2008/2/10 12:27:52
|
---|
|
Impresscms Trust_Path Permissions? chmod owner & group...Hello, I just installed the impresscms_1.0_rc.tar.gz for the first time. On a server running php with a handler called suphp.
My question is related to the trust_path of impress and the correct permissions the folder needs to be set at. All the impress files are chmod 644 and folders are chmod 755 inside of the public_html directory. Except for the mainfile which is set to chmod 444 Also in order for the cms to work the owner and group permissions need to be set as well. This is called chown in the server management world. The layout of those are chown account.account -R /home/account/public_html/ This gives all files and folders a setting of owner = account & group = account and chown account.nobody /home/account/public_html/ Make sure your public_html folder is set to owner = account & group = nobody ----- Like I said above this post is related to the impress trust_path folder. So what would be the correct permission for this folder to have the most secure environment possible? Meaning what should the chmod, owner and group be set to prevent hackers? Thanks for your time... Regards |
2008/2/10 12:58:34
|
---|
|
Re: Impresscms Trust_Path Permissions? chmod owner & group...This isn't a web accessible folder, and if you are seriously worried about your trust path... hide it.
how? Easy make a duplicate of your mainfile.php and hide it below your root folder. Open public_html/mainfile.php and replace it with the folowing.
<?php if (stristr(htmlentities($_SERVER['PHP_SELF']), "mainfile.php")) { Header("Location: index.php"); die(); } include("/path/to/your/new/mainfile.php"); ?>
^^I strongly believe in placing config files below the webroot, and in essence that is exactly what mainfile is. Now you can name and place your trust path wherever you like it via your uber protected mainfile.php. |
2008/2/10 13:54:06
|
---|
|
Re: Impresscms Trust_Path Permissions? chmod owner & group...Now that was a killer post dude! Perfect...
I now have a trust path and a different mainfile path out side of public. This install is the tightest I have ever been able to get this software. I feel like a proud poppa... Ty Will |
2008/2/10 14:00:33
|
---|
|
Re: Impresscms Trust_Path Permissions? chmod owner & group...I almost forgot.
I set chmod permissions on the trust_path and mainfile_path folders to 750 just like public. As far as permissions for owner and groups on the two folders outside of public. I set those to the account.account Then all three of the mainfiles are set to 444. I do need to check with the host about the 444. They might want to keep the chmod 644 like the rest of files... I 'll post back if thats what they recommend. |
2008/3/5 7:14:32
|
---|
|
Re: Impresscms Trust_Path Permissions? chmod owner & group...Definately a good idea to look at for 1.1.
|
2008/3/5 18:29:39
|
---|
|
Re: Impresscms Trust_Path Permissions? chmod owner & group...Thanks Will.
What is the advantage of this to the solution of the current icms installer that move away MySQL info from mainfile.php? (I believe it's credited to xoops-tips.com) |
2008/3/6 0:55:09
|
---|
|
Re: Impresscms Trust_Path Permissions? chmod owner & group...If there's a certain type of server problem - which disables php running as code - then the variables of mainfile.php can be visible.
This way - the values are not as easily available in the event of this problem happening. |
2008/3/6 3:24:06
|
---|
|
Re: Impresscms Trust_Path Permissions? chmod owner & group...Very clear now. Thanks
|
2008/3/7 3:27:01
|
---|
|
Re: Impresscms Trust_Path Permissions? chmod owner & group...oops, this does not work for one php script of D3 modules': the "module_icon.php" under XOOPS_ROOT_PATH/modules/<d3_instance_name>/ . As of it, D3 instance images (module_icon.png) will not show up.
Note: module_icon.png is dynamically created by module_icon.php (using gd). The module_icon.php reads
<?php
$xoopsOption['nocommon'] = true ;
require '../../mainfile.php' ;
if( ! defined( 'XOOPS_TRUST_PATH' ) ) die( 'set XOOPS_TRUST_PATH into mainfile.php' ) ;
$mydirname = basename( dirname( __FILE__ ) ) ;
$mydirpath = dirname( __FILE__ ) ;
require $mydirpath.'/mytrustdirname.php' ; // set $mytrustdirname
require XOOPS_TRUST_PATH.'/modules/'.$mytrustdirname.'/module_icon.php' ;
?>
|
2008/3/7 4:21:35
|
---|
|
Re: Impresscms Trust_Path Permissions? chmod owner & group...require '../../mainfile.php' is not dynamic. This string forces the script to look in the document root.
it would need to match your location. in the case that you position your mainfile.php in your subroot require '../mainfile.php' in the case that your mainfile is in your trust_path require XOOPS_TRUST_PATH '/mainfile.php' etc., etc. I am sure that GiJoe would encourage moving tha mainfile into the XOOPS_TRUST_PATH. |
2008/3/7 9:02:34
|
---|
|
Re: Impresscms Trust_Path Permissions? chmod owner & group...Ok I see it now. We know what we are doing - that's important. Thanks
|