Hi, On Tue, Sep 6, 2016 at 6:42 PM, Rick Stevens <ri...@alldigital.com> wrote: > On 09/06/2016 01:25 PM, Mike Wright wrote: >> On 09/06/2016 01:11 PM, Alex wrote: >>> Hi, >>> >>> I've set up a virtual host for a joomla website and having some >>> permissions problems. I've seen numerous configurations online about >>> how to set umask for the apache user, but none have worked, including >>> creating a systemd file >>> (/etc/systemd/system/multi-user.target.wants/httpd.service) with the >>> following: >> >>> Umask=0006 <<<<<<<< ? >> >> That comes out to 771 : rwxrwx--x. Maybe 0002 ?
That still didn't work. It must not be reading that httpd.service file. -bash-4.3$ umask 0022 > Apache normally runs as apache:apache. Joomla is just a PHP application > running under Apache, so if you're using mod_php, Apache is what will > actually be doing the reading and writing of the files and the > apache:apache user should have rwx access to the entire tree. > > If you're running PHP-FPM, then the user that PHP is running as should > have own the tree and have rwx access to it, while Apache should have > at least r-x access to the tree. You could do that by putting the PHP > user in the apache group, giving ownership of the tree to the PHP user > and giving group r-x privileges: > > useradd -d /path/to/website -g apache phpuser > cd /path/to/website > chown -R phpuser:apache * > chmod -R 750 * The problem is then when the apache user, through the joomla admin front-end, needs to make changes (upload new module, etc) and the group doesn't have write privileges. I could sgid the directory, or write a cron script that changes all the permissions back as one user suggested (horrible idea), but making all the files and directories group-writable for user apache is a bad idea if the apache daemon (or joomla running as the apache user) gets compromised, resulting in a shell. This is the problem I'm trying to avoid. Thanks, Alex -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://lists.fedoraproject.org/admin/lists/users@lists.fedoraproject.org Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
