn't store and install the update unless you used chmod 777. If the web server installed the files, they should be owned by the web server, though. So, I'm not sure I understand what is going.

There is no way for you to change the user/group of the files/directories. When you are logged in and creating files or directories, they will be created with your user/group. There is no way around that. The host will have to change that for you.

If you really are the owner of all of the files and directories, 777 would only be needed during an update. You could change that to 775 for almost all directories and files. Some directories, such as files, would still need to be 777, because the web server writes to them.

If your host is willing, the ideal solution would be to set the group of all files and folders to nobody and to set the owner of all files and folders to your username. Then, you could set the permissions to allow yourself and the nobody group to access the files and turn the privileges for "other" off.
daniel329 replied on at Permalink Reply
I am looking at the files and see that config/site.php is at 777 is this correct? or should I change it to something else?
Please advise asap.
Thanks
Mnkras replied on at Permalink Reply
Mnkras
change it to 644 after install