-
AuthorPosts
-
localconnectionsmagazine Friend
localconnectionsmagazine
- Join date:
- June 2009
- Posts:
- 36
- Downloads:
- 0
- Uploads:
- 5
- Thanks:
- 8
August 24, 2012 at 4:53 am #180192Just ran a diagnostics on my joomla site and warnings of joomart extensions warning “elevated folder permissions” checked web 777 is a risk. Firstly is this setting correct, secondly is it a risk or have you protection in place?
Many thanks for looking
MoonSailor FriendMoonSailor
- Join date:
- November 2011
- Posts:
- 1106
- Downloads:
- 0
- Uploads:
- 245
- Thanks:
- 89
- Thanked:
- 248 times in 223 posts
August 25, 2012 at 4:13 am #465294Hi,
Sorry, I don’t really get what you mean here. Could you please be more specific so that I can offer the proper help?
localconnectionsmagazine Friendlocalconnectionsmagazine
- Join date:
- June 2009
- Posts:
- 36
- Downloads:
- 0
- Uploads:
- 5
- Thanks:
- 8
August 26, 2012 at 7:20 am #465360Sorry to be vague in my questions.
I ran Joomla Forum Post Assitance fpa-en.php on my site to give me a full diagnostics of possible errors or problems.
Warnings that came up was :
ELEVATED PERMISSIONS (FIRST 10)
MODE -WRITABLE -FOLDER777 -Yes -jaextmanager_data/j16/ (
777 -Yes -jaextmanager_data/j16/component/ (
777 -Yes -jaextmanager_data/j16/component/com_jaextmanager/ (
777 -Yes -jaextmanager_data/j16/component/com_jaextmanager/backup/ (
777 -Yes -tmp/ja20120816013927a4566f5c0c67ec9c0ac24d62f32df59f.tmp/ (
777 -Yes -tmp/ja20120816013927a4566f5c0c67ec9c0ac24d62f32df59f.tmp/com_jaextmanager/ (
777 -Yes -tmp/ja20120816013927a4566f5c0c67ec9c0ac24d62f32df59f.tmp/com_jaextmanager/db/ (
777 -Yes -tmp/ja20120816013927a4566f5c0c67ec9c0ac24d62f32df59f.tmp/com_jaextmanager/lang/ (
777 -Yes -tmp/ja20120816013927a4566f5c0c67ec9c0ac24d62f32df59f.tmp/com_jaextmanager/lang/admin/ (
777 -Yes -tmp/ja201208160139286fd4d1adf71bb67f10ad9e8bea6a381f.tmp/ (I am your average Joomla user and not too php savvy but found this post on Joomla security website here
Use proper permissions on files and directories. They should never be 777[1], but ideal is 644 for files and 755 folders.
So my concern is why is the folder permission set to 777, is that JA´s standard setting or has it been altered and what can I do to avoid having 777 folder permissions but still use jaextensions manager?
Thanks for the reply and sorry to be so vague first time around
MoonSailor FriendMoonSailor
- Join date:
- November 2011
- Posts:
- 1106
- Downloads:
- 0
- Uploads:
- 245
- Thanks:
- 89
- Thanked:
- 248 times in 223 posts
August 29, 2012 at 3:53 am #465680Hi,
With folder “tmp” – it is a temporary directory. I think it’s using permission 777.
In some servers, folder with permission 755 can not create file or new folder. For JA Extension Manager, when you upgrade new version, it creates backup folder automatically. So, for your hosting, I do not know with permission 755, it allows to create new folders and new files.
Regards,
ron shafii Friendron shafii
- Join date:
- October 2013
- Posts:
- 28
- Downloads:
- 1
- Uploads:
- 0
- Thanks:
- 3
- Thanked:
- 7 times in 1 posts
February 7, 2013 at 9:52 pm #482823I just encountered this same problem for J2.5 and extension version 2.5.4
jaextmanager_data/j16
jaextmanager_data/j16/component
jaextmanager_data/j16/component/com_cswcompass
jaextmanager_data/j16/component/com_cswcompass/backupIs JA Extension Manager creating 777 permissions with its folder structure after being installed?
This is crazy! Aside from the security risks anyone is allowed to steal the extension packages uploaded to the repository.
Luna Garden ModeratorLuna Garden
- Join date:
- July 2011
- Posts:
- 2617
- Downloads:
- 80
- Uploads:
- 96
- Thanks:
- 78
- Thanked:
- 453 times in 425 posts
February 8, 2013 at 4:34 am #482847Hello,
As you can see that, for each extensions, JA EM will create a folder to store the backup file.
<blockquote>In some servers, folder with permission 755 can not create file or new folder. For JA Extension Manager, when you upgrade new version, it auto creates backup folder. So, for your hosting, I do not know with permission 755, it allows to create new folders and new files.</blockquote>
777 is not the recommended folder permission. So you should contact your hosting provider to permit user “web” to write files in folder jaextmanager_data
ron shafii Friendron shafii
- Join date:
- October 2013
- Posts:
- 28
- Downloads:
- 1
- Uploads:
- 0
- Thanks:
- 3
- Thanked:
- 7 times in 1 posts
February 8, 2013 at 7:39 pm #482904Thanks for the reply Luna Garden, but my hosting provider isn’t the problem. This is the first time in 3 years I have come across this issue with my hosting provider. Also this isn’t an upgraded extension. It’s a fresh install created end of Jan. However, I have made an error and I didn’t install v2.5.4 instead I installed v2.5.3 . Definitely a mistake on my part, but I can see this was an issue with 2.5.2 as well as 2.5.3.
Those folders I previously posted were created by JA Extension Manager. If Joomlart’s algorithm is set to create new folders without any restrictive permissions then that’s a bug. At the very least it should be set to 755. I’m just trying to let Joomlart be aware of the issue.
Most users who use this extension wouldn’t have a clue as to the double check the folder permission structure manually. If they’re lucky they would use something like RSFirewall and perform a system check every time a new extension is installed. RSFirewall automatically checks for 777 permissions. In my case my hosting provider contacted me because his hardware and software firewall threw up warning signs. At that point I decided to run RSFirewall’s system check.
ron shafii Friendron shafii
- Join date:
- October 2013
- Posts:
- 28
- Downloads:
- 1
- Uploads:
- 0
- Thanks:
- 3
- Thanked:
- 7 times in 1 posts
February 13, 2013 at 7:51 pm #483328it appears this is only an issue with v2.5.3 since v2.5.4 appears to have fixed the issue.
Luna Garden ModeratorLuna Garden
- Join date:
- July 2011
- Posts:
- 2617
- Downloads:
- 80
- Uploads:
- 96
- Thanks:
- 78
- Thanked:
- 453 times in 425 posts
February 18, 2013 at 7:20 am #483752 -
AuthorPosts
This topic contains 9 replies, has 4 voices, and was last updated by Luna Garden 11 years, 10 months ago.
We moved to new unified forum. Please post all new support queries in our New Forum