On 8/2/22 8:47 PM, Tim via users wrote:
On Tue, 2022-08-02 at 15:22 +, Emmett Culley via users wrote:
So wordpress automaticaly has the ability to write all files in the
root directory. I suppose we have to trust that wordpress will not
write hacked files to the server's root.
You are awa
On Tue, 2022-08-02 at 15:22 +, Emmett Culley via users wrote:
> So wordpress automaticaly has the ability to write all files in the
> root directory. I suppose we have to trust that wordpress will not
> write hacked files to the server's root.
You are aware that it has a bad reputation for se
> On 09/07/2016 03:19 PM, Rick Stevens wrote:
>
> That didn't help either:
>
> Sep 07 14:19:51 horse-magazine.info systemd[1]: Reloaded The Apache HTTP
> Server.
> Sep 07 16:35:47 horse-magazine.info systemd[1]:
> [/usr/lib/systemd/system/httpd.service:10]
> Executable path is not absolute, ign
Hi,
On Tue, Nov 1, 2016 at 5:31 PM, Gordon Messmer wrote:
> On 10/27/2016 05:48 PM, Alex wrote:
>>
>> I'm referring to the procedure typically used by joomla admins through
>> the web-based admin interface included with joomla. It logs in as a
>> system user then I believe uses sftp to upload fil
On 10/27/2016 05:48 PM, Alex wrote:
I'm referring to the procedure typically used by joomla admins through
the web-based admin interface included with joomla. It logs in as a
system user then I believe uses sftp to upload files from the local
desktop or somewhere on the joomla system.
As best
On 10/27/2016 05:48 PM, Alex wrote:
> Hi,
>
To only way to verify the change "took" is to have the httpd process
create a file and check the mode of the file created.
>>>
>>> Yes, thanks. I still need to test it for joomla through the apache
>>> user, but as I mentioned in a previous ema
Hi,
>>> To only way to verify the change "took" is to have the httpd process
>>> create a file and check the mode of the file created.
>>
>> Yes, thanks. I still need to test it for joomla through the apache
>> user, but as I mentioned in a previous email a few minutes ago, it
>> still appears to
On 10/27/2016 02:19 PM, Alex wrote:
Specifically, uploading new modules have been created with 0644
and 0755.
Assume that we don't know what your process is, and be specific about
how you're uploading new modules, please.
___
users mailing list --
On 10/27/2016 04:16 PM, Gordon Messmer wrote:
Since I was testing a php script that *created* a file, I deleted the
file before the second test and loaded the php page via my browser, again.
Thank you. I was concerned that you'd forgotten that changes to umask
only apply to files created aft
On 10/27/2016 02:27 PM, Alex wrote:
How is it set for the normal user? I've modified /etc/bashrc (and even
/etc/profile), and the apache user doesn't have a .bashrc or
.bash_profile, and it's still 0022.
It's difficult to tell what you're doing wrong, because you aren't being
specific about wh
On 10/27/2016 02:14 PM, Joe Zeff wrote:
On 10/27/2016 01:57 PM, Gordon Messmer wrote:
I created a php script that created a new file. Before the change, the
file's mode was 0644. After the change, the mode was 0664.
Did you run the script after the change, or simply make the change and
che
On 10/27/2016 02:27 PM, Alex wrote:
> Hi,
>
>
>>> I've actually already done these exact steps, and it doesn't work (on
>>> fedora23). When you say you've tested it, do you mean you tested the
>>> steps above, or you did something to confirm afterwards that its umask
>>> is 0002?
>>>
>>> # cat /e
Hi,
>> I've actually already done these exact steps, and it doesn't work (on
>> fedora23). When you say you've tested it, do you mean you tested the
>> steps above, or you did something to confirm afterwards that its umask
>> is 0002?
