TYPO3 Mailingliste: nicht fragen - lesen!

Hello list
I'm facing this problem again and again.
I'm running typo3 on a shared server
SERVER: SERVER_SOFTW: Apache/2.0.50 (Linux/SUSE)
SERVER: GATEWAY_INTE: CGI/1.1

I downloaded the new version typo3 411 source with dummysite zip.
I unzipped it on my PC and uploaded it by FTP to the server.

When I call typo3 I get this message for all the directories typo want s
to create.

Warning: mkdir(/srv/www/htdocs/web102/html/411/typo3temp Permission
denied in /srv/www/htdocs/web102/html/411/t3lib/class.t3lib_div.php on
line 2522

Normally I created these directory myself and made them readable thru
FTP (777).
Then I used to have a lot of problems later to upload files and extensions.
I talked to my provider, but he is very concerned about switching off
the safemode.
How is it possible to rum typo3 in a save way and still use it's features.
Thanx
Klaus Musset
_______________________________________________
TYPO3-linux mailing list
TYPO3-linux (AT) lists (DOT) netfielders.de
http://lists.netfielders.de/cgi-bin/...fo/typo3-linux

Hi,

Klaus Musset schrieb:
> Hello list
> I'm facing this problem again and again.
> I'm running typo3 on a shared server
> SERVER: SERVER_SOFTW: Apache/2.0.50 (Linux/SUSE)
> SERVER: GATEWAY_INTE: CGI/1.1
[...]

my advice would be to either switch to an "approved" TYPO3-Hoster
http://wiki.typo3.org/index.php/Hosting
or
get ready to learn some basics about linux/apache/webhosting.

you need to make sure that the uid that runs apache has the appropriate
rights.

Greets,
Peter
--
Peter Niederlag
http://www.niekom.de * TYPO3 & EDV Dienstleistungen *
http://www.typo3partner.net * professional services network *
_______________________________________________
TYPO3-linux mailing list
TYPO3-linux (AT) lists (DOT) netfielders.de
http://lists.netfielders.de/cgi-bin/...fo/typo3-linux

Hello

> Normally I created these directory myself and made them readable thru
> FTP (777).
> Then I used to have a lot of problems later to upload files and extensions.
> I talked to my provider, but he is very concerned about switching off
> the safemode.
> How is it possible to rum typo3 in a save way and still use it's features.

you can ask your provider, to turn off the safe mode only for your
domain. Or to start a cron job every 10 minutes which will give you all
write permissions and will change the owner of the files to the apache user.


- Franz

_______________________________________________
TYPO3-linux mailing list
TYPO3-linux (AT) lists (DOT) netfielders.de
http://lists.netfielders.de/cgi-bin/...fo/typo3-linux

Franz Holzinger wrote:

>> Normally I created these directory myself and made them readable thru
>> FTP (777).
>> Then I used to have a lot of problems later to upload files and
>> extensions. I talked to my provider, but he is very concerned about
>> switching off the safemode.
>> How is it possible to rum typo3 in a save way and still use it's
>> features.
>
> [...]
>
> Or to start a cron job every 10 minutes which will give you all
> write permissions and will change the owner of the files to the apache
> user.

You are joking, right?

- michael
--
Use a newsreader! Check out
http://typo3.org/community/mailing-l...a-news-reader/
_______________________________________________
TYPO3-linux mailing list
TYPO3-linux (AT) lists (DOT) netfielders.de
http://lists.netfielders.de/cgi-bin/...fo/typo3-linux

Michael Stucki a écrit :
> Franz Holzinger wrote:
>
>>> Normally I created these directory myself and made them readable thru
>>> FTP (777).
>>> Then I used to have a lot of problems later to upload files and
>>> extensions. I talked to my provider, but he is very concerned about
>>> switching off the safemode.
>>> How is it possible to rum typo3 in a save way and still use it's
>>> features.
>> [...]
>>
>> Or to start a cron job every 10 minutes which will give you all
>> write permissions and will change the owner of the files to the apache
>> user.
>
> You are joking, right?

Did you find a better solution to this? I am curious.

- Franz
_______________________________________________
TYPO3-linux mailing list
TYPO3-linux (AT) lists (DOT) netfielders.de
http://lists.netfielders.de/cgi-bin/...fo/typo3-linux

Franz Holzinger wrote:

>>> Or to start a cron job every 10 minutes which will give you all
>>> write permissions and will change the owner of the files to the apache
>>> user.
>>
>> You are joking, right?
>
> Did you find a better solution to this? I am curious.

Of course:
$TYPO3_CONF_VARS['BE']['fileCreateMask'] = '0666';
$TYPO3_CONF_VARS['BE']['folderCreateMask'] = '0777';

But irregarding of this, setting files globally writable is always a bad
choice.

- michael
--
Use a newsreader! Check out
http://typo3.org/community/mailing-l...a-news-reader/
_______________________________________________
TYPO3-linux mailing list
TYPO3-linux (AT) lists (DOT) netfielders.de
http://lists.netfielders.de/cgi-bin/...fo/typo3-linux

Hello Michael,

> Of course:
> $TYPO3_CONF_VARS['BE']['fileCreateMask'] = '0666';
> $TYPO3_CONF_VARS['BE']['folderCreateMask'] = '0777';
>
> But irregarding of this, setting files globally writable is always a bad
> choice.

