[BlueOnyx:09461] Re: Dirs/files rights via FTP AND via CMS

[Frank Soyer]

Continuing to shake my brain...
what about the use of ACLs ? If the "web" tree is owned by a specific 
user, is there a way in the "web ownership" function to add an ACL "rw" 
for the user+group apache on all the arborescence ?

Frank

Le 27/01/2012 16:47, Frank Soyer a écrit :
> I see. Thank you for these detailed explanations, Chris. I suggest it to
> my clients using Wordpress or Joomla.
> But it's not a universal solution, right ? What about a Drupal, or
> CMCMS, all these kind of software ? You see, I also had the problem with
> Prestashop (e-commerce like Magento). And probably I'll have it with
> some soft in the future.
>
> So is there somewhere a "more global" solution ???
>
> Le 27/01/2012 11:14, Chris Gebhardt - VIRTBIZ Internet a écrit :
>> Frank Soyer wrote:
>>> Hi list,
>>> sorry if this subject was already treated, but I have more and more
>>> problems with rights and I don't find an acceptable solution.
>>> My problem is that most web developers are now using CMS, Wordpress,
>>> Joomla, and so on. These CMS have their own system of update, or module
>>> install, or themes install. Via the admin page with a browser, you can
>>> do all that.
>>> But if you do that, the site tree must be owned by Apache.
>>>
>>> By another way, when you need to upload files or specific scripts, you
>>> need to use FTP. Apache can't connect via ftp, so you use a user created
>>> for that.
>>> If the site is owned by apache, this user have no rights. If you change
>>> web ownership for this FTP user, apache don't have rights so the admin
>>> fonctionnalities of the CMS no longer work. Argh.
>>>
>>> What is the solution ??? Changing web ownership any time you want use
>>> ftp or use cms is not one.
>> Why not simply use FTP for all?  For instance, I'm aware that Wordpress
>> and Joomla both have the ability to connect via FTP rather than via
>> Apache.   That is a very simply modification to make.
>>
>> For most of the WordPress sites that our customers run, they are
>> configured with suPHP, with ownership of their admin FTP user (both of
>> those options set via BX GUI).  In order to get around the system asking
>> for FTP credentials every time an upgrade is done or a plugin is
>> updated, you can lock the FTP information inside wp-config.php.  Here's
>> a sample of what you'll need:
>>
>> *****************
>> define('FS_METHOD', 'ftpext');
>> define('FTP_BASE', '/home/sites/SITENAME/web/');
>> define('FTP_USER', 'username');
>> define('FTP_PASS', 'password');
>> define('FTP_HOST', 'localhost');
>> *****************
>>
>> Similarly, Joomla versions beginning with 1.5 have allowed for FTP.  You
>> can set that up inside Joomla by going to your site's Joomla Control
>> Panel->Site Menus->Global Configuration
>>
>> More info on that is here: http://help.joomla.org/content/view/1941/302/1/2/
>>
>>> I found a solution by adding W right on group on all the files and RX on
>>> dir. All users created in the vhost are in this group, so it works. But
>>> it's complicated, we must manually do that after all changes, or new
>>> files, or new directories....
>> That's cumbersome, and may introduce unwanted security risks for you.  I
>> would avoid that procedure and just stick with setting up FTP in the
>> CMS.   Most modern CMS platforms have that option and my suggestion
>> would be to take advantage of it.
>>
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx
>