installiing joomla

Roger arelem at bigpond.com
Sat Sep 14 23:34:48 UTC 2013 

On 09/14/2013 10:51 PM, Tim wrote:
> Allegedly, on or about 14 September 2013, Roger sent:
>> There is some belief that /var/www/html is sacrosanct.
> More to the point is that you don't let a world-accessible server have
> write access to files, willy-nilly.  Likewise if it's not actually
> "world" accessible, but still widely accessible within a LAN.  If it's
> possible for Apache to write to the webspace, because it's foolishly
> owned by the apache user, your system is just ripe for being exploited.
>
>> It does not matter which directory you use you still have to have user
>> ownership and suitable permsissions in some form.
> Yes, and "suitable" permissions are not allowing the server software to
> own the files.  Never having experienced the problem doesn't mean that
> it's not there, or that you're not vulnerable.  It's a very bad habit to
> form, and hard to break once people start forming bad habits.  The fact
> that some website may advocate doing dumb things, doesn't make them good
> advice.  The internet is full of silly things, with the blind leading
> the blind down the garden path, and over the edge of the cliff.
>
>> - Setting up Joolma, Drupal or the like cannot be done unless one is
>> root.
>> - One has to be root not sudo root.
> Nothing particularly unusual there, it's damn sensible that to "set up"
> software, one has to have such privileges.  Not a good idea if they have
> to maintain such high privileges to "use" the software once installed.
>

Could we perhaps discuss how to get those CMS's working without the 
dangerous ownership and permissions aspects. I have tried for years and 
not solved it.
I think it's mainly because they are meant to work on ISP servers where 
someone else controls security.

Setting up as root doesn't happen on a live server, I think because each 
user has their own chunk of space, I have not found a way to do that in 
a home sandpit except to create a new user and install into there. but 
the permissions and ownership problems remain.

I am open to any help and would greatly appreciate understanding on 
solving this.
Roger

More information about the users mailing list