Topic: Wich permissions for joomla and gallery

[gixmo]

Could anyone tell me wich permissions on files and directories should be set for joomla and gallery2.
I still want to be able to administer both applications and on the mean time make shure that my site can't be hacked.
Both applications are running in the primary ibay.

[Franco]

Are you using a contrib or have you installed it manually? Joomla does provide the respective rights to each directory when you install it, what I do extra is add a simple .htaccess to the administrator directory and/or change the name of this directory!

[gixmo]

No, I'm using a contrib, but foolish enough i changed the permissions because i had a problem with something else.

[Franco]

Are you relating this to the problem you had with spam?
If so, I have already pointed that the messages you received from sme7admin are not related. You would get them even if you didn't have joomla installed.

[gixmo]

No this has nothing to do with spam. I just want to make sure that nobody can hack my site.

[Franco]

Code: [Select]

drwxr-xr-x   9 m35653717-1 site42     4096 Jun 27  2006 admin-joomla
drwxrwxrwx   2 m35653717-1 site42     4096 Nov 28 23:08 cache
drwxr-sr-x   2 m35653717-1 site42     4096 Dec  2 21:25 cgi-bin
-rw-r--r--   1 m35653717-1 site42    79239 Jun 26  2006 CHANGELOG.php
drwxrwxrwx  19 m35653717-1 site42     4096 Dec  6 23:31 components
-rw-r--r--   1 m35653717-1 site42     2651 Nov 30 22:40 configuration.php
-rw-r--r--   1 m35653717-1 site42     3429 Jun  5  2006 COPYRIGHT.php
drwxr-xr-x   2 m35653717-1 site42     4096 Jun 27  2006 editor
drwxrwsr-x   2 m35653717-1 site42     4096 Nov 26 18:38 error
-rw-r--r--   1 m35653717-1 site42     3638 Nov 27 01:00 favicon.ico
-rw-r--r--   1 m35653717-1 site42     3053 Jun  5  2006 globals.php
drwxr-xr-x   3 m35653717-1 site42     4096 Jun 27  2006 help
-rw-r--r--   1 m35653717-1 site42     3789 Jun 26  2006 htaccess.txt
drwxrwxrwx   8 m35653717-1 site42    12288 Jan  8 09:08 images
drwxr-xr-x  10 m35653717-1 site42     4096 Jun 27  2006 includes
-rw-r--r--   1 m35653717-1 site42     7210 Jun  5  2006 index.php
drwxrwxrwx   2 m35653717-1 site42     4096 Jul 18 15:49 language
-rw-r--r--   1 m35653717-1 site42    17977 Jun  5  2006 LICENSE.php
-rw-r--r--   1 m35653717-1 site42      710 Jun  5  2006 mainbody.php
drwxrwxrwx   8 m35653717-1 site42     4096 Dec  2 00:54 mambots
drwxrwxrwx   2 m35653717-1 site42     4096 Dec  6 23:31 media
drwxrwxrwx   7 m35653717-1 site42     4096 Dec  2 01:55 modules
-rw-r--r--   1 m35653717-1 site42     2474 Jun  5  2006 offlinebar.php
-rw-r--r--   1 m35653717-1 site42     3808 Jun  5  2006 offline.php
-rw-r--r--   1 m35653717-1 site42      709 Jun  5  2006 pathway.php
-rw-r--r--   1 m35653717-1 site42      286 Jun  5  2006 robots.txt
drwxrwxrwx  15 m35653717-1 site42     4096 Nov 30 10:17 templates

Noticed that I have changed the name of the administrator directory and modified the config for joomla to work.
RayMitchell has a tutorial about adding .htaccess that you can use to protect even more.

[gixmo]

Thanks,

and how about the subdirectories and the files there?
What is the user that joomla uses? And should that user be the owner?

[boss_hog]

Howdy yall,
for what it is worth, my own experiences with CMS's my permissions
end up as follows:
Protected Files 440 or 400
Files 640
Directories 750
"Special" Directories 770

I have found that these are the --> least <-- permissions I can allow and still have a functioning PHP Powered site.
Your mileage may vary.

Mostly, I test them in ibays that have admin R/W permissions only, with executable content and web access.

One simple change I make (when possible) is to move the Database User, Database Name and Database Password out of the main***etc.php
file to a directory outside of the web root.

Joe

PS: good thread, BTW!

[Franco]

Thanks,

and how about the subdirectories and the files there?
What is the user that joomla uses? And should that user be the owner?

All the subdirectories get the parent permissions, in my case the user is the group that owns the ibay and the owner is the user that did the upload (by ftp or samba).