If your looking for a professional looking Joomla! template, Simplethemes has some really colorful, fresh, and simple Joomla! designs. Simplethemes offers commercial templates at a very reasonable rate considering what you get: They include the original source PSD/PNG graphics used to create the template, commented CSS code, and phenomenal customization support. This allows anyone just getting into Joomla! to have a really high profile design without breaking the bank.
We recommend the Joomla! Template Builder for anyone just getting started with Joomla! This is not only a great tool for getting started with Joomla! and templates, but also serves as an excellent tool for rapid prototyping multiple color schemes for your clients. It even has a module image generator for that extra flare. Perhaps the main advantage of the Joomla! template builder is the generated code from the application is 100% GPL - which means you can use as many templates on as many domains you wish without restriction. This means YOU are the author of your template design! Check out the video and then look at some of the samples created with this great tool. It only costs $25 to join and download, but compared to other Joomla! template alternatives, this is the best deal for everything you get.
JoomlaTraining.com is the largest provider of Joomla training classes in the world.
With over a dozen teachers across the United States, Canada and Britain, we have classes running almost every week. Students get six months of support after each class as well as over $300 in extra bonus templates and support.
We hold Joomla beginner, intermediate, template and Search Engine Optimization classes.
Ongoing Joomla Class Locations
These are the cities we hold Joomla training classes every few months:
7 hours. We start at 9 am and finish at 4 pm. We provide lunch for students and regular breaks.
What do I need to bring?
Nothing. We provide computers, all training materials and also snacks, drinks and lunch.
Do I need to know anything about Joomla?
Not for the beginner classes. We have had students who had never heard of Joomla before their companies sent them to the training. We will take you through everything you need to learn to get up and running with Joomla. For the more advanced classes such as template, coding, SEO and intermediate, please see the "Pre-requisites" box on each page.
How many students are in the classes?
16 is the maximum. We aim to keep our classes as small, intimate and friendly as possible.
How many teachers are in the classes?
Whenever possible, we have two teachers. One runs the class and the other circulates to help students with individual questions.
How much are the classes?
$299. Whether it is a beginner class in New York or a template class in Los Angeles, that price is always the same.
Do you offer discounts?
Yes, we do for people attending multiple classes:
Attending two classes? Use the coupon "twoclasses" for a 10% discount
Attending three classes? Use the coupon "threeclasses" for a 20% discount
We have never canceled on a student. We don't want to say we never will cancel on a student, because sickness, plane crashes, earthquakes etc (touch wood) might intervene one day, but we hope our record speaks for itself. If a student signs up, we will do all that is humanly possible to be there.
Can I cancel on you?
Yes. This is our refund policy:
100% refund if requested more than 4 weeks before the class
50% refund if requested more than 2 weeks before the class
0% refund in the last 2 weeks before the class
What do I get to take away from the classes?
Ongoing access to all training materials used in the class.
6 months membership to the Joomla Support Club after the class ($99 value)
Free membership to the Alledia.com SEO Club ($99 value)
Free copy of the Alledia.com Bolt and Breeze templates ($120 value)
A flash drive full of tutorials and best-of-breed Joomla components
So, how do you move your Joomla site from one host to another, or from one location to another... easily? We've found the best success once again, using the free tool www.akeebabackup.com
Point your browser to this file. ie mydomain.com/kickstart.php
You will need to have the details of a valid mysql database that you have created for us in this new location. You may need to create it from your hosting control panel. Be sure to also create a database user and grant them permissions on the database. In many cases this database name, as well as database user will be prefixed by your cpanel username. ie cpaneusername_databasename and cpanelusername_databaseusername. For support with this aspect, you will need to talk to your Joomla Hosting provider.
AkeebaBackup should do the rest for you, and in these few steps you will have migrated/moved your entire Joomla website.
Following this simple procedure will make the process of moving your Joomla Website simple. All the hard work is done for you.