>>
>> # cat /etc/systemd/system/httpd.service.d/override.conf
Hi,
On Thu, Oct 27, 2016 at 4:57 PM, Gordon Messmer
wrote:
> On 10/27/2016 01:44 PM, Alex wrote:
>>
>> I've actually already done these exact steps, and it doesn't work (on
>> fedora23). When you say you've tested it, do you mean you tested the
>> steps above, or you did something to confirm afte
On 10/27/2016 01:44 PM, Alex wrote:
> Hi,
>
> On Thu, Oct 27, 2016 at 4:09 PM, Gordon Messmer
> wrote:
>> On 10/25/2016 06:53 PM, Alex wrote:
>>>
>>> The problem I was having
>>> was with the user doing local modifications (joomadmin) not being able
>>> to modify files uploaded or changed by the
On 10/27/2016 01:57 PM, Gordon Messmer wrote:
I created a php script that created a new file. Before the change, the
file's mode was 0644. After the change, the mode was 0664.
Did you run the script after the change, or simply make the change and
check the mode again?
_
On 10/27/2016 01:44 PM, Alex wrote:
I've actually already done these exact steps, and it doesn't work (on
fedora23). When you say you've tested it, do you mean you tested the
steps above, or you did something to confirm afterwards that its umask
is 0002?
I created a php script that created a ne
Hi,
On Thu, Oct 27, 2016 at 4:09 PM, Gordon Messmer
wrote:
> On 10/25/2016 06:53 PM, Alex wrote:
>>
>> The problem I was having
>> was with the user doing local modifications (joomadmin) not being able
>> to modify files uploaded or changed by the joomla apache user
>> (apache).
>>
>> Numerous su
On 10/25/2016 06:53 PM, Alex wrote:
The problem I was having
was with the user doing local modifications (joomadmin) not being able
to modify files uploaded or changed by the joomla apache user
(apache).
Numerous suggestions were made, including changing all the files to be
sgid write, adding th
Hi,
On Tue, Sep 6, 2016 at 6:42 PM, Rick Stevens wrote:
> On 09/06/2016 01:25 PM, Mike Wright wrote:
>> On 09/06/2016 01:11 PM, Alex wrote:
>>> Hi,
>>>
>>> I've set up a virtual host for a joomla website and having some
>>> permissions problems. I've seen numerous configurations online about
>>>
Allegedly, on or about 09 September 2016, Alex sent:
> The reason I was exploring other possibilities is because generally
> speaking the apache user shouldn't have write privileges in the
> document root. If there was ever an apache compromise leading to a
> shell, it would put in jeopardy the ent
Hi,
On Thu, Sep 8, 2016 at 8:17 PM, Bill Shirley wrote:
> Why didn't you try it? It works for me.
>
> I spent my time trying to help and you dismissed it
> WITHOUT reason.
>
> Not cool.
I'm sorry you feel that I've dismissed your offer to help. I haven't.
We're just having a discussion. I'm ver
Why didn't you try it? It works for me.
I spent my time trying to help and you dismissed it
WITHOUT reason.
Not cool.
Bill
On 9/8/2016 12:32 PM, Alex wrote:
Hi,
Now do this:
cd /path/to/joomla/DocumentRoot
chmod -R apache:apache $rw_dirs
find $rw_dirs -type d -exec chmod 2770 {} \;
find $rw
On 09/08/2016 10:20 AM, Alex wrote:
Hi,
Here's an idea. Get an account on DigitalOcean. Create a droplet using
their "One-click apps". They have one called "Joomla 3.6.2 on 14.04"
(14.04 is a version of ubuntu).
Explore the Apache config and the Joomla config. Checkout permissioning
an
Hi,
On Thu, Sep 8, 2016 at 12:32 PM, Alex wrote:
> Hi,
>
>> Now do this:
>> cd /path/to/joomla/DocumentRoot
>> chmod -R apache:apache $rw_dirs
>> find $rw_dirs -type d -exec chmod 2770 {} \;
>> find $rw_dirs -type f -exec chmod 660 {} \;
>
> You mean chown above, but yes, I've also thought about
Hi,
> Now do this:
> cd /path/to/joomla/DocumentRoot
> chmod -R apache:apache $rw_dirs
> find $rw_dirs -type d -exec chmod 2770 {} \;
> find $rw_dirs -type f -exec chmod 660 {} \;
You mean chown above, but yes, I've also thought about setting everything sgid.
