cancel
Showing results for 
Search instead for 
Did you mean: 

UNIX File Permissions vs Sensitive information are accessible from the outside.

UNIX File Permissions vs Sensitive information are accessible from the outside.

Hi All,

 

This is my first post and start into the marvelous world of Magento.

 

I created a Raspberry Pi LAMP and installed Magento.

During the setup of Magento it complaint that /var/www/media/ and /var/www/app/etc/ must be writeable.

I used SSH and used the following command.

 

sudo chmod -R 777 /var/www/

 

The installation contineud smoothly.

Into the admin panel I have gotten following message;

 

"Your web server is configured incorrectly. As a result, configuration files with sensitive information are accessible from the outside. Please contact your hosting provider."

 

So I head back to the following page magento_filesystem_permissions

Their it states that;

"Files and folders will need to be returned to 655 non-writable permissions after installation except var and media."

 

I went back to the SSH and used the following commands.

 

sudo chmod -R 655 /var/www/

sudo chmod -R 777 /var/www/var/
sudo chmod -R 777 /var/www/media/

 

And double checked file permission in WinSCP everything as suspected.

 

But now when I browse to the server ip I get the following message.

 

Forbidden

You don't have permission to access / on this server.

Apache/2.2.22 (Debian) Server at 192.168.1.136 Port 80

 

In order to continue playing I re-used the hack job.

 

sudo chmod -R 777 /var/www/

 

And the homepage is availible again...

 

I don't want to be vuneriable to this.

 

"Your web server is configured incorrectly. As a result, configuration files with sensitive information are accessible from the outside. Please contact your hosting provider."

 

Thank you for reading this long post.

Any comment will be highly appriciated.

 

 

 

 

1 REPLY 1

Re: UNIX File Permissions vs Sensitive information are accessible from the outside.

Here are the recommended permission settings for a live Magento store. First, change directories into the Magento installation folder, and then enter the following:

 

ls -l    (to see the current settings)

 

find . -type d -exec chmod 500 {} \;
find . -type f -exec chmod 400 {} \;
find var/ -type f -exec chmod 600 {} \;
find media/ -type f -exec chmod 600 {} \;
find var/ -type d -exec chmod 700 {} \;
find media/ -type d -exec chmod 700 {} \;


ls -l   (to see the new settings)

 

The "Installing a Patch" topic in the user guide is also a tutorial about changing ownership and permissions.  Here's a link:

 

http://merch.docs.magento.com/ce/user_guide/Magento_Community_Edition_User_Guide.html#magento/patch-...

 

Claire