How to remove "WWW" from your Domain Name and why it matters Why remove “WWW” from your Domain Name? Simply put, the “www” in front of a domain name is not necessary and it is much more convenient to type the URL without the “www” sub domain. Web servers display pages though the main domain name unless a particular subdomain is required; the use of the www subdomain is simply redundant. When you write an email to someone you address it to
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
instead of addressing it to
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
. The mail client assumes the SMTP protocol; the www sub domain is just as redundant as the proposed mail sub domain. How do you remove "WWW" from your domain name? Add the following to your “.htaccess” file located in the root directory. If you do not have an .htaccess file, rename the htaccess.txt delivered with Joomla! to .htaccess. This method requires Apache Mod Rewrite module enabled. If you have access to the apache server configuration file (/etc/httpd/conf/httpd.conf), ModRewrite is enabled if the line “LoadModule rewrite_module modules/mod_rewrite.so” does not have a '#' in front of it. If you get an error code 500 while trying to browse the directory with the .htaccess file, ModRewrite is not enabled. If your website is hosted and you have problems, talk to your web host about your Apache configuration and ask if mod_rewrite capability is enabled. Options +FollowSymlinks RewriteEngine on rewritecond %{http_host} ^example.com [nc] rewriterule ^(.*)$ http://www.example.com/$1 [r=301,nc] Note: replace “example.com” with your domain name How to define 'preferred domain' using Google Web Master Tools The preferred domain is the one that you would liked used to index your site's pages (sometimes this is referred to as the canonical domain). Links may point to your site using both the www and nonwww versions of the URL (for instance, http://www.example.com and http://example.com). The preferred domain is the version that you want used for your site in the search results. In addition, defining a preferred domain can be helpful to your Google Page Rank (GPR) because you won't have two copies of the same page indexed. Each page is only able to pass a fixed amount of PR. If it is passing PR to both the nonwww and www versions of your domain, both pages will only get half the correct amount. If the www redirects to the the nonwww, the nonwww will get all the PR. You can set your preferred domain by adding the site to your Google Sitemaps account and verifying site ownership. Then:
Using the Media Manager This document is a guide to using the media manager in Joomla! 1.5. The media manager is a tool which is used for managing images that are used in a website. It makes working with images and inserting them into pages easier than uploading them and inserting them manually. The main media manager page can be accessed from the Joomla! control panel by clicking on the media The media manager in Joomla! 1.5 manager icon. This page allows you to upload images and manage images which have already been uploaded. Uploading images: Often the first thing a new Joomla! user wants to do with the media manager is upload an image. This can be done by clicking the “Browse Files” button and selecting the image youwish to upload, then clicking “Start Upload”. The image should then appear on the main media manager page. Note that files with filenames that contain spaces or special characters cannot be uploaded. Using folders: Folders within the media manager can be used to sort images into categories. To create a folder, enter the desired folder name into the “Create Folder” text box and press enter. You can create a subfolder of a particular folder by navigating to that folder using the links on the left hand side of the page and then creating the folder using the steps in the above paragraph. To upload an image into a specific folder, navigate to that folder using the links on the left hand side of the media manager page and follow the above steps to upload the image. Inserting images into pages: Uploading images to the media manager is probably not much help in creating your website if you cannot insert the images into your pages. This document is available under the terms of the Joomla! Electronic Documentation License.
