[TYPO3] hacking / file permissions
Georg Rehfeld
georg.rehfeld at gmx.de
Wed Jun 6 04:45:32 CEST 2007
Dear Ries,
Ries van Twisk wrote:
> You need to make sure that you have enough right to write,
> which basically means you run the apache server as the correct user,
> or you are part of the apache group. (first one is more usual).
>
> ...
>
> PS: Using the install tool you can setup user/group permissions to let
> typo3 write as the correct user including permissions.
As this issue
- is _so_ important to _every_ TYPO3 driven web site,
- and the typical TYPO3 download has nothing, to ensure the right
permissions (IMHO, unless I have not seen some essentials, again)
- and really _many_ hosters ain't be able to do it right
would you mind, to share your knowledge with us?
As verbose as possible (including *nix user/group setup, the Apache
user/goup setup etc). Adressed at me/us/stupid hosters/the world.
1. If you wanna be payed for that, just tell me the price by private
email.
2. If that info would reveal too much info to potential attackers,
again, please write a private email to me.
If none of 1/2 applies, your knowledge should be (at least) documented
in the TYPO3 documentation, but better be incorporated into _every_
TYPO3 install (say, as a shell script, driven by some user/group IDs
from the install tool).
Best regards
--
___ ___
| + | |__ Georg Rehfeld Woltmanstr. 12 20097 Hamburg
|_|_\ |___ georg.rehfeld.nospam at gmx.de +49 (40) 23 53 27 10
(Delete .nospam from mail address)
More information about the TYPO3-english
mailing list