- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
UNIX File Permissions vs Sensitive information are accessible from the outside.
Hi All,
This is my first post and start into the marvelous world of Magento.
I created a Raspberry Pi LAMP and installed Magento.
During the setup of Magento it complaint that /var/www/media/ and /var/www/app/etc/ must be writeable.
I used SSH and used the following command.
sudo chmod -R 777 /var/www/
The installation contineud smoothly.
Into the admin panel I have gotten following message;
"Your web server is configured incorrectly. As a result, configuration files with sensitive information are accessible from the outside. Please contact your hosting provider."
So I head back to the following page magento_filesystem_permissions
Their it states that;
"Files and folders will need to be returned to 655 non-writable permissions after installation except var and media."
I went back to the SSH and used the following commands.
sudo chmod -R 655 /var/www/
sudo chmod -R 777 /var/www/var/
sudo chmod -R 777 /var/www/media/
And double checked file permission in WinSCP everything as suspected.
But now when I browse to the server ip I get the following message.
Forbidden
You don't have permission to access / on this server.
Apache/2.2.22 (Debian) Server at 192.168.1.136 Port 80
In order to continue playing I re-used the hack job.
sudo chmod -R 777 /var/www/
And the homepage is availible again...
I don't want to be vuneriable to this.
"Your web server is configured incorrectly. As a result, configuration files with sensitive information are accessible from the outside. Please contact your hosting provider."
Thank you for reading this long post.
Any comment will be highly appriciated.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: UNIX File Permissions vs Sensitive information are accessible from the outside.
Here are the recommended permission settings for a live Magento store. First, change directories into the Magento installation folder, and then enter the following:
ls -l (to see the current settings)
find . -type d -exec chmod 500 {} \;
find . -type f -exec chmod 400 {} \;
find var/ -type f -exec chmod 600 {} \;
find media/ -type f -exec chmod 600 {} \;
find var/ -type d -exec chmod 700 {} \;
find media/ -type d -exec chmod 700 {} \;
ls -l (to see the new settings)
The "Installing a Patch" topic in the user guide is also a tutorial about changing ownership and permissions. Here's a link:
Claire