Mootools Tips and Tricks To begin using Mootools in your Joomla! project, start with the right environment: First, use the web browser Firefox (getfirefox.com). Firefox has many plugins and extensions, making development easier. Once Firefox is running, install these extensions: ● Firebug ● Web Developer ● Noscript (Optional) ● FireFTP (Optional) *Note: In order for the extensions to execute, you will have to restart Firefox Now that your debugging tools are setup, you may move on to the actual scripting. One of the best places to learn web programming is W3Schools; they have a tutorial on Javascript, including hundreds of examples. You can find it here. If you'd like a bit more help with Javascript, check out PageTutor's Javascript Tutor. When you're ready to begin implementing Mootools into your Joomla! project, browse the Mootools demos to discover what it is you wish to implement. All that you see at the Mootools site is possible in Joomla! To showcase one possibility, we'll use the Tips plugin of Mootools to create mouseover hints for certain words on the page. Here are the steps: 1) We'll use the Joomla! template editor to add in our script: 1) Login to the administration section. 2) Hover over the Extensions link in the navigation, and select “Template Manager” 3) Mark the template you're using, and click the “Edit” button in the top right corner. 4) On the next page, click the “Edit HTML” button 2) Find the line that contains and paste this code above it: window.addEvent( ”domready” , function( ){ var abbrTools = new Tips( $$( ”abbr” ) ); }); 3) Now, write an article on whatever your mind can think up; be it your mom, your house, or a piece of lint in your sock. 4) Switch to HTML view by pressing the button. Find a word or phrase in your article that you want to point out. Around it, wrap tags, like so: something interesting In the tag, put a title attribute in it, which will serve as the body of your ToolTip: something interesting 5) Post the article and hover your mouse over the words you selected. Voilá! How does it work? (This is a bit more advanced than copying and pasting, so only read on if you feel very comfortable with Javascript) Well, the script you added into the template waits until the page is ready for modification ('domready'). When that happens, it creates a new Tips object. We supply that Tips object with all the tags in the page. Then, Mootools does all the work. After creating the ToolTips and hiding them from the user, it watches all those tags, waiting for the user to hover their mouse over one of them. If the user's mouse happens to move over a tag, Mootools makes the ToolTip visible to the user. Because the ToolTip is just another HTML element, it is possible to put anything into the ToolTip...images, Flash animations, or more HTML tags!
The absolute path is the directory location on a server's hard drive where Joomla! is located. In Joomla! v.1.0.x the configuration.php file would be something like the following, however, it can vary depending on your server.
To find out what your absolute path is, copy the following code into a text editor (i.e. Notepad, TextEdit etc), save the file as a .php naming it whatever you want (i.e anyfilename.php.).
Using your FTP software, ftp the file you have just created to your root folder. Open a web browser and type in http://www.yourdomain.com/filename.php.
The Joomla! forums see many posts regarding Installation or Performance issues, Permissions and Security questions. To assist with such questions and to highlight many of the common problems seen the following tools have been developed to help end-users and the Joomla! Working Group Teams quickly and efficiently resolve these issues in the fastest time possible with the least amount of effort.
Joomla! Tools Suite (JTS) and Joomla! Health, Installation, Security Audit (HISA) have been developed with the sole purpose of providing Joomla! end-users with a Self-Help Advice and Information system.
Pre-Joomla! Installation Server Environment Audit Before you install Joomla! check if your server is likely to support it fully or if your environment may need some modification
Post-Joomla! Installation Server Environment Audit Following the installation of Joomla! keep your installation functioning and optimal with a variety of maintenance tools
Trouble-Shooting and Problem Resolution Obtain additional diagnostic and configuration information to aid or speed up the process of problem resolution
Joomla! HISA
Joomla! Tools Suite
Designed with the Joomla! New User in mind, HISA is a single self-contained, all-in-one Audit facility, providing information that will assist you to determine if your hosting environment is suitable for Joomla!, what might be done to improve your change of a successful installation, all prior to installation. Allowing you the opportunity to ask questions before getting frustrated or disappointed. No installation requirement, simply upload the Joomla! HISA file to your proposed or current Joomla! directory and open it in your browser.
JTS on the other hand has been designed with a more advanced series of Diagnostic and Maintenance Tools, including the HISA tool-set. Tools range from Pre-Installation environment checks, Post-Installation environment auditing, File and Directory permissions, extension auditing to DataBase optimisation and maintenance. Still maintaining ease of installation and use, simply make a directory within your Joomla! installation folder, upload the files and open in your browser again.
English Finnish Swedish German Hungarian Hungarian (Informal)
What Do JTS and HISA Actually Do?
Joomla! Health, Installation and Security Audit (HISA) based on the server and end-user hosting account configuration variables an assessment is completed, providing feedback regarding the possibility of installation success if prior to installing Joomla! alternatively, following Joomla! installation, reporting on possible problematic configuration issues.
High security risk items severely penalise the assessment scale, whilst minor inconsistencies will only reduce the assessment scale by small increments. The Health Check report will make recommendations and suggestions on how to possibly resolve such issues.
