Hello/Hi/Greetings,
I am hoping to upgrade to 2.8.5 . The automated upgrade procedure is failing. I have about 40 files that are write protected. What is the best ownership for these files? Should I make the owner and group to match my apache user?
Piwigo version: 2.8.4
Operating system: Linux
PHP: 5.5.9-1ubuntu4.20 (Show info) [2016-12-30 20:51:32]
MySQL: 5.5.53-0ubuntu0.14.04.1 [2016-12-30 20:51:32]
Graphics Library: External ImageMagick 6.7.7-10
Offline
Offline
djnoah wrote:
What is the best ownership for these files? Should I make the owner and group to match my apache user?
Hello
usually yes
but that's a system administration issue, so the best for you would be to ask to the support of your environment
Offline
djnoah wrote:
What is the best ownership for these files?
That's a good question.
There is always a tradeoff between optimum webserver security and ease-of-administration. Restricting write-access to core installation files so the the webserver user cannot modify them is a good thing for security. But it means the administrator (you) has to do the upgrade manually (upload the files, and care for correct permissions).
A one-click upgrade function is great for ease-of-administration, but trades off some security, because the webserver needs write access to all installation files.
I'm NOT saying Piwigo's one-click upgrade is insecure, I use it myself on my server(s), because it makes my life easier. Though, I would _never_ allow this for that damned wordpress install I have to maintain for one of our sub-companies because that server is a security dead spot in an otherwhise banking-level high-security environment where there must not be a single chance the application could harm the server it runs on in any way, even when it runs in it's own DMZ surrounded by a palo alto DPI-firewall watching every tcp packet that enters or leaves that machine. Long story short: you have to decide for yourself what the best ownership for these files is, or the hosting provider already made that decision for you :-)
Last edited by teekay (2017-01-03 09:24:19)
Offline