test
Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
    Posts
  • localconnectionsmagazine Friend
    #180192

    Just ran a diagnostics on my joomla site and warnings of joomart extensions warning “elevated folder permissions” checked web 777 is a risk. Firstly is this setting correct, secondly is it a risk or have you protection in place?

    Many thanks for looking

    MoonSailor Friend
    #465294

    Hi,

    Sorry, I don’t really get what you mean here. Could you please be more specific so that I can offer the proper help?

    localconnectionsmagazine Friend
    #465360

    Sorry to be vague in my questions.

    I ran Joomla Forum Post Assitance fpa-en.php on my site to give me a full diagnostics of possible errors or problems.

    Warnings that came up was :

    ELEVATED PERMISSIONS (FIRST 10)
    MODE -WRITABLE -FOLDER

    777 -Yes -jaextmanager_data/j16/ (
    777 -Yes -jaextmanager_data/j16/component/ (
    777 -Yes -jaextmanager_data/j16/component/com_jaextmanager/ (
    777 -Yes -jaextmanager_data/j16/component/com_jaextmanager/backup/ (
    777 -Yes -tmp/ja20120816013927a4566f5c0c67ec9c0ac24d62f32df59f.tmp/ (
    777 -Yes -tmp/ja20120816013927a4566f5c0c67ec9c0ac24d62f32df59f.tmp/com_jaextmanager/ (
    777 -Yes -tmp/ja20120816013927a4566f5c0c67ec9c0ac24d62f32df59f.tmp/com_jaextmanager/db/ (
    777 -Yes -tmp/ja20120816013927a4566f5c0c67ec9c0ac24d62f32df59f.tmp/com_jaextmanager/lang/ (
    777 -Yes -tmp/ja20120816013927a4566f5c0c67ec9c0ac24d62f32df59f.tmp/com_jaextmanager/lang/admin/ (
    777 -Yes -tmp/ja201208160139286fd4d1adf71bb67f10ad9e8bea6a381f.tmp/ (

    I am your average Joomla user and not too php savvy but found this post on Joomla security website here

    Use proper permissions on files and directories. They should never be 777[1], but ideal is 644 for files and 755 folders.

    So my concern is why is the folder permission set to 777, is that JA´s standard setting or has it been altered and what can I do to avoid having 777 folder permissions but still use jaextensions manager?

    Thanks for the reply and sorry to be so vague first time around

    MoonSailor Friend
    #465680

    Hi,

    With folder “tmp” – it is a temporary directory. I think it’s using permission 777.

    In some servers, folder with permission 755 can not create file or new folder. For JA Extension Manager, when you upgrade new version, it creates backup folder automatically. So, for your hosting, I do not know with permission 755, it allows to create new folders and new files.

    Regards,

    ron shafii Friend
    #482823

    I just encountered this same problem for J2.5 and extension version 2.5.4

    jaextmanager_data/j16
    jaextmanager_data/j16/component
    jaextmanager_data/j16/component/com_cswcompass
    jaextmanager_data/j16/component/com_cswcompass/backup

    Is JA Extension Manager creating 777 permissions with its folder structure after being installed?

    This is crazy! Aside from the security risks anyone is allowed to steal the extension packages uploaded to the repository.

    Luna Garden Moderator
    #482847

    Hello,

    As you can see that, for each extensions, JA EM will create a folder to store the backup file.

    <blockquote>In some servers, folder with permission 755 can not create file or new folder. For JA Extension Manager, when you upgrade new version, it auto creates backup folder. So, for your hosting, I do not know with permission 755, it allows to create new folders and new files.</blockquote>

    777 is not the recommended folder permission. So you should contact your hosting provider to permit user “web” to write files in folder jaextmanager_data

    ron shafii Friend
    #482904

    Thanks for the reply Luna Garden, but my hosting provider isn’t the problem. This is the first time in 3 years I have come across this issue with my hosting provider. Also this isn’t an upgraded extension. It’s a fresh install created end of Jan. However, I have made an error and I didn’t install v2.5.4 instead I installed v2.5.3 . Definitely a mistake on my part, but I can see this was an issue with 2.5.2 as well as 2.5.3.

    Those folders I previously posted were created by JA Extension Manager. If Joomlart’s algorithm is set to create new folders without any restrictive permissions then that’s a bug. At the very least it should be set to 755. I’m just trying to let Joomlart be aware of the issue.

    Most users who use this extension wouldn’t have a clue as to the double check the folder permission structure manually. If they’re lucky they would use something like RSFirewall and perform a system check every time a new extension is installed. RSFirewall automatically checks for 777 permissions. In my case my hosting provider contacted me because his hardware and software firewall threw up warning signs. At that point I decided to run RSFirewall’s system check.

    ron shafii Friend
    #483328

    it appears this is only an issue with v2.5.3 since v2.5.4 appears to have fixed the issue.

    Luna Garden Moderator
    #483752

    Hello,

    I have informed the developer about this problem. All code is checked, and he confirmed
    that all folder permission is set to 755.

    For the best performance, please upgrade JA EM to the latest version ( 2.5.4).

    With old folder permission 777, set permission back to 755 manually.

Viewing 9 posts - 1 through 9 (of 9 total)

This topic contains 9 replies, has 4 voices, and was last updated by  Luna Garden 11 years, 10 months ago.

We moved to new unified forum. Please post all new support queries in our New Forum