[BlueOnyx:09452] Re: Dirs/files rights via FTP AND via CMS

Fri Jan 27 10:47:39 -05 2012

I see. Thank you for these detailed explanations, Chris. I suggest it to 
my clients using Wordpress or Joomla.
But it's not a universal solution, right ? What about a Drupal, or 
CMCMS, all these kind of software ? You see, I also had the problem with 
Prestashop (e-commerce like Magento). And probably I'll have it with 
some soft in the future.

So is there somewhere a "more global" solution ???

Le 27/01/2012 11:14, Chris Gebhardt - VIRTBIZ Internet a écrit :
> Frank Soyer wrote:
>> Hi list,
>> sorry if this subject was already treated, but I have more and more
>> problems with rights and I don't find an acceptable solution.
>> My problem is that most web developers are now using CMS, Wordpress,
>> Joomla, and so on. These CMS have their own system of update, or module
>> install, or themes install. Via the admin page with a browser, you can
>> do all that.
>> But if you do that, the site tree must be owned by Apache.
>>
>> By another way, when you need to upload files or specific scripts, you
>> need to use FTP. Apache can't connect via ftp, so you use a user created
>> for that.
>> If the site is owned by apache, this user have no rights. If you change
>> web ownership for this FTP user, apache don't have rights so the admin
>> fonctionnalities of the CMS no longer work. Argh.
>>
>> What is the solution ??? Changing web ownership any time you want use
>> ftp or use cms is not one.
> Why not simply use FTP for all?  For instance, I'm aware that Wordpress
> and Joomla both have the ability to connect via FTP rather than via
> Apache.   That is a very simply modification to make.
>
> For most of the WordPress sites that our customers run, they are
> configured with suPHP, with ownership of their admin FTP user (both of
> those options set via BX GUI).  In order to get around the system asking
> for FTP credentials every time an upgrade is done or a plugin is
> updated, you can lock the FTP information inside wp-config.php.  Here's
> a sample of what you'll need:
>
> *****************
> define('FS_METHOD', 'ftpext');
> define('FTP_BASE', '/home/sites/SITENAME/web/');
> define('FTP_USER', 'username');
> define('FTP_PASS', 'password');
> define('FTP_HOST', 'localhost');
> *****************
>
> Similarly, Joomla versions beginning with 1.5 have allowed for FTP.  You
> can set that up inside Joomla by going to your site's Joomla Control
> Panel->Site Menus->Global Configuration
>
> More info on that is here: http://help.joomla.org/content/view/1941/302/1/2/
>
>> I found a solution by adding W right on group on all the files and RX on
>> dir. All users created in the vhost are in this group, so it works. But
>> it's complicated, we must manually do that after all changes, or new
>> files, or new directories....
> That's cumbersome, and may introduce unwanted security risks for you.  I
> would avoid that procedure and just stick with setting up FTP in the
> CMS.   Most modern CMS platforms have that option and my suggestion
> would be to take advantage of it.
>