I know this is a vastly overasked topic, but I was wondering about the directory permissions. I have installed the codebase in /var/www/html/gallery and the g2data as /var/wwww/photovault.
I am using RH 5.1 with SE disabled. My httpd deamon is run as user/grp apache..
root 22699 0.0 0.8 23748 8672 ? Ss 05:04 0:00 /usr/sbin/httpd
apache 22701 0.0 0.3 18296 3096 ? S 05:04 0:00 /usr/sbin/httpd
apache 22702 0.0 1.9 36208 18936 ? S 05:04 0:27 /usr/sbin/httpd
apache 22703 0.0 1.8 35588 17880 ? S 05:04 0:27 /usr/sbin/httpd
apache 22704 0.0 2.0 36548 19816 ? S 05:04 0:31 /usr/sbin/httpd
apache 22705 0.0 1.9 36304 18728 ? S 05:04 0:25 /usr/sbin/httpd
apache 22706 0.0 1.7 34388 16520 ? S 05:04 0:27 /usr/sbin/httpd
apache 22717 0.0 1.7 33684 16528 ? S 05:06 0:30 /usr/sbin/httpd
apache 22718 0.0 1.9 36188 18904 ? S 05:06 0:23 /usr/sbin/httpd
apache 22719 0.0 2.0 36264 19448 ? S 05:06 0:41 /usr/sbin/httpd
This server is hosted solely for gallery with no remoter user logins except through the gallery.
As root I downloaded the gallery directory via svn which leaves everything root.root. I noticed some plugins are locked and I am assuming thats because apache cannot modify the plugin files. After a cvn install, is there a recomended way to set the permission/ownership flags on /var/www/html/gallery? I did switch ownership of gallery/* to apache.apache and that works fine. but when I update via svn I end up with mixed ownerships and permissions. I ran svn update today and this is what my gallery dir looks like now:
[root@nova gallery]# ls -alF /var/www/html/gallery
total 352
drwxr-xr-x 10 apache apache 4096 Jan 20 20:47 ./
drwxr-xr-x 7 root root 4096 Jan 29 20:08 ../
-rwxrwxrwx 1 apache apache 4217 Jan 17 04:43 .htaccess*
drwxrwxrwx 6 apache apache 4096 Feb 1 15:13 .svn/
-rw-rw-rw- 1 apache apache 18011 May 22 2007 LICENSE
-rw-r--r-- 1 root root 61184 Dec 23 15:47 MANIFEST
-rw-rw-rw- 1 apache apache 79828 Jun 13 2007 README.html
-rw-r--r-- 1 root root 390 Dec 23 15:45 README.txt
-rw-rw-rw- 1 apache apache 2129 May 22 2007 bootstrap.inc
-rw-r--r-- 1 apache apache 8193 Jan 30 02:14 config.php
-rw-rw-rw- 1 apache apache 2684 May 22 2007 embed.php
drwxrwxrwx 2 apache apache 4096 Jun 14 2007 faq/
drwxrwxrwx 3 apache apache 4096 Jun 13 2007 images/
-rw-rw-rw- 1 apache apache 1989 May 22 2007 index.php
-rw-rw-rw- 1 apache apache 6754 May 22 2007 init.inc
drwxrwxrwx 8 apache apache 4096 Jan 17 04:05 install/
drwxrwxrwx 15 apache apache 4096 May 22 2007 lib/
-rw-r--r-- 1 root root 21155 Dec 23 15:47 main.php
drwxrwxrwx 78 apache apache 4096 Feb 1 15:13 modules/
-rw-rw-rw- 1 apache apache 26 May 29 2007 robots.txt
drwxrwxrwx 15 apache apache 4096 Jan 17 03:58 themes/
drwxrwxrwx 8 apache apache 4096 May 22 2007 upgrade/
[root@nova gallery]#
Any ideas for consistency or do I have the ownerships all screwed up?
Here is the link to my phpinfo.
I know I probably have many security hole, like openbase_dir... I'm working on correcting those but am not sure exactly what to set it to.
Any advice would be greatly appreciated.
Last Run Details:
Gallery version = 2.2.4 core 1.2.0.6
PHP version = 5.2.5 apache2handler
Webserver = Apache/2.2.8
Database = mysqli 5.0.54, lock.system=flock
Toolkits = ArchiveUpload, Getid3, Exif, LinkItemToolkit, Thumbnail, ImageMagick, NetPBM, Dcraw, Ffmpeg, Gd, SquareThumb
Acceleration = none/0, none/3600
Operating system = Linux host.domain.net 2.6.18-53.1.6.el5 #1 SMP Wed Jan 16 03:56:43 EST 2008 i686
Default theme = x_treme
gettext = enabled
Locale = en_US
Browser = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; WOW64; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506; Media Center PC 5.0)
Rows in GalleryAccessMap table = 152
Rows in GalleryAccessSubscriberMap table = 10739
Rows in GalleryUser table = 27
Rows in GalleryItem table = 10730
Rows in GalleryAlbumItem table = 179
Rows in GalleryCacheMap table = 0