Initial Installation Audit Success Assessment scale Latest Joomla! v1.x release Non "Stable" version notification High security risk notification
General Environment Audit Host information Platform Architecture Operating System IP Address Web-Server version Port Configuration environment PHP version Enabled common extensions MySQL version Connection method Joomla! Configuration Online/Offline status Live Site details Configured/Actual Absolute Path .htaccess use Cache settings SEF settings
Standard Joomla! Pre-Installation Checks Extension Support zlib support XML support MySQL support Save Session Path status Security Settings Joomla! RG_EMULATION status PHP register_globals status Recommended Settings Safe Mode status Display Errors status File Uploads status Magic Quotes GPC status Magic Quotes Runtime status Output Buffering status Session Auto Start status Directory and File Mode Check
Joomla! Diagnostic A "hash" comparison of the installed Joomla! files and the original Joomla! Distribution release files is performed. The Diagnostic report provides feedback of changed, missing or potentially corrupt files within the Joomla! installation allowing the end-user to determine if there are potentially going to be installation problems if run prior to completing the Web-Installer or possibly solving post installation issues caused by FTP upload corruption or unauthorised modification of core files and potential security risks associated with poorly coded extensions allowing direct access to content or scripts.
Standard Checks Performed Security Status register_globals setting RG_EMULATION setting Missing Files Corrupt or Modified Files Misisng Direct Access Validation
Permissions Auditing Permissions auditing provides the end-user with a comprehensive view of all Directories and Files within the Joomla! installation, including their ownership, current pemrissions mode and Web-Server accessibility and Write capability.
Working on the assumption of 755 for Directories and 644 for Files as the permissions base and being the generally accepted best practice, the Joomla! Tools Suite Permissions Audit report will determine and highlight any permissions not below these modes in the following manner;
Directories and Files Green : Generally sane and acceptable Blue : Elevated pemrissions but could still be acceptable Red : World-Writable, potential of a security exposure ( name also highlighted yellow )
Files Only Warning Triangle : Potentially suspect file found ( .pl, .cgi, .zip, .tar, .tar.gz ) Size and Last Modified Date
Extensions Auditing This section of JTS provides feedback to the end-user relating to currently installed Components, Modules and Mambots, the report includes Name, Version/Release, author contact details and a description of its purpose. To assist with security management and control each extension is colour coded to differentiate between Joomla! Core extensions and 3rd Party Developer extensions.
Extension Differentiation Green : Joomla! Core extension Red : 3rd Party supplied extension
DB Maintenance Providing a simple interface in to the Health of the Joomla! Database, the JTS DB Maintenance routine initially provides the end-user with details of MySQL backend connection and performs a database table-space Health and Status check. There is also provision made for the end-user to immediately "Optimise" the Joomla! tables, cleaning up allocated but unused space potentially improving the perfomance of the database and thus the Joomla! Web Site in the front-end.
DB Maintenance automatically runs a table-space health check, confirmong that all the standard required Joomla! tables are present, readable and useable. Any errors found during these checks will be highlighted in red, if required and possible, DB Maintenance will attempt to repair any damaged or corrupt Joomla! core tables.
Selecting the "Optimise Now" button will activate the Database Optimisation routines of MySQL and is not run automatically when entering this section of JTS. Database Optimisation should only be run during quiet or offline periods to avoid the potential to effect front-end performance or possibility of table corruption.
Unix/Linux permissions can be a confusing thing. I have seen a large number of posts asking about permisisons, so I hope that this might go some way to assisting folks to understand what they are and how they work.
The basic unix permissions come in three flavors;
Owner Permissions : These are permissions that you have on your own files or directories. Group Permissions : These are permissions that you and anyone in your group have on the file files or directories. Other Permissions : These are permissions that other people have on your files or directories if not you, or in your group
So, in Unix, when permissions are configured, the server allows you to define different permissions for each these three different categories of users. In a Web Serving environment these permissions are used to control which website owners can access which directories and files.
What do Unix permissions look like? When viewing your files through an FTP client or from the servers command line;
filename.php usernameusergrouprwxr-xr-x
The first entry is the name of the file, the next entry is your username on the server, the second entry is the group that you are a member of and the last entry is the permissions assigned to that this file (or directory).
If you notice, I have intentionally spaced out the permissions section, I have grouped the 9 characters into 3 sets of 3. This separation is key to how the permissions system works.
