Reply New Topic
2008/2/10 12:27:52
#1
Offline
Home away from home

Impresscms Trust_Path Permissions? chmod owner & group...

Hello, I just installed the impresscms_1.0_rc.tar.gz for the first time. On a server running php with a handler called suphp.

My question is related to the trust_path of impress and the correct permissions the folder needs to be set at.

All the impress files are chmod 644 and folders are chmod 755 inside of the public_html directory. Except for the mainfile which is set to chmod 444

Also in order for the cms to work the owner and group permissions need to be set as well. This is called chown in the server management world.

The layout of those are

chown account.account -R /home/account/public_html/

This gives all files and folders a setting of
owner = account & group = account

and

chown account.nobody /home/account/public_html/

Make sure your public_html folder is set to
owner = account & group = nobody

-----

Like I said above this post is related to the impress trust_path folder.

So what would be the correct permission for this folder to have the most secure environment possible? Meaning what should the chmod, owner and group be set to prevent hackers?

Thanks for your time...

Regards


2008/2/10 12:58:34
#2
Offline
Home away from home

Re: Impresscms Trust_Path Permissions? chmod owner & group...

This isn't a web accessible folder, and if you are seriously worried about your trust path... hide it.

how?

Easy make a duplicate of your mainfile.php and hide it below your root folder.

Open public_html/mainfile.php

and replace it with the folowing.

<?php if (stristr(htmlentities($_SERVER['PHP_SELF']), "mainfile.php")) { Header("Location: index.php"); die(); } include("/path/to/your/new/mainfile.php"); ?>


^^I strongly believe in placing config files below the webroot, and in essence that is exactly what mainfile is.

Now you can name and place your trust path wherever you like it via your uber protected mainfile.php.


2008/2/10 13:54:06
#3
Offline
Home away from home

Re: Impresscms Trust_Path Permissions? chmod owner & group...

Now that was a killer post dude! Perfect...

I now have a trust path and a different mainfile path out side of public. This install is the tightest I have ever been able to get this software. I feel like a proud poppa...

Ty Will


2008/2/10 14:00:33
#4
Offline
Home away from home

Re: Impresscms Trust_Path Permissions? chmod owner & group...

I almost forgot.

I set chmod permissions on the trust_path and mainfile_path folders to 750 just like public.

As far as permissions for owner and groups on the two folders outside of public. I set those to the account.account

Then all three of the mainfiles are set to 444.

I do need to check with the host about the 444. They might want to keep the chmod 644 like the rest of files...

I 'll post back if thats what they recommend.


2008/3/5 7:14:32
#5
Offline
Home away from home

Re: Impresscms Trust_Path Permissions? chmod owner & group...

Definately a good idea to look at for 1.1.


2008/3/5 18:29:39
#6
Offline
Just can not stay away

Re: Impresscms Trust_Path Permissions? chmod owner & group...

Thanks Will.

What is the advantage of this to the solution of the current icms installer that move away MySQL info from mainfile.php? (I believe it's credited to xoops-tips.com)


2008/3/6 0:55:09
#7
Offline
Home away from home

Re: Impresscms Trust_Path Permissions? chmod owner & group...

If there's a certain type of server problem - which disables php running as code - then the variables of mainfile.php can be visible.

This way - the values are not as easily available in the event of this problem happening.


2008/3/6 3:24:06
#8
Offline
Just can not stay away

Re: Impresscms Trust_Path Permissions? chmod owner & group...

Very clear now. Thanks


2008/3/7 3:27:01
#9
Offline
Just can not stay away

Re: Impresscms Trust_Path Permissions? chmod owner & group...

oops, this does not work for one php script of D3 modules': the "module_icon.php" under XOOPS_ROOT_PATH/modules/<d3_instance_name>/ . As of it, D3 instance images (module_icon.png) will not show up.

Note: module_icon.png is dynamically created by module_icon.php (using gd). The module_icon.php reads
<?php $xoopsOption['nocommon'] = true ; require '../../mainfile.php' ; if( ! defined( 'XOOPS_TRUST_PATH' ) ) die( 'set XOOPS_TRUST_PATH into mainfile.php' ) ; $mydirname = basename( dirname( __FILE__ ) ) ; $mydirpath = dirname( __FILE__ ) ; require $mydirpath.'/mytrustdirname.php' ; // set $mytrustdirname require XOOPS_TRUST_PATH.'/modules/'.$mytrustdirname.'/module_icon.php' ; ?>


2008/3/7 4:21:35
#10
Offline
Home away from home

Re: Impresscms Trust_Path Permissions? chmod owner & group...

require '../../mainfile.php' is not dynamic. This string forces the script to look in the document root.

it would need to match your location.

in the case that you position your mainfile.php in your subroot

require '../mainfile.php'

in the case that your mainfile is in your trust_path

require XOOPS_TRUST_PATH '/mainfile.php'

etc., etc.

I am sure that GiJoe would encourage moving tha mainfile into the XOOPS_TRUST_PATH.


2008/3/7 9:02:34
#11
Offline
Just can not stay away

Re: Impresscms Trust_Path Permissions? chmod owner & group...

Ok I see it now. We know what we are doing - that's important. Thanks


Reply New Topic extras
 Previous Topic   Next Topic
You can view topic.
You can start a new topic.
You can reply to posts.
You cannot edit your posts.
You cannot delete your posts.
You cannot add new polls.
You cannot vote in polls.
You cannot attach files to posts.
You can post without approval.