TP-Docs
HTML5 Icon HTML5 Icon HTML5 Icon
TP on Social Media

Recent

Welcome to TinyPortal. Please login or sign up.

February 10, 2025, 01:13:35 AM

Login with username, password and session length
Members
  • Total Members: 3,946
  • Latest: Sparo
Stats
  • Total Posts: 195,471
  • Total Topics: 21,258
  • Online today: 79
  • Online ever: 6,457 (November 30, 2024, 02:40:09 PM)
Users Online
  • Users: 0
  • Guests: 75
  • Total: 75

Basic Install Guide[old]

Started by IchBin, October 31, 2005, 10:51:56 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

ccurran

Gentlemen,

A properly setup web server does not need 777 file permissions; in fact, it's a dangerous practice to get into. Setting permissions to 777 to get something to work is a good indication your server isn't setup properly. Here is how I do it (on Linux):

If your server is running now, stop it:

# /path to apache install/bin/apachectl stop

In your httpd.conf file make sure the user/group fields are set:

User apache
Group apache

Then at your command prompt:

# chown -R apache:apache /path to server root/
# chmod -R 664 /path to server root/
# chmod -R a+X /path to server root/

On my system the above commands would look like this:

# chown -R apache.apache /opt/www2/htdocs/planetCurran
# chmod -R 664 /opt/www2/htdocs/planetCurran
# chmod -R a+X /opt/www2/htdocs/planetCurran

The first chmod command recursively sets all files to read/write by the owner and members of the group, and read only to the rest of the world. I allow write access to members of the apache group (i.e. my login) so that the directories can me managed via samba from a Windows box. The second chmod command recursively sets the access bit for directories (only) - resulting in directories being set to 775.

Start your apache server:
# /path to apache install/bin/apachectl start

You really, really, really don't want to go around setting all files in publicly accessed system to world writable willy nilly. That's just standing on a hill and daring God to hit you with lightning...

cheers,
Chris

IchBin

Yes but you can only do this if you are the owner of the server. Unfortunately, MANY hosting companies do not have their servers setup properly to allow this. Writing files to 777 isn't as bad as everyone makes it out to be IMO. If you're worried about a hacker using this to their advantage you got bigger problems than worrying about your home directory.0

gerrymo

Perhaps you should read through the following link for more info about SMF/chmod 777

http://www.simplemachines.org/community/index.php?topic=2987.0

ccurran

LOL... Famous last words. Security isn't any one thing - it's a practice. The weakest link is where the chain breaks...

Don't take my word for any of this - it's easy to google the topic... 777 is a bad idea... Why do it wrong, when doing it right is only one more command?

cheers,
Chris

Quote from: IchBinâââ,¬Å¾Ã,¢ on January 18, 2006, 10:16:07 PM
Yes but you can only do this if you are the owner of the server. Unfortunately, MANY hosting companies do not have their servers setup properly to allow this. Writing files to 777 isn't as bad as everyone makes it out to be IMO. If you're worried about a hacker using this to their advantage you got bigger problems than worrying about your home directory.0

ccurran

Yes, thank you - I did read it and disagree with parts of it. Mode 777 doesn't make anything "work better" - things work or they don't. Set the right user/group and file permissions and you'll have no problems. Us old unix hacks have been preaching this for 30 years (and folks still don't listen ;)).

Telling folks to set 777 "works better" for support folks because it's easier than walking some num-skull through proper server setup... but that's the only "works better" part to it.

Why run the risk when doing it safely is simply one more command?

cheers,
Chris

Quote from: gerrymo on January 18, 2006, 10:27:35 PM
Perhaps you should read through the following link for more info about SMF/chmod 777

http://www.simplemachines.org/community/index.php?topic=2987.0

ccurran

Well, I can see that civil debate isn't tolerated here. A negative karma because of these posts? Thanks.

Over and out.

IchBin

While I agree you shouldn't keep things 777. It shouldn't be such a big deal to have someone do it just to get mods installed. Then quickly change it back. It takes all of just a minute to do so. It sure is easier to do that then to get your host to know their operating system. IMO, you have more to worry about with any one of your programs getting exploited than you do with a 777 file or folder. I didn't touch your Karma. I'm assuming you deleted your account because of this? I'm sorry you feel karma is that important. Nevertheless it was a pleasure chatting, if you've left.

PhilH

What an interesting twist this thread has taken. Although I don't agree with the "Quickly Departed" poster I do see the need to revise this guide. I suspect TP has evolved to the point that much of it can be removed. I would certainly add a section on the 777 issue.

osquitar

I tried with SMF1.1RC2 and got the following message:

The package you are trying to download or install is either corrupt or not compatible with this version of SMF.

What can I do?

Xarcell