Security Joomla 1.5: - Directory Permission
-
-
- foley
- Sr. Rocketeer
- Posts: 102
- Thanks: 0
-
I am trying to secure my Joomla directories. I read in the Joomla security forum (
docs.joomla.org/Joomla_Administrators_Security_Checklist
) that there is a feature to set all directory and file permission at once from the joomla admin.
Adjust file and directory permissions
Once your site is configured and stable, write-protect critical directories and files by changing directory permissions to 755, and file permissions to 644. There is a feature in Site --> Global Configuration --> Server to set all folder and file permissions at once. Test third party extensions afterwards, and carefully review the code of any extension that has trouble with such settings. Note: Depending on your server's permissions, you may need to temporarily reset to more open permissions when installing more extensions with the Joomla! installer.
However, in my chromatophore J1.5 native installation, there is no such feature in Site --> Global Configuration --> Server to set all folder and file permissions at once.
Does anyone know where this can now be found in J1.5?
-
-
-
- James Spencer
- Preeminent Rocketeer
- Posts: 46340
- Thanks: 50
- I think its due to that FTP setting. Apparently that will ensure that all files are of the correct setting. But, I don't personally know as all my joomla sites are local so permissions aren't a problem.
- James Spencer / Developer & Support / Hull, UK
-
-
-
- foley
- Sr. Rocketeer
- Posts: 102
- Thanks: 0
-
yeah. I got a response from a fellow joomla user who indeed confirmed that it is the ftp settings being referred to here. But the question is that does not provide any form of safety on the site. Setting the ftp credentials does not chmod the folders and/or files appropriately. At the present, when I try to install an extension, I get the file/folder permission error because my joomla component folder is chmod to 755. When I change it to 777 via cuteftp, it installs fine. So my question is there anyway to configure the directory permissions outside of ftp client. If not that greatly diminishes the feature to web enable joomla. The implication is that I or others have to be on a computer with ftp client installed to set permission on/off in order to install an extension via the backend.
I however read somewhere that there is an extension called eXplorer that can achieve this. Not tried it yet.
-
-
-
- GollumX
- Elite Rocketeer
- Posts: 2817
- Thanks: 0
-
AFAIK, you need to enter FTP credentials of the account that owns the files. Then set them to 755 for dirs, and 644 for files. Thereafter, when you install extensions, Joomla will use the FTP credentials so should access them fine.
Like James though, I have never had this problem so could be wrong about it.
Extplorer is indeed an option if the above fails. (still annoying having to chmod every file and folder before and after install, but if there's no other way :-\ )
extensions.joomla.org/component/option,c...k_id,2630/Itemid,35/
extensions.joomla.org/component/option,c...k_id,4746/Itemid,35/ - Say no to Internet Explorer 6.
twitter.com/mark_up
-
-
-
- GollumX
- Elite Rocketeer
- Posts: 2817
- Thanks: 0
- extplorer might be the way to go. If you get errors as some have reported, try the other two. They are all free, and will take 45 seconds to download and install each one.
- Say no to Internet Explorer 6.
twitter.com/mark_up
-
Time to create page: 0.052 seconds