[TYPO3] Typo3 Install permissions on Linux

Dmitry Dulepov [typo3] dmitry at typo3.org
Wed Nov 14 13:45:45 CET 2007


Hi!

Assuming that your web server's user name is apache and group name is too apache...

Darko Jr. Gonzalez wrote:
> I downloade Source with Dummy site ZIP 4.1.3. What are the exact best
> permissions security wise for the folders and files?
> 1. I read install.txt within the zip file - states that I have to set
> 777 or 755 to /typo3temp, /typo3/temp/, /typo3conf/localconf.php

These instructions are quite bad actually...

Inside web site root you should do:

chown -R root:apache fileadmin uploads typo3temp typo3conf
chmod -R g+w fileadmin uploads typo3temp typo3conf
chmod -R o-w *

> 2. I read typo3 security cookbook 0.5, the section for File System
> Rights defines:
> - Revoke all write privileges for the webserver account to typo3_src
> folder. How do I learn whats the webserver account? What are exact
> permission for this folder?

Inside typo3 source folder (this is where you unzip typo3_src package):

chown -R root:root *
chmod -R typo3_src go-w *

Note you should have typo3_src packages unzipped to a separate location, not to web site root. Then you should symlink (see "man ln") certain folders and files to web site root.

> - set ownership and umask in htdocs to appropriate values (differs for
> the various subdirectories). Where do I learn what do I need to set
> for each folder and it's subdirectories?

The above command make it for typo3. If you installa something else (like Coppermine gallery or phpMyAdmin), you have to check documentation for those products.

-- 
Dmitry Dulepov
TYPO3 freelancer / TYPO3 core team member
Web: http://typo3bloke.net/
Skype: callto:liels_bugs


More information about the TYPO3-english mailing list