[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Phpgroupware-users] installation of phpgw with safe mode on - filem
|
From: |
Chris Weiss |
|
Subject: |
Re: [Phpgroupware-users] installation of phpgw with safe mode on - filemanager, fudforum |
|
Date: |
Mon, 20 Dec 2004 16:03:02 -0600 |
1) make sure the files have a proper ownerships. Sometimes this is
the user the web server runs as, sometimes it's just important that
all match. CHeck with your server admin to see for sure. I don't
know the manual process, but I recall the process it uses to be
outlined in the readme for fudforum.
2) a properly configured safe mode will have a path outside the doc
root to store files. To not have this opens you up to many security
issues that cannot be resolved outside of putting files outside the
web root. For instance, one of your users uploads hack.php with code
in it that will read and echo the header.inc.php, if the files are
accessable in the web root then the user can directly call this file
and you're hacked. .htacces isn't available on all platforms so for
phpGW to be secure we can't rely on that The only real solution is to
put it outside the web root. However, if you have .htacces file
support you can use one to secure yourself and remove the check from
phpgw source, I don't know where the check is offhand. Someone should
put this info and detail the workaround on the wiki. (I choose to
properly configure safe mode instead so I'm not going to :P)
not sure on #3
On Mon, 20 Dec 2004 15:58:19 +0100, 3.14a <address@hidden> wrote:
> Hello everybody,
>
> During install i got the following problem.
> On an apache with safe mode = on, I couldn't install fudforum and
> filemanager properly. For our project it's important we have the
> possibility to upload files, either by fudforum or filemanager. That
> would be fine :)
>
> Fudforum:
> 1. It seems that the file tree is not in prober order. In admin->
> fudforum -> preferences http://..../fudforum/adm/admglobal.php is not
> found. ( I guess, during install process fudforum files are copied
> around, but with safe mode = on, it fails - is there some file tree,
> where I can make this copyhystory by hand?)
>
> 2. Because safe mode is on, it cannot access to folder ../files outside
> the document tree even though I chmod it to 777.
> Is there a fix for it? I don't have the possibility to chown files, but
> in php code there is a possibility to change owner rights. (Error
> message: The 'files/' (../ip/files) directory exists, however webserver
> has no write permissions to that directory.)
>
> Filemanager:
> 3. I would love to use the filesystem as file-storage possibility. But
> with safe mode= on, changed to 'sql' as storage type, but there i get
> the problem, no matter which input "10000" or "100000000000000000" I
> take, it complains about quota exceed.
>
> Another question is: if i don't use cvs how to keep track on changes?
> where can I download patches? for Problems like mine above? If don't
> have any shell access and just a ftp-upload possibility.
>
> I would be very glad about some solutions :) i'm just before desparing.
> ;) I'm also reachable on icq.
>
> greetings pia
>
> http://3.14a.ch weblog
>
>
> _______________________________________________
> Phpgroupware-users mailing list
> address@hidden
> http://lists.gnu.org/mailman/listinfo/phpgroupware-users
>
>
>