Thanks to this solution for files created by TYPO3. But there will still
be a problem if the user uses FTP to transfer his files to the server
and safe_mode has been turned on. In this case IMHO a cron job must be
started to change the user or group back to the apache's user/group.
This is especially necessary if someone uses the DAM extension. Because
DAM replaces the normal File module and the text files under the
fileadmin folder cannot be edited any more. Therefore the user must use
the SSH/SFTP/FTP and his operating system's editor instead.

There will be no problem with setting all files to writable. You (the
admin) can restrict the rights to the apache document root.
E.g.
drwxr-x--- 25 franz www 1024 Apr 20 21:28 public_html
jambage:/home/jambage.com #

No other users on the server could enter his apache root then. Therefore
no others can write or read even if the files inside would have had
write or read permissions.

useruser@jambage:~> ls -l
/home/jambage.com/public_html/typo3subdomain/typo3conf
/bin/ls: /home/jambage.com/public_html/typo3subdomain/typo3conf: Keine
Berechtigung

The only one to write/read them would be the owner of the apache root
folder. SSH should be used. Maybe FTP would not work with this folder
restrictions.

other possibility found due to your answer:
$TYPO3_CONF_VARS['BE']['createGroup'] = ftpusergroup
And the apache must be a member of all ftp user groups, which normally
are all the same. Drawback: Other ftp users on the server could delete
your files. However the FTP program must avoid this and allow only
personal folders to each FTP user.

- Franz














_______________________________________________
TYPO3-linux mailing list
TYPO3-linux (AT) lists (DOT) netfielders.de
http://lists.netfielders.de/cgi-bin/...fo/typo3-linux

Hi Franz,

> Hello Michael,
>
>> Of course:
>> $TYPO3_CONF_VARS['BE']['fileCreateMask'] = '0666';
>> $TYPO3_CONF_VARS['BE']['folderCreateMask'] = '0777';
>>
>> But irregarding of this, setting files globally writable is always a bad
>> choice.
>
> Thanks to this solution for files created by TYPO3. But there will still
> be a problem if the user uses FTP to transfer his files to the server
> and safe_mode has been turned on.

Some FTP clients provide similar options. But of course, non of these
solutions is satisfying enough. The main problem is that the webserver runs
with a different user as the FTP user. All you can do in this case is to
tinker.

> In this case IMHO a cron job must be started to change the user or group
> back to the apache's user/group.

Probably we have different views on how a webserver needs to be
administrated.

> This is especially necessary if someone uses the DAM extension. Because
> DAM replaces the normal File module and the text files under the
> fileadmin folder cannot be edited any more. Therefore the user must use
> the SSH/SFTP/FTP and his operating system's editor instead.

Or simply use DAM 1.1.

- michael
--
Use a newsreader! Check out
http://typo3.org/community/mailing-l...a-news-reader/
_______________________________________________
TYPO3-linux mailing list
TYPO3-linux (AT) lists (DOT) netfielders.de
http://lists.netfielders.de/cgi-bin/...fo/typo3-linux

Hi,

The one and only working solution I have found is to add the user (as
which you transfer files) to the apache/www group. Then tell your ftp
client to use 0664 and 0775 umasks and also tell (as pointed out by
stucki, but more restricitve) 0664 and 0775 for the TYPO3 masks.

This creates a working situation with safe_mode = 1 and safe_mode_gid = 1.

The question is if your hosting provider is willing to add you to the
apache/www group.

And it sounds like . .. . no!

This solution is the 'least bad' solution I could come up with. It of
course gives everybody else in the apache/www group right to trash your
files . . . . But of course . . . your hosting provider will certainly
have set a very restrictive open_basedir path and disabled symlinking
and exec etc. So that should not be much of a problem.



Regards,


Michiel Roos

--
Netcreators BV :: creation and innovation
www.netcreators.com

Interesse in werken bij Netcreators?
http://www.netcreators.com/bedrijf/vacatures/
_______________________________________________
TYPO3-linux mailing list
TYPO3-linux (AT) lists (DOT) netfielders.de
http://lists.netfielders.de/cgi-bin/...fo/typo3-linux

Hello Michiel,

> The one and only working solution I have found is to add the user (as
> which you transfer files) to the apache/www group. Then tell your ftp
> client to use 0664 and 0775 umasks and also tell (as pointed out by
> stucki, but more restricitve) 0664 and 0775 for the TYPO3 masks.

FTP is not secure because it transfers passwords without encryption over
the internet. This results in hacked sites.

> This solution is the 'least bad' solution I could come up with. It of
> course gives everybody else in the apache/www group right to trash your
> files . . . . But of course . . . your hosting provider will certainly
> have set a very restrictive open_basedir path and disabled symlinking
> and exec etc. So that should not be much of a problem.

The directory must be restricted also for FTP and SSH. Otherwise all
users can read the files of the others. I think it would be safer not
use use the safe_mode and not to have the www group for all users.

- Franz

_______________________________________________
TYPO3-linux mailing list
TYPO3-linux (AT) lists (DOT) netfielders.de
http://lists.netfielders.de/cgi-bin/...fo/typo3-linux