[TYPO3-english] TYPO3 directory permissions

Victor Livakovsky v-tyok at mail.ru
Thu Nov 6 13:55:37 CET 2008


Hello, list.

I've been working with TYPO3 almost 3 years and it never has been
hacked until today.
The reason was - changing content of "localconf.php". I cann't
understand: is it my fault or hoster's?
Usually files, that are uploaded by ftp-user has se same owner as
files, created by TYPO (cache, unpacked extensions, localconf), so I
give write access to folders (fileadmin, typo3conf, typo3temp,
uploads) only for owner.
But at the server, where site was hacked,
owner of files, uploaded by ftp (ftp-files) is different form owner of files,
created by TYPO (TYPO-files). But they still have the same group. That's why I gave
write permission to group also (774), but TYPO still couldn't write
anything into these folders, that's why I had to change permissions to
777 (this was a mistake, I suppose).
I asked server administrator to make an owner of TYPO-files the same
as owner of ftp-files, but he said, that TYPO uploads files via http,
that's why owner is different. And also he said that TYPO allows
unauthorized changes...

That's why my question is: what permissions must these folders have?
And is it possible for server administrator to change owner of files,
created by TYPO? So this owner will be differnet from outside users
and nobody (except TYPO and ftp-user) could change any file.



More information about the TYPO3-english mailing list