|
Smarty
WARNING: All discussion is moving to https://reddit.com/r/smarty, please go there! This forum will be closing soon. |
|
View previous topic :: View next topic |
Author |
Message |
luoifong Smarty Rookie
Joined: 03 Nov 2003 Posts: 13 Location: Manitou Springs, Colorado
|
Posted: Mon Nov 03, 2003 5:23 pm Post subject: chown/chmod question |
|
|
I have a few questions regarding setup (I have an account on a shared server):
1. per the manual, I tried to chown the templates_c and cache directories, i.e.
chown nobody:nobody /home/username/smarty/appname/templates_c/
but I get the following message: chown: changing ownership of `templates_c': Operation not permitted
2. So I try to chmod the folders to 770 (per the manual). that works fine of course, but then when I try to run a script, I get the following error:
-------
Fatal error: Smarty error: unable to write to $compile_dir '/home/username/smarty/appname/templates_c'. Be sure $compile_dir is writable by the web server user. in /home/username/lib/php/Smarty/Smarty.class.php on line 1143
-------
3. So it seems that my only option is to chmod 777 the directories (which makes it work fine). But I wonder if there are any security risks with that (the directories, templates_c, cache, configs, templates, are outside of the public_html directory).
So, is chmod 777 my only option? If so what kind of security risks am I setting myself up for? Is there a better way?
Thanks! |
|
Back to top |
|
luoifong Smarty Rookie
Joined: 03 Nov 2003 Posts: 13 Location: Manitou Springs, Colorado
|
Posted: Wed Nov 05, 2003 3:01 pm Post subject: |
|
|
anyone have any thoughts on this?
I must admit, I'm a complete newbie when it comes to security on the Internet. So I apologize if some of the questions above are overly basic. Does anyone know of good resources (online or off) where I can start learning practical info regarding developing secure web sites/applications? |
|
Back to top |
|
mohrt Administrator
Joined: 16 Apr 2003 Posts: 7368 Location: Lincoln Nebraska, USA
|
Posted: Wed Nov 05, 2003 8:28 pm Post subject: |
|
|
What it boils down to is the web server user (ie. user nobody) must have write access to the templates_c and cache directories. The most secure method is to make the directories owned by user nobody. chown is the easiest way to accomplish this. Only a sysop (ie. root) can execute chown so if you can't do that then ask them to do it for you. If you can do this, then it is possible (and recommended) to disallow "other" users read/write access for optimum security.
# chown nobody:nobody templates_c cache
# chmod 770 templates_c cache
If you can't do that, another option is to make the directories group writable by the web server user (ie. group nobody) If you are in that group, then you should be able to do a chgrp on the directory and allow group write access. Again, make sure "other" users can't access it.
$ chgrp nobody template_c cache
$ chmod 770 templates_c cache
If you can't do that, another option is to write a small script that creates the templates_c and cache directories, and execute that through the web server. You will probably have to chmod 777 the directories above that for the moment so you can do this, and then change them back once the directories are in place. What might hold you back here is if the web server user is not allowed to create directories (in which you need to set use_sub_dirs=false, which is another topic.)
$ chmod 777 /path/to/foo
(execute php script through web browser)
<?php mkdir('/path/to/foo/templates_c'); ?>
<?php mkdir('/path/to/foo/cache'); ?>
$ chmod 755 /path/to/foo
If you can't do any of the above, you can allow "other" users write access to the directories (ie 777). Since user "nobody" falls into this category it should work. The security issue here is any user of the system can write files here. That's your own risk assessment call to make.
$ chmod 777 templates_c cache |
|
Back to top |
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|