On 10/25/2016 06:53 PM, Alex wrote:
The problem I was having
was with the user doing local modifications (joomadmin) not being able
to modify files uploaded or changed by the joomla apache user
(apache).
Numerous suggestions were made, including changing all the files to be
sgid write, adding the users to a common group, and other, more
complicated recommendations.
I'm really surprised at the state of security by many of these
suggestions.
First, add the joomlaadmin to the apache group:
# usermod -a -G apache joomadmin
Second, change the apache umask. Use "systemctl edit httpd" and enter
two lines in the editor that opens:
[Service]
UMask=0002
Third, restart the httpd service with "systemctl restart httpd"
There you go. httpd will create files that are writable by the group
apache, and joomadmin is a member of that group, so it can modify those
files. You haven't given apache any new permissions.
I have tested this specific process on Fedora 24.
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
