[BlueOnyx:09477] Re: Dirs/files rights via FTP AND via CMS

Mon Jan 30 03:58:51 -05 2012

Well. No opinion ?
Am I the only one having this kind of problem ?
ACLs are now installed on all distros, including CentOS/BlueOnyx. Is 
there a way to modify the script launched by "web ownership" menu to 
always add an ACL for apache ? Do you know which script il launched ? 
I'll test it if I have some informations.

Frank

Le 28/01/2012 16:11, Frank Soyer a écrit :
> Continuing to shake my brain...
> what about the use of ACLs ? If the "web" tree is owned by a specific
> user, is there a way in the "web ownership" function to add an ACL "rw"
> for the user+group apache on all the arborescence ?
>
> Frank
>
> Le 27/01/2012 16:47, Frank Soyer a écrit :
>> I see. Thank you for these detailed explanations, Chris. I suggest it to
>> my clients using Wordpress or Joomla.
>> But it's not a universal solution, right ? What about a Drupal, or
>> CMCMS, all these kind of software ? You see, I also had the problem with
>> Prestashop (e-commerce like Magento). And probably I'll have it with
>> some soft in the future.
>>
>> So is there somewhere a "more global" solution ???
>>
>> Le 27/01/2012 11:14, Chris Gebhardt - VIRTBIZ Internet a écrit :
>>> Frank Soyer wrote:
>>>> Hi list,
>>>> sorry if this subject was already treated, but I have more and more
>>>> problems with rights and I don't find an acceptable solution.
>>>> My problem is that most web developers are now using CMS, Wordpress,
>>>> Joomla, and so on. These CMS have their own system of update, or module
>>>> install, or themes install. Via the admin page with a browser, you can
>>>> do all that.
>>>> But if you do that, the site tree must be owned by Apache.
>>>>
>>>> By another way, when you need to upload files or specific scripts, you
>>>> need to use FTP. Apache can't connect via ftp, so you use a user created
>>>> for that.
>>>> If the site is owned by apache, this user have no rights. If you change
>>>> web ownership for this FTP user, apache don't have rights so the admin
>>>> fonctionnalities of the CMS no longer work. Argh.
>>>>
>>>> What is the solution ??? Changing web ownership any time you want use
>>>> ftp or use cms is not one.
>>> Why not simply use FTP for all?  For instance, I'm aware that Wordpress
>>> and Joomla both have the ability to connect via FTP rather than via
>>> Apache.   That is a very simply modification to make.
>>>
>>> For most of the WordPress sites that our customers run, they are
>>> configured with suPHP, with ownership of their admin FTP user (both of
>>> those options set via BX GUI).  In order to get around the system asking
>>> for FTP credentials every time an upgrade is done or a plugin is
>>> updated, you can lock the FTP information inside wp-config.php.  Here's
>>> a sample of what you'll need:
>>>
>>> *****************
>>> define('FS_METHOD', 'ftpext');
>>> define('FTP_BASE', '/home/sites/SITENAME/web/');
>>> define('FTP_USER', 'username');
>>> define('FTP_PASS', 'password');
>>> define('FTP_HOST', 'localhost');
>>> *****************
>>>
>>> Similarly, Joomla versions beginning with 1.5 have allowed for FTP.  You
>>> can set that up inside Joomla by going to your site's Joomla Control
>>> Panel->Site Menus->Global Configuration
>>>
>>> More info on that is here: http://help.joomla.org/content/view/1941/302/1/2/
>>>
>>>> I found a solution by adding W right on group on all the files and RX on
>>>> dir. All users created in the vhost are in this group, so it works. But
>>>> it's complicated, we must manually do that after all changes, or new
>>>> files, or new directories....
>>> That's cumbersome, and may introduce unwanted security risks for you.  I
>>> would avoid that procedure and just stick with setting up FTP in the
>>> CMS.   Most modern CMS platforms have that option and my suggestion
>>> would be to take advantage of it.
>>>
>> _______________________________________________
>> Blueonyx mailing list
>> Blueonyx at mail.blueonyx.it
>> http://mail.blueonyx.it/mailman/listinfo/blueonyx
>>
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx
>