Joomla Writable files and folders with permission 755 on linux server

Posted on 2008-11-06
Medium Priority
Last Modified: 2013-12-15
We have severals servers and VPS running Cpanel ,
We noticed that on some servers we have problems with Joomla script to make it work like it should do.
The problem on those servers: Joomla can not write some config files with permission 755 like every fresh instalation came, for example configuration.php can not be written by joomla if it is on 755 , so I have to set it to 777 with is dangerous.

But the fact is that the same install work perfectly on another servers.
Obviusly is something about Apache or PHP configuration.

Could someone help me to configure my apache or php in order that Joomla can write those files and folders with permissions 755 ?
Question by:ultra1
  • 2
LVL 14

Expert Comment

ID: 22895407
The problem is the owner - the "apache" user needs to own those files.  The files that you want to write should actually probably be something like 640, or 600, etc.  PHP files don't need to be executable to be parsed by the web server.
LVL 14

Expert Comment

ID: 22895435
On other servers, perhaps running a different linux distro, apache runs as an "httpd" user, or "nobody".  So maybe your script is making one of those users the owner, instead of "apache"?

For more troubleshooting post your script, and the steps you are taking to install joomla.

Author Comment

ID: 22895803
On all my servers I have Centos 4 OS, On all my servers Apache run as "nobody" and on all my joomla installs I have configuration.php  with the current user as owner and with permissions 755 , but.. on some servers joomla can write configuration.php and on another I get a warning that tells that configuration.php is unbritable.

I heard something about Mod SUPHP , but I am not sure if this is the solution

Accepted Solution

macker- earned 1000 total points
ID: 23001407
suPHP is probably why it's working on some servers.

suPHP causes PHP scripts to run as the user, rather than the 'nobody' user (or whatever user the webserver runs as).

There's security implications to this.  The main issue is it means that if someone can compromise one of the scripts thru the webserver, they can modify all the content, i.e. deface your site.

Setting the file to 777 does mean that someone else on the server could modify the file, but it's usually the lesser evil, unless you _trust_ your web scripts.  (Unless you wrote them, and you specialize in writing secure web scripts, I wouldn't trust them.  Especially not something huge and complex like Joomla, where bugs are likely to lurk in the shadows.)

You can also use group ownership, or ACL's, to allow only the 'nobody' user to modify the file... however, that does mean that anyone else coming in thru the webserver could edit the file; i.e. if another user wants to edit the file, they just create a PHP script in their homedir to do it, and access that script thru the webserver.

If security is a chief concern, put the site on a dedicated webserver, and/or make the configuration.php writable only when you need to edit it, and keep it 755 the rest of the time.

I would really really suggest avoiding suPHP unless you really really understand all the security implications.

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
Originally, this post was published on Monitis Blog, you can check it here . In business circles, we sometimes hear that today is the “age of the customer.” And so it is. Thanks to the enormous advances over the past few years in consumer techno…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Suggested Courses
Course of the Month14 days, 1 hour left to enroll

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question