Joomla permission

I’ve installed Joomla 1.5 within LAMP. I couldn’t install extensions for Joomla until I changed the permission for “Others” to “Create and delete files”.

Anyone know if this cause a security leak?

On a Windows server, there is no need to open write access for Everyone or web anonymous user.

Even I login as root on the server and having the same permission and still not enough.

OpenSUSE 11

I think this is depending on how your running Joomla on Windows (and which version of Windows/IIS or Apche) the http service can access the files as it has system rights.

You should be able the set the access rights needed using the apache access files - there are others here who know more about that… could be you have to refrase your question (setting rights with apache) to get the correct answer.



So you are saying the Apache handle the web access, by .htaccess file? If so, by any chance you know where I could look into that?

Thank you.

Hi Cocareer,

I’ve given this another thought & the apache access files are probably not the first place to be looking for this. I haven’t set up Joomla on openSUSE before, so I have no specific knowledge there to share.

One thing that could be amiss is the fact that openSUSE stores the httpdocs in a different location, instead of /var/www/… it places them in /srv/www/… (due to different security perspective).

There is a OBS project for Joomla and you could have more success using those packages, see here : - Joomla & openSUSE 11.0

The maintainer is also active here (now and then) so you might get his attention.

Hope that helps,

To add, seems you are not alone with the extension errors:
Joomla! • View topic - Joomla! 1.5.7 extensions install error on PCLOS What I gather from this post, seeing Ubuntu works, is that SELinux and AppArmor could be acting and preventing access.

But it does seem normal to have to set the write access on the folders holding the website. Again, no idea what security implications there are when doing this.