TYPO3 Mailingliste: nicht fragen - lesen!

Franz Holzinger wrote:
> Hello Michiel,
>
>> The one and only working solution I have found is to add the user (as
>> which you transfer files) to the apache/www group. Then tell your ftp
>> client to use 0664 and 0775 umasks and also tell (as pointed out by
>> stucki, but more restricitve) 0664 and 0775 for the TYPO3 masks.
>
> FTP is not secure because it transfers passwords without encryption over
> the internet. This results in hacked sites.

Ack

>> This solution is the 'least bad' solution I could come up with. It of
>> course gives everybody else in the apache/www group right to trash your
>> files . . . . But of course . . . your hosting provider will certainly
>> have set a very restrictive open_basedir path and disabled symlinking
>> and exec etc. So that should not be much of a problem.
>
> The directory must be restricted also for FTP and SSH. Otherwise all
> users can read the files of the others. I think it would be safer not
> use use the safe_mode and not to have the www group for all users.

Well, yes. The best setups have a user and group for a client. This
client then has access to his own home dir (which includes the web
folder) and can access this over SSH (which chroots to his homedir).
Then the webserver process runs as the same user and group (this can be
done when one uses php_cgi).

Apparrently the hosting party does not have such a setup.

--
Netcreators BV :: creation and innovation
www.netcreators.com

Interesse in werken bij Netcreators?
http://www.netcreators.com/bedrijf/vacatures/
_______________________________________________
TYPO3-linux mailing list
TYPO3-linux (AT) lists (DOT) netfielders.de
http://lists.netfielders.de/cgi-bin/...fo/typo3-linux

On 10/5/07, Michiel Roos <michiel (AT) netcreators (DOT) com> wrote:
> Franz Holzinger wrote:
> > Hello Michiel,

<snip>

> Well, yes. The best setups have a user and group for a client. This
> client then has access to his own home dir (which includes the web
> folder) and can access this over SSH (which chroots to his homedir).
> Then the webserver process runs as the same user and group (this can be
> done when one uses php_cgi).
>
> Apparrently the hosting party does not have such a setup.


I've also had good luck with hosts that use phpsuexec--it results in
the arrangement you describe above.*

--
Christopher Torgalson
http://www.typo3apprentice.com/


* ...along with the small disadvantage that you can't symlink
individual files such as index.php (well you can, but they won't
execute), and must use hardlinks instead.
_______________________________________________
TYPO3-linux mailing list
TYPO3-linux (AT) lists (DOT) netfielders.de
http://lists.netfielders.de/cgi-bin/...fo/typo3-linux