Someone in another forum recommended
Put the service file back the way it was.
It's best if you can identify which directories Joomla needs write access to
limit exposure.
For Wordpress it's
/path/to/wordpress/DocumentRoot/wp-content/{plugins,themes,upgrade,uploads} so:
rw_dirs="plugins themes upgrade uploads"
if you can't identif
On 09/06/2016 01:11 PM, Alex wrote:
Hi,
I've set up a virtual host for a joomla website and having some
permissions problems
This is in docs.joomla.org:
"PHP Being Run as an Apache Module.
This causes ownership issues and thus permission problems which will
lead to security issues. It is be
On 09/07/2016 03:19 PM, Rick Stevens wrote:
> On 09/07/2016 01:38 PM, Emmett Culley wrote:
>> On 09/07/2016 11:08 AM, Rick Stevens wrote:
>>> On 09/07/2016 10:26 AM, Alex wrote:
Hi,
On Tue, Sep 6, 2016 at 6:42 PM, Rick Stevens wrote:
> On 09/06/2016 01:25 PM, Mike Wright wrote:
On 09/07/2016 01:38 PM, Emmett Culley wrote:
> On 09/07/2016 11:08 AM, Rick Stevens wrote:
>> On 09/07/2016 10:26 AM, Alex wrote:
>>> Hi,
>>>
>>> On Tue, Sep 6, 2016 at 6:42 PM, Rick Stevens wrote:
On 09/06/2016 01:25 PM, Mike Wright wrote:
> On 09/06/2016 01:11 PM, Alex wrote:
>> Hi,
On 09/07/2016 11:08 AM, Rick Stevens wrote:
> On 09/07/2016 10:26 AM, Alex wrote:
>> Hi,
>>
>> On Tue, Sep 6, 2016 at 6:42 PM, Rick Stevens wrote:
>>> On 09/06/2016 01:25 PM, Mike Wright wrote:
On 09/06/2016 01:11 PM, Alex wrote:
> Hi,
>
> I've set up a virtual host for a joomla w
On 09/07/2016 10:26 AM, Alex wrote:
> Hi,
>
> On Tue, Sep 6, 2016 at 6:42 PM, Rick Stevens wrote:
>> On 09/06/2016 01:25 PM, Mike Wright wrote:
>>> On 09/06/2016 01:11 PM, Alex wrote:
Hi,
I've set up a virtual host for a joomla website and having some
permissions problems. I'v
Hi,
On Tue, Sep 6, 2016 at 6:42 PM, Rick Stevens wrote:
> On 09/06/2016 01:25 PM, Mike Wright wrote:
>> On 09/06/2016 01:11 PM, Alex wrote:
>>> Hi,
>>>
>>> I've set up a virtual host for a joomla website and having some
>>> permissions problems. I've seen numerous configurations online about
>>>
On 09/06/2016 01:25 PM, Mike Wright wrote:
> On 09/06/2016 01:11 PM, Alex wrote:
>> Hi,
>>
>> I've set up a virtual host for a joomla website and having some
>> permissions problems. I've seen numerous configurations online about
>> how to set umask for the apache user, but none have worked, includ
On 09/06/2016 01:11 PM, Alex wrote:
Hi,
I've set up a virtual host for a joomla website and having some
permissions problems. I've seen numerous configurations online about
how to set umask for the apache user, but none have worked, including
creating a systemd file
(/etc/systemd/system/multi-us
Hi,
I've set up a virtual host for a joomla website and having some
permissions problems. I've seen numerous configurations online about
how to set umask for the apache user, but none have worked, including
creating a systemd file
(/etc/systemd/system/multi-user.target.wants/httpd.service) with th
36 matches
Mail list logo
