Smarty Forum Index Smarty
WARNING: All discussion is moving to https://reddit.com/r/smarty, please go there! This forum will be closing soon.

chown/chmod question

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Smarty Forum Index -> Installation and Setup
View previous topic :: View next topic  
Author Message
luoifong
Smarty Rookie


Joined: 03 Nov 2003
Posts: 13
Location: Manitou Springs, Colorado

PostPosted: Mon Nov 03, 2003 5:23 pm    Post subject: chown/chmod question Reply with quote

I have a few questions regarding setup (I have an account on a shared server):

1. per the manual, I tried to chown the templates_c and cache directories, i.e.

chown nobody:nobody /home/username/smarty/appname/templates_c/

but I get the following message: chown: changing ownership of `templates_c': Operation not permitted

2. So I try to chmod the folders to 770 (per the manual). that works fine of course, but then when I try to run a script, I get the following error:

-------
Fatal error: Smarty error: unable to write to $compile_dir '/home/username/smarty/appname/templates_c'. Be sure $compile_dir is writable by the web server user. in /home/username/lib/php/Smarty/Smarty.class.php on line 1143
-------

3. So it seems that my only option is to chmod 777 the directories (which makes it work fine). But I wonder if there are any security risks with that (the directories, templates_c, cache, configs, templates, are outside of the public_html directory).

So, is chmod 777 my only option? If so what kind of security risks am I setting myself up for? Is there a better way?

Thanks!
Back to top
View user's profile Send private message AIM Address Yahoo Messenger
luoifong
Smarty Rookie


Joined: 03 Nov 2003
Posts: 13
Location: Manitou Springs, Colorado

PostPosted: Wed Nov 05, 2003 3:01 pm    Post subject: Reply with quote

anyone have any thoughts on this?

I must admit, I'm a complete newbie when it comes to security on the Internet. So I apologize if some of the questions above are overly basic. Does anyone know of good resources (online or off) where I can start learning practical info regarding developing secure web sites/applications?
Back to top
View user's profile Send private message AIM Address Yahoo Messenger
mohrt
Administrator


Joined: 16 Apr 2003
Posts: 7368
Location: Lincoln Nebraska, USA

PostPosted: Wed Nov 05, 2003 8:28 pm    Post subject: Reply with quote

What it boils down to is the web server user (ie. user nobody) must have write access to the templates_c and cache directories. The most secure method is to make the directories owned by user nobody. chown is the easiest way to accomplish this. Only a sysop (ie. root) can execute chown so if you can't do that then ask them to do it for you. If you can do this, then it is possible (and recommended) to disallow "other" users read/write access for optimum security.

# chown nobody:nobody templates_c cache
# chmod 770 templates_c cache

If you can't do that, another option is to make the directories group writable by the web server user (ie. group nobody) If you are in that group, then you should be able to do a chgrp on the directory and allow group write access. Again, make sure "other" users can't access it.

$ chgrp nobody template_c cache
$ chmod 770 templates_c cache

If you can't do that, another option is to write a small script that creates the templates_c and cache directories, and execute that through the web server. You will probably have to chmod 777 the directories above that for the moment so you can do this, and then change them back once the directories are in place. What might hold you back here is if the web server user is not allowed to create directories (in which you need to set use_sub_dirs=false, which is another topic.)

$ chmod 777 /path/to/foo

(execute php script through web browser)
<?php mkdir('/path/to/foo/templates_c'); ?>
<?php mkdir('/path/to/foo/cache'); ?>

$ chmod 755 /path/to/foo

If you can't do any of the above, you can allow "other" users write access to the directories (ie 777). Since user "nobody" falls into this category it should work. The security issue here is any user of the system can write files here. That's your own risk assessment call to make.

$ chmod 777 templates_c cache
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Smarty Forum Index -> Installation and Setup All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group
Protected by Anti-Spam ACP