Topic: Joomla 1.5 on SME Server 7.2

[raem]

calisun

> 1) I still don't understand Why to install in /opt and not ibay.

Potential security issues in the case of misconfiguration. Users can do things in ibays (change permisssions & so on), whereas they usually cannot do things in /opt as they don't have access to it.
There have been quite a few posts on this topic so go searching. The SiteMaker Howto on the Wiki came about probably due to this concern, see  http://wiki.contribs.org/SME_Site_Maker
I personally don't see security issues if you install web apps to ibays, as long as you limit who has file sharing access to those ibays, so as to prevent inadvertant tampering, and you also know that those users are sensible and won't do things they should not be doing. Be particularly careful that files have correct (ie appropriate for security) ownership & permisssions, both user & group (I'm referring to the Linux file permissions here). Only a limited number of files & folders should have www ownership with write access (as required by the application in order to function), it's quite wrong & bad advice to see people setting whole folders/files to www:www 777
A reason for installing to ibays, would be to allow different groups of users to have access to the ibay to update their web site content, using say a VPN connection, eg for html based apps rather than Joomla.
As Joomla & other CMS's have their own built in content updating tools, there is no real need to put them in ibays, so there is a better security model if you put them in /opt.


> 2) .. if I install in /opt, people will only be able to get to it by typing mydomain.com/joomla??

It depends how you set up the redirect alias, refer also to some steps that happen when using SiteMaker contrib. You configure the alias the way you want it, so a straight domain name should be OK.
Note if you already have apps in an ibay, it's fairly easy to move them to /opt without any major dramas, just mv the files and edit a few config files in most cases.


> 3) You said: it IS a security risk if you have 2 or more Joomla sites running.

The risk that I see would be in not keeping your Joomla installs up to date with the latest bug free code. I'm not aware of security issues per se that relate to having multiple copies of a web app installed in different locations.
Perhaps the original poster of that comment can illuminate us.

[calisun]

Thank you Ray

[calisun]

I think I figured out the problem, SME Server uses PHP 4.3.9  and Joomla 1.5 calls for PHP 5
When one looks at www.php.net, one will find:
-------------------------------------
PHP 4 end of life announcement
Three years ago PHP 5 has been released. In those three years it has seen many improvements over PHP 4. PHP 5 is fast, stable & production-ready and as PHP 6 is on the way, PHP 4 will be discontinued.
-------------------------------------
Why are we still using PHP  4.X?,

Is there a way to upgrade to PHP 5 on SME server 7.2?

[stephen noble]

...
http://wiki.contribs.org/PHP#PHP_5

[calisun]

I saw that article on how to upgrade to PHP5 as a CGI, and then I will need to Create a custom template for each webapp to enable php5-cgi , this seems like a big hassle.
Since I have no apps that need PHP4, I was hoping that there was a way to upgrade to PHP5

I will give it a try and I will report back with my findings.

[calisun]

OK, I broke something.
Installation of PHP5-cgi went ok,
afterwards I followed instructions on the page to create custom template. After reboot, the system gives me an error message, Syntax error on line 4799 , and this message scrolls non-stop.
Now I don't have http or https access to my server, I can access server using SSH and SFTP.
When I try to edit httpd.conf, I get a message that another program is editing the file and file is read only.

Does anybody know how do I fix this?

[calisun]

Anybody? Please help

[stephen noble]

re php5
follow up with the author of the howto

generally
delete httpd.conf (and custom templates) and then expand the httpd template

[calisun]

Yes, success,
I was on a right track, I did delete custom templates, but I was not sure if it is OK to delete httpd.conf

thank you for your help.

[calisun]

calisun

> 1) I still don't understand Why to install in /opt and not ibay.

Potential security issues in the case of misconfiguration. Users can do things in ibays (change permisssions & so on), whereas they usually cannot do things in /opt as they don't have access to it.
I personally don't see security issues if you install web apps to ibays, as long as you limit who has file sharing access to those ibays, so as to prevent inadvertant tampering, and you also know that those users are sensible and won't do things they should not be doing. Be particularly careful that files have correct (ie appropriate for security) ownership & permisssions, both user & group (I'm referring to the Linux file permissions here). Only a limited number of files & folders should have www ownership with write access (as required by the application in order to function), it's quite wrong & bad advice to see people setting whole folders/files to www:www 777

Ray,
If I understand you correctly, the only reason to put page in /opt directory is to keep internal users from tempering with it. But if I am the only user on the server, there is no point to play around with SiteMaker and creating alias.

And if I understand it correctly, external users can hack the site the same way in ibay or /opt if it is configured incorrectly; as in your example www:www 777

I am understanding you correctly?

[raem]

calisun

If you search back a long way, I think in devinfo list archives, there was some discussion about the general security of ibays and that the default settings for web use were really a compromise at best.
So it is still technically better (ie more secure) to install web apps to /opt if there is no good reason to install them to ibays.
It is very easy to do so using Sitemaker, and it's still relatively straightforward (& easy) to do so if installing/configuring them manually.
Apart from the normal installation & configuration of the app (which you do anyway wherever it's installed to), in addition you only need to create the alias template.

[calisun]

How about search engine rankings? Would the fact that there is an alias/ redirect, would that knock down my search engine standings?

[calisun]

Creating a link seems like a messy fix.
What I think would be ideal is in server-manager, when managing domains is to have ability to specify ibay or /opt directory

[raem]

calisun

Creating an alias is standard procedure, it's used a lot in sme server.
eg if oscommerce is installed you will probably see a httpd.conf custom template fragment in
/etc/e-smith/templates-custom/etc/httpd/httpd.conf/97oscommerce

which in part says

Alias /oscommerce /opt/oscommerce/catalog

<Directory /opt/oscommerce/catalog>
        AddType application/x-httpd-php .php .php3 .phtml
        order deny,allow
        deny from all
        allow from all
        SetEnvIf User-Agent ".*MSIE.*" \
                nokeepalive ssl-unclean-shutdown \
                downgrade-1.0 force-response-1.0
        php_value session.use_trans_sid 0
        php_value register_globals 1
        php_admin_value open_basedir /opt/oscommerce/catalog/
</Directory>



Note that aliases are created as standard in sme, to point to your ibays web content.