 |
Smarty
WARNING: All discussion is moving to https://reddit.com/r/smarty, please go there! This forum will be closing soon. |
|
| View previous topic :: View next topic |
| Author |
Message |
Hope
Smarty Rookie
Joined: 18 Jul 2005
Posts: 20
|
 Posted: Tue Sep 13, 2005 5:19 pm Post subject: Template Directories and chown |
 |
|
Hello All,
I successfully installed Smarty a few months ago but I do not remember setting ownership. I created the templates directories outside/above of the root and things seem to be working fine.
My questions are:
How can I find out if I actually did chown the directories - is there a way I can tell via shell access or FTP? (The .bash_history file shows some of the steps I took but doesn't include "chown")
If I find that I didn't chown the directories, are they are risk for hacking?
Silly question - but is the web server username the username I use to log in with? Or the main account name under which the site resides? I'm just wondering if "nobody" is the best to use or if it should be something else.
My apologies for all the questions.
Hope
| Quote: | In our example, the document root is /web/www.domain.com/docs and the
web server username is "nobody". We will keep our Smarty files under
/web/www.domain.com/smarty
$> chown nobody:nobody smarty/templates_c
$> chown nobody:nobody smarty/cache |
|
|
| Back to top |
|
Duncan
Smarty Pro
Joined: 16 Dec 2003
Posts: 166
|
| Posted: Tue Sep 13, 2005 5:48 pm Post subject: Re: Template Directories and chown |
|
|
| Hope wrote: | How can I find out if I actually did chown the directories - is there a way I can tell via shell access or FTP? (The .bash_history file shows some of the steps I took but doesn't include "chown")
If I find that I didn't chown the directories, are they are risk for hacking?
|
If you do have shell access on the server, then you can use to display the content of a directory with the display of permissions and owner:group settings.
If you chown the directories, then they are most likely a little bit more secure than just chmod 777 them, since chmod 777 will allow everyone access to it, but chown to webserver user will only allow webserver processes to write data to it.
However, this also depends on the server configuration setup by your host and may vary.
| Hope wrote: | | Silly question - but is the web server username the username I use to log in with? Or the main account name under which the site resides? I'm just wondering if "nobody" is the best to use or if it should be something else. |
The webserver username is often "nobody", but this also depends on the server configuration, so that you should contact your host, in case they are using a different user:group.
However, it's most likely that you won't be able to change the user:group from anything but your own ID anyway, at least in a shared environment. |
|
| Back to top |
|
Hope
Smarty Rookie
Joined: 18 Jul 2005
Posts: 20
|
| Posted: Tue Sep 13, 2005 7:45 pm Post subject: Re: Template Directories and chown |
|
|
Thank you, Duncan.
When I used ls -l my account username is in the column for all the directories listed. Could that mean it is automatically chowned? I'm guessing it's not likely.
The Smarty directory where the templates reside is chmod to 755 as well as the templates directory within it but the cache, configs and compile directories are chmod to 777. Are the templates themselves fairly secure when they are above the root and chmod this way?
Those are my last questions (today) - I promise!
Hope
| Duncan wrote: | If you do have shell access on the server, then you can use to display the content of a directory with the display of permissions and owner:group settings.
If you chown the directories, then they are most likely a little bit more secure than just chmod 777 them, since chmod 777 will allow everyone access to it, but chown to webserver user will only allow webserver processes to write data to it.
However, this also depends on the server configuration setup by your host and may vary.
The webserver username is often "nobody", but this also depends on the server configuration, so that you should contact your host, in case they are using a different user:group.
However, it's most likely that you won't be able to change the user:group from anything but your own ID anyway, at least in a shared environment. |
|
|
| Back to top |
|
Duncan
Smarty Pro
Joined: 16 Dec 2003
Posts: 166
|
| Posted: Tue Sep 13, 2005 8:19 pm Post subject: Re: Template Directories and chown |
|
|
| Hope wrote: | Thank you, Duncan.
When I used ls -l my account username is in the column for all the directories listed. Could that mean it is automatically chowned? I'm guessing it's not likely. |
If you are uploading files via FTP, then they will be using your user & group ID.
I assume you are on a shared hosting environment, in which case you wouldn't have to worry about chown, since you'll most likely not be able to change the user or group anyway.
| Hope wrote: | | The Smarty directory where the templates reside is chmod to 755 as well as the templates directory within it but the cache, configs and compile directories are chmod to 777. Are the templates themselves fairly secure when they are above the root and chmod this way? |
I think it's mentioned either in the FAQ or the manual, that you can setup the smarty dirs outside the public accessible space, so that only the needed files will be directly accessible, e.g.: your account /home/hope has the subdir /home/hope/www/ where all its browser accessible files are located in.
Then you could leave the templates, cache, templates_c, ... dirs all in /home/hope, where the script will still be able to read them, whereas a user won't be able to access them through his browser, since they are outside the /home/hope/www dir.
Keeping those dirs out of the public space & making sure that only the needed dirs get write access for the webserver, grants you a fair level of security. |
|
| Back to top |
|
Hope
Smarty Rookie
Joined: 18 Jul 2005
Posts: 20
|
| Posted: Tue Sep 13, 2005 8:35 pm Post subject: Re: Template Directories and chown |
|
|
Hi Duncan,
Yes, that's the way I have my templates set up - as you described. They've been working fine but just wondered if chown was something I needed to do since I'd left that step out. And yes, I am on a shared hosting environment for the time being so it looks like I've done what I can.
Thanks again for the quick helpful replies!
Hope |
|
| Back to top |
|
Duncan
Smarty Pro
Joined: 16 Dec 2003
Posts: 166
|
| Posted: Tue Sep 13, 2005 8:41 pm Post subject: Re: Template Directories and chown |
|
|
| Hope wrote: | | They've been working fine but just wondered if chown was something I needed to do since I'd left that step out. |
Nah,
that's usually only needed if you are installing a script on a dedicated machine or as the "root" user, so that you can apply the needed permissions to allow a certain range of users access to the files. |
|
| Back to top |
|
Hope
Smarty Rookie
Joined: 18 Jul 2005
Posts: 20
|
| Posted: Tue Sep 13, 2005 9:11 pm Post subject: Re: Template Directories and chown |
|
|
Oh good...thanks! 
| Duncan wrote: | | Hope wrote: | | They've been working fine but just wondered if chown was something I needed to do since I'd left that step out. |
Nah,
that's usually only needed if you are installing a script on a dedicated machine or as the "root" user, so that you can apply the needed permissions to allow a certain range of users access to the files. |
|
|
| Back to top |
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|
|
