Difference between revisions of "Installing Joomla on Debian Linux"
From Joomla! Documentation
(→mpm-itk restrictive settings: new section) |
|||
| Line 61: | Line 61: | ||
2. The '''mambots''' directory is called '''plugins''' now. How can something basic as this this be changed in a point release??? | 2. The '''mambots''' directory is called '''plugins''' now. How can something basic as this this be changed in a point release??? | ||
Argl. Stuff like this should be changed in a major release or at least a minor, but a point release? | Argl. Stuff like this should be changed in a major release or at least a minor, but a point release? | ||
| + | |||
| + | == mpm-itk restrictive settings == | ||
| + | |||
| + | I have mpm-itk set up so that Joomla runs under a linux account. | ||
| + | |||
| + | I'm trying to work out what would be the most secure folder/dir permissions. | ||
| + | |||
| + | Therefore I've made the perms restrictive this way: | ||
| + | |||
| + | # No access to group or other because its not needed under itk | ||
| + | chmod -R go-rwx * | ||
| + | chmod go-rwx .htaccess | ||
| + | |||
| + | # Directories that need write perms is discussed on this talk page and | ||
| + | # i'm running 1.5.23, so 'mambots' is 'plugins' | ||
| + | # first restrict everything | ||
| + | find . -mindepth 1 -type d -exec chmod u-w {} \; | ||
| + | |||
| + | # Then apply permission to write | ||
| + | # It's not clear whether -R is required but http://docs.joomla.org/Installing_Joomla_on_Debian_Linux#Set_ownerships_and_permissions does do -R | ||
| + | chmod -R u+w administrator/backups/ administrator/backups/ \ | ||
| + | administrator/components/ \ | ||
| + | administrator/language/ \ | ||
| + | administrator/language/en-GB/ \ | ||
| + | administrator/modules/ \ | ||
| + | administrator/templates/ \ | ||
| + | components/ \ | ||
| + | images/ \ | ||
| + | language/ \ | ||
| + | media/ \ | ||
| + | modules/ \ | ||
| + | plugins/ \ | ||
| + | templates/ \ | ||
| + | cache/ \ | ||
| + | administrator/cache/ \ | ||
| + | logs/ \ | ||
| + | tmp | ||
| + | |||
| + | # What files need write access? I'm not sure, but I'll find out! | ||
| + | find . -type f -exec chmod u-w {} \; | ||
| + | |||
| + | # Well, config I suppose: | ||
| + | chmod u+w configuration.php | ||
| + | |||
| + | |||
| + | Then check in administrator site the directory permissions section /administrator/index.php?option=com_admin&task=sysinfo | ||
| + | |||
| + | Use at own risk. YMMV. | ||
Latest revision as of 23:11, 4 August 2011
restrictive permissions[edit]
N.B. chown is not needed with xampp
If you want a more restrictive approach, do this instead:
# chown -R root:root /var/www/joomla # cd /var/www/joomla # PLACES=' # administrator/backups # administrator/components # administrator/modules # administrator/templates # cache # components # images # images/banners # images/stories # language # mambots # mambots/content # mambots/editors # mambots/editors-xtd # mambots/search # media # modules # templates # ' # for i in $PLACES; do chown -R www-data:www-data $i; done
Content[edit]
Well, chown -R is recursive .. thus images covers images/banners and images/stories. Same goes for mambots. Thus the subdirectories will have their ownership changed anyway.
Form[edit]
The chown program does handle more than one command line argument, and has done so since the dawn of time (i.e. the 70s).
Therfore you may write
chown -R www-data:www-data administrator/backups administrator/components administrator/modules administrator/templates cache components images language mambots media modules templates
Or if you want neat 80 columns
chown -R www-data:www-data administrator/backups administrator/components \ administrator/modules administrator/templates cache components images \ language mambots media modules templates
BTW: Leaving out the # marks makes it way easier to cut'n paste the commands into your favorite terminal window.
Update for Joomla 1.5.21[edit]
1. There is a tmp and a administrator/cache directory that need to be chown'ed as well. The first is needed if you enable compression. (Or so it looks from the Site setup pages) The later is needed by the "Joomla! Security Newsfeed" that is shown (or rather hidden) on the Backends start page.
2. The mambots directory is called plugins now. How can something basic as this this be changed in a point release??? Argl. Stuff like this should be changed in a major release or at least a minor, but a point release?
mpm-itk restrictive settings[edit]
I have mpm-itk set up so that Joomla runs under a linux account.
I'm trying to work out what would be the most secure folder/dir permissions.
Therefore I've made the perms restrictive this way:
# No access to group or other because its not needed under itk chmod -R go-rwx * chmod go-rwx .htaccess
# Directories that need write perms is discussed on this talk page and
# i'm running 1.5.23, so 'mambots' is 'plugins'
# first restrict everything
find . -mindepth 1 -type d -exec chmod u-w {} \;
# Then apply permission to write # It's not clear whether -R is required but http://docs.joomla.org/Installing_Joomla_on_Debian_Linux#Set_ownerships_and_permissions does do -R chmod -R u+w administrator/backups/ administrator/backups/ \ administrator/components/ \ administrator/language/ \ administrator/language/en-GB/ \ administrator/modules/ \ administrator/templates/ \ components/ \ images/ \ language/ \ media/ \ modules/ \ plugins/ \ templates/ \ cache/ \ administrator/cache/ \ logs/ \ tmp
# What files need write access? I'm not sure, but I'll find out!
find . -type f -exec chmod u-w {} \;
# Well, config I suppose: chmod u+w configuration.php
Then check in administrator site the directory permissions section /administrator/index.php?option=com_admin&task=sysinfo
Use at own risk. YMMV.