cancel
Showing results for 
Search instead for 
Did you mean: 

UNIX File Permissions vs Sensitive information are accessible from the outside.

UNIX File Permissions vs Sensitive information are accessible from the outside.

Hello everybody 


I have just set up a test installation on a dedicated Ubuntu server using the latest Magento CE release. I have followed this articles here: 

 

Recommended Privileges and Ownership Before You Install Magento

http://devdocs.magento.com/guides/m1x/install/installer-privileges_before.html#privs-before

 

Setting Privileges and Ownership After You Install Magento

http://devdocs.magento.com/guides/m1x/install/installer-privileges_after.html#privs-after

 

However when logging into the admin backend it keeps telling me this:

 

Your web server is configured incorrectly. As a result, configuration files with sensitive information are accessible from the outside. Please contact your hosting provider.

 

I have installed Magento to the root of my apaches html directory (/var/www/html) which means the directory structure looks as follows. The server itselfs run's as user www-data.  

 

dr-x------ 13 www-data root 4.0K Jun 15 19:00 .
drwxr-xr-x  3 root     root 4.0K Jun 10 19:16 ..
-r--------  1 www-data root 2.8K Jun 15 18:59 api.php
dr-x------  6 www-data root 4.0K Jun 15 19:00 app
-r--------  1 www-data root 2.8K Jun 15 19:00 cron.php
-r--------  1 www-data root  717 Jun 15 19:00 cron.sh
dr-x------  7 www-data root 4.0K Jun 15 19:00 downloader
dr-x------  3 www-data root 4.0K Jun 15 19:00 errors
-r--------  1 www-data root 1.2K Jun 15 19:00 favicon.ico
-r--------  1 www-data root 5.9K Jun 15 19:00 get.php
drwx------  2 www-data root 4.0K Jun 15 19:00 includes
-r--------  1 www-data root 2.6K Jun 15 19:00 index.php
-r--------  1 www-data root 2.3K Jun 15 19:00 index.php.sample
-r--------  1 www-data root 6.3K Jun 15 19:00 install.php
dr-x------ 12 www-data root 4.0K Jun 15 19:00 js
dr-x------ 14 www-data root 4.0K Jun 15 19:00 lib
-r--------  1 www-data root  11K Jun 15 19:00 LICENSE_AFL.txt
-r--------  1 www-data root  11K Jun 15 19:00 LICENSE.html
-r--------  1 www-data root  11K Jun 15 19:00 LICENSE.txt
-r--------  1 www-data root 1.3K Jun 15 19:00 mage
drwx------  6 www-data root 4.0K Jun 15 19:00 media
-r--------  1 www-data root  886 Jun 15 19:00 php.ini.sample
dr-x------  2 www-data root 4.0K Jun 15 19:00 pkginfo
-r--------  1 www-data root 572K Jun 15 19:00 RELEASE_NOTES.txt
dr-x------  2 www-data root 4.0K Jun 15 19:00 shell
dr-x------  5 www-data root 4.0K Jun 15 19:00 skin
drwx------  5 www-data root 4.0K Jun 15 19:01 var

 

This is how I applied the permisions 

 

find . -type f -exec chmod 400 {} \;
find . -type d -exec chmod 500 {} \; 
find var/ -type f -exec chmod 600 {} \; 
find media/ -type f -exec chmod 600 {} \;
find var/ -type d -exec chmod 700 {} \; 
find media/ -type d -exec chmod 700 {} \;
chmod 700 includes
chmod 600 includes/config.php

 

This is what app/etc looks like:

 

dr-x------ 3 www-data root 4.0K Jun 15 19:02 .
dr-x------ 6 www-data root 4.0K Jun 15 19:00 ..
-r-------- 1 www-data root 5.2K Jun 15 19:00 config.xml
-r-------- 1 www-data root 2.3K Jun 15 19:02 local.xml
-r-------- 1 www-data root 8.9K Jun 15 19:00 local.xml.additional
-r-------- 1 www-data root 2.2K Jun 15 19:00 local.xml.template
dr-x------ 2 www-data root 4.0K Jun 15 19:00 modules

 

Also there is an .htaccess file within var/ So what am I doing wrong here? There hasn't been any change in the default apache2 configuration, meaning AccessFileName is still set to .htaccess within /etc/apche2/apache2.conf

 

Thanks in advance!!

4 REPLIES

Re: UNIX File Permissions vs Sensitive information are accessible from the outside.

Do you have the .htaccess file present within the app directory? 

 

We have seen such error message when it is mising. 

James Lee | Moderator • Magento Master
See My Recommended Magento Hosting & Security Tips

Re: UNIX File Permissions vs Sensitive information are accessible from the outside.

Thanks for replying. Yes, the .htaccess file is present in the app directory. What else can cause this?

Re: UNIX File Permissions vs Sensitive information are accessible from the outside.

I think this will solve my issue as AllowOverride is disabled by default on the ubuntu apache2 pacakge:

 

https://help.ubuntu.com/community/EnablingUseOfApacheHtaccessFiles

Re: UNIX File Permissions vs Sensitive information are accessible from the outside.


matze2ooo wrote:

I think this will solve my issue as AllowOverride is disabled by default on the ubuntu apache2 pacakge:

 

https://help.ubuntu.com/community/EnablingUseOfApacheHtaccessFiles


Have you enabled it and if so, did it resolve the issue? 

James Lee | Moderator • Magento Master
See My Recommended Magento Hosting & Security Tips