Page 2 of 2 FirstFirst 12
Results 11 to 13 of 13

Thread: Joomla security issues

  1. June 8th, 2015 #11
    Sapph1r3
    Sapph1r3 is offline 5 Cups of Ubuntu
    Join Date
    Nov 2013
    Location
    South Africa
    Beans
    30
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Joomla security issues

    Thanks for all the assistance.
    The user eventually got back to me.
    On attempting to upgrade, the error reads:

    Capture.JPG
    Advanced reply Adv Reply  
  2. June 8th, 2015 #12
    tgalati4's Avatar
    tgalati4
    tgalati4 is offline This space is currently for rent . .
    Join Date
    Feb 2007
    Location
    West Hills CA
    Beans
    10,044
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Joomla security issues

    What are the details of the file?

    Code:
    ls -la LICENSE.txt
    Either this is the first of many files that you will have problems with, or the permissions of the directory above it may have a permissions/owner issue.
    -------------------------------------
    Oooh Shiny: PopularPages

    Unumquodque potest reparantur. Patientia sit virtus.
    Advanced reply Adv Reply  
  3. June 8th, 2015 #13
    bab1's Avatar
    bab1
    bab1 is offline Ubuntu addict and loving it
    Join Date
    May 2008
    Location
    SoCal
    Beans
    Hidden!
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Joomla security issues

    Quote Originally Posted by tgalati4 View Post
    What are the details of the file?

    Code:
    ls -la LICENSE.txt
    Either this is the first of many files that you will have problems with, or the permissions of the directory above it may have a permissions/owner issue.
    +1 to that.

    This is really a Joomla! problem and not a Linux file permissions problem per si. Joomla! requires directory and file permissions that are not acceptable to most Ubuntu installs. It might even be counter to the way Apache should be secured. My understanding is that Joomla itself must be configured correctly to overcome the discrepancy.

    I'm suprised when I read the Joomla! documentation. It is not how I would secure an Apache server. If you are in control of the entire Ubuntu server (not a VPS) you might be interested in the Joomla! permissions documentation available here and here.

    Here is a pretty good blog post about the problems. Even then it is not what I would do to secure my Apache server. I don't allow the Apache user (www-data) write permissions to the DocumentRoot at all. But that's just me. If the Apache user can only read (and serve) the data it can't be compromised.

    Edit: My guess as I'm not a Joomla! or Drupal user is that the problem arises when a person tries to update the system via a web interface using PHP. I think that is a very insecure idea. The person should use backend tools (i.e. SFTP or vsftp) only. In that case I would set the directory permissions at 755 or 775 depending upon whether the users were user:user or user:somegroup. In this scenario the Apache user would always have read access via the other read only permissions. The Apache user does NOT need to be either the user or in the user-group to function correctly.
    Last edited by bab1; June 8th, 2015 at 10:39 PM.
    -BAB1
    Advanced reply Adv Reply  
Page 2 of 2 FirstFirst 12
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Ubuntu Forums Code of Conduct