Hello all,
I have been googling this problem for the past few days, and have read numerous posts on this forum which are related, so I think now what I am asking for is not "how do I fix this?" but "is it safe to fix this, and if so, why?"
In essence, I am having a problem that others seem to have run into quite often - I have launched the editable pages which work fine, apart from the editable region type='file'. When pressing the 'Browse Server' button a pop-up appears stating "Cannot write to upload folder. /htdocs/couch/uploads"
The Couch directory is set to 775 (recursive permissions). My previous experience with Couch, and an initial check of these forums, suggested that setting permissions to 777 might fix this. I created a test directory "/htdocs/uploads" and amended couch's config file to point the upload_dir to that test directory. I set the test directory to 775 permissions, and received the same error message. I then set the test directory to 777 permissions, and the file uploader works.
I therefore asked my colleagues in IT to set the Couch folder to 777 (recursive) permissions. Whilst they are willing to do that on this test server, which I am using as 'proof of concept' for this project, they have said that they would not be willing to do so on the production server when the project goes live.
What my colleagues in IT have said is that "777 means that anybody can write to it ... that means a pretty insecure website" and that this "is outside our area of expertise so it might be worth asking the couch forum how they recommend setting up security or accounts/access for couch on the htdocs directory".
This is outside my area of knowledge/experience too (but I'm always willing to learn!!) I suppose my initial 'pondering' is this: if a directory has a 'group' and an 'owner', what does couch 'appear as' in that regard? Can couch be the owner? belong to the group? be a permitted user with specific rwx permissions? What credentials are being passed to / seen by the server when couch handles an edit? Is that even a relevant question?
And, given how commonly recommended it is on this forum and on others (such as support for kcfinder), is 777 insecure?
Thank you for any help you can provide!
(n.b. this project is an internal website for my colleagues which will display guidance on internal processes, along with providing relevant documents to go with the guidance. The 'website' will be deployed on an internal server with a LAMP stack, and will be available only over intranet.)
Update:
I have continued doing research, and trying to solve this myself - I am hoping that someone with server management experience is able to help me, since my colleagues in IT have stated that they do not have knowledge or experience of PHP, webhosting or CMS.
What they have deployed for me is a Bitnami LAMP stack. I found some Bitnami documentation for Wordpress which said that the owner/group would be bitnami:daemon. I checked what the cms php user output was by adding
Colleagues in IT have said that this server
Would someone please be kind enough to explain the basics of what is going on here, and what the correct setup is for our server?
Thank you.
Anthony
I have been googling this problem for the past few days, and have read numerous posts on this forum which are related, so I think now what I am asking for is not "how do I fix this?" but "is it safe to fix this, and if so, why?"
In essence, I am having a problem that others seem to have run into quite often - I have launched the editable pages which work fine, apart from the editable region type='file'. When pressing the 'Browse Server' button a pop-up appears stating "Cannot write to upload folder. /htdocs/couch/uploads"
The Couch directory is set to 775 (recursive permissions). My previous experience with Couch, and an initial check of these forums, suggested that setting permissions to 777 might fix this. I created a test directory "/htdocs/uploads" and amended couch's config file to point the upload_dir to that test directory. I set the test directory to 775 permissions, and received the same error message. I then set the test directory to 777 permissions, and the file uploader works.
I therefore asked my colleagues in IT to set the Couch folder to 777 (recursive) permissions. Whilst they are willing to do that on this test server, which I am using as 'proof of concept' for this project, they have said that they would not be willing to do so on the production server when the project goes live.
What my colleagues in IT have said is that "777 means that anybody can write to it ... that means a pretty insecure website" and that this "is outside our area of expertise so it might be worth asking the couch forum how they recommend setting up security or accounts/access for couch on the htdocs directory".
This is outside my area of knowledge/experience too (but I'm always willing to learn!!) I suppose my initial 'pondering' is this: if a directory has a 'group' and an 'owner', what does couch 'appear as' in that regard? Can couch be the owner? belong to the group? be a permitted user with specific rwx permissions? What credentials are being passed to / seen by the server when couch handles an edit? Is that even a relevant question?
And, given how commonly recommended it is on this forum and on others (such as support for kcfinder), is 777 insecure?
Thank you for any help you can provide!
(n.b. this project is an internal website for my colleagues which will display guidance on internal processes, along with providing relevant documents to go with the guidance. The 'website' will be deployed on an internal server with a LAMP stack, and will be available only over intranet.)
Update:
I have continued doing research, and trying to solve this myself - I am hoping that someone with server management experience is able to help me, since my colleagues in IT have stated that they do not have knowledge or experience of PHP, webhosting or CMS.
What they have deployed for me is a Bitnami LAMP stack. I found some Bitnami documentation for Wordpress which said that the owner/group would be bitnami:daemon. I checked what the cms php user output was by adding
- Code: Select all
<cms:php>print_r(posix_getpwuid(posix_geteuid()));</cms:php>
Colleagues in IT have said that this server
"is a bare ‘out of the box’ bitnami configuration and just a few tweaks such as loading up couch as per the site instructions. Nothing in the couch instructions referred to any default folder permissions or changes required.
I can only suggest you go back to the couch developer and clarify if the owner bitnami can be used for couch administration as there is clearly some conflict with accounts and permissions under couch install.
Otherwise they will be the best source of advice with regards to ensuring the permissions are set correctly"
Would someone please be kind enough to explain the basics of what is going on here, and what the correct setup is for our server?
Thank you.
Anthony