Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Security and file permissions on AFS fileservers
I was wondering if anyone has had any issues installing GetSimple on AFS filesystems and how to secure the install as much as possible. Under AFS, permissions are set through Access Control Lists (ACL) and take precedence over traditional Unix file permissions. Our server admins tell us to let as few directories as possible have write access.

I've installed it successfully. I just had to make sure that the /data/ and /backups/ folders were writable by php.

Never tried installing it on an AFS fileserver. GetSimple will need to have access to those folders and files if you want it to store data, some plugins might even need write access to the plugin directory.

I don’t know how ACL works, but you can try giving only the “owner” write access and make sure that the server owns the files and directories. This way only the PHP service running on your server (the one powering GetSimple) has write access to the files it creates and nobody from the outside has it.

If you don’t want any writeable folders or files your safest bet for a CMS would be a MySQL based one.
“Don’t forget the important ˚ (not °) on the a,” says the Unicode lover.
Help us test a key change for the core! ¶ Problems with GetSimple? Be sure to enable debug mode!
Best option is to move the data and backups folders above the www directory.
That way the only access is via ftp or the like.

Obviously you would need to change the pointers to those dirs in the files.
Clients always want to be able to change the content of their pages, but they are unwilling to do so.

Have you ever coded in your underwear before?
I gave php write access to the /data/ and /backup/ directories and it seems to work fine.

Thanks for the response. I really like GetSimple, but I think I'm discovering that it is missing some key features that I need for a specific project. Otherwise, great piece of software. But I need multiple users and an extremely intuitive image uploader...'

Thanks again,

Users browsing this thread: 1 Guest(s)