correct file system permissions for joomla installation on linux

file-permissions website joomla owner

8,981

Solution 1

Is ok. Use www-data as owner and group:

cd /var
chown www-data:www-data www

No need to use chgrp.

Solution 2

This is very dangerous to have all Joomla! files and directories writable for webserver. If any bug in Joomla! or in some extension, the attacker will be able to remove/change/delete any file through the random exploit (utilizing the bug in PHP code). Instead of this, all files should be only readable by web server (ie: owner should be root or the normal user you have) and all permission sould be 755 for directories and 644 for files. Only the cache directory should by writable by www server (if you use caching). So something like this should be performed for whole Joomla directory (for Ubuntu & spol.):

cd /var/www/whatever-your-joomla-root-dir-is find . -type f -exec chmod 644 {} \; find . -type d -exec chmod 755 {} \; chown -R www-data .

See more about unix rights in http://forum.joomla.org/viewtopic.php?t=121470

You may need to change directories with extensions or templates the same way as cache directory only for the time you installing/removing one of them and then change ownership back.

For Fedora, CentOS, RHEL, Scientific Linux etc. command should be: chown -R apache .

Instead of changing ownership (this could be done as root only) you may just enable write permission for others by this command (and later revert back by passing o-w to the same command):

chmod -R o+w cache

8,981

jeffery_the_wind

Currently a Doctoral student in the Dept. of Math and Stats at Université de Montréal. In the past I have done a lot of full stack development and applied math. Now trying to focus more on the pure math side of things and theory. Always get a lot of help from the Stack Exchange Community! Math interests include optimization and Algebra although in practice I do a lot of machine learning.

Updated on September 18, 2022

Comments

jeffery_the_wind almost 2 years

My question is pretty general. Lets assume I have a linux distribution web server, with the /var/www/ is the web directory. I used my superuser account to upload and unzip the Joomla installation .zip folder.

The linux system user for web users is called www-data. Anyway, my question is who should be the ONWER of the files in the linux system? Right now, because I used my superuser account to unzip the files, all the folders and files are owned by the super user, and therefore come up in the joomla admin system as being unwritable. I am just a little hesitant to set the www-data user as the owner of the files. Is this OK?

Just for reference, in linux i would change the owner of the folders and files with chown and change the group with chgrp.

Thanks!
jeffery_the_wind about 10 years

i just kept my configuration.php file as owned by the superuser.
jeffery_the_wind over 9 years

Wow thank you very much, this seems much safer. Sometimes we upload files and save them to the server, but I guess this upload directory should be the only one with write permissions.