The first set of 3 permissions (rwx) relate to the username seen above, the second set of 3 permissions (r-x) relate to the usergroup seen above and the final set of 3 permissions (r-x) relate to anyone else who is not associated with the username or groupname.
Owner (User) relates to username The Owner (User) is normally you, these permissions will be enforced on your hosting account name.
Group relates to usergroup The Group permissions will be enforced on other people that are in the same group as you, within a hosting environment, there is very rarely other people in the same group as you. This protects your files and directories from being made available to anybody else who may also have a hosting account on the same server as you.
Other relates to everyone else The Other permissions, these will be enforced on anybody else on the server that is either not you or not in your group. So in a Web Serving environment, remembering that no-one else is normally in your group, then this is everybody else accessing the server except for you.
Each of the three sets of permissions are defined in the following manner;
r = Read permissions w = Write permissions x = Execute permissions
OwnerGroupOther r w x r w x r w x
As many of you already know, permissions are normally expressed as a numeric value, something like 755 or 644. so, how does this relate to what we have discussed above?
Each character of the permissions are assigned a numeric value, this is assigned in each set of three, so we only need to use three values and reuse them for each set.
OwnerGroupOther r w x r w x r w x 4 2 1 4 2 1 4 2 1
Now that we have a value that represents each permission, we can express them in numeric terms. The values are simply added together in the respective sets of 3, which will in turn give us just three numbers that will tell us what permissions are being set.
So, if we are told that a file has the permissions of 777, this would mean that the following was true.
OwnerGroupOther r w x r w x r w x 4 2 1 4 2 1 4 2 1
Thus... 4+2+1 4+2+1 4+2+1 = 7 = 7 = 7
The Owner of the file would have full Read, Write and Execute permissions, the group would also have full Read, Write and Execute permissions, and the rest of the world can also Read, Write and Execute the file.
The standard, default permissions that get assigned to files and directories by the server are normally;
Files = 644 and Directories = 755
These permissions would allow, for files;
644 = rw- r-- r-- = Owner has Read and Write Group has Read only Other has Read only
and for directories;
755 = rwx r-x r-x = Owner has Read, Write and Execute Group has Read and Execute only Other has Read and Execute only
Now, things can get a little complicated when we start talking about shared Web Servers, the Web Server software will be running with its own username and groupname, most servers are configured for them to use either "apache" and "apache" or "nobody" and "nobody" as username and groupname.
So hear is the problem, your Web Server runs as its own user, and this user is not you or in your group, so the first two sets of permissions do not apply to it. Only the world (other) permissions apply.
Therefore, if you configure a permissions set similar to 640 on your website files, your Web Server will not be able to run your website files.
640 = rw- r-- --- = Owner has Read and Write Group has Read only Other has no rights
The WebServer is assigned no permissions at all and cannot Execute, Write or more importantly, even Read the file to delivery its content to a website visitors browser.
If a directory was to be assigned 750 permissions, this would have the same effect, because the WebServer does not even have permissions to read files in the directory, even if the files inside that directory had favorable permissions.
750 = rw- r-x --- = Owner has Read and Write Group has Read and Execute Other has no rights
Directories have an extra quirk, if a directory does not have the Execute permission set in the World set then even if Read and Write are set, if the program is not run as the user or group, it will still not be able to access the files within the directory. The Execute setting allows the program to "Execute" commands in the directory, so without it being on the program(in our case a Web Server) cannot execute the "Read" command, thus cannot deliver your file to the users web browser. How Does this Relate to Joomla! ? Good question, well in the first instance this would be important during the Web-Installer process. If you can remember back to when you ran the Joomla! Web-Installer, we were looking for specific directories to be designated as "Writable".
We see quite a numbers of posts either stating that there were problems during the install with permissions or asking what permissions are recommended. Some even consider the message, asking for "Writable" permissions to be too vague.
Unfortunately, as the Web-Installer does not know how your server is configured, then it cannot be more specific, however, once you understand the permissions settings and you know a ittle about Web Serving environments, you will actually find that the term "Writable" is actually very specific and a more than adaquate description of what Joomla! needs.
Thinking back to the above information, you may remember that there are three places where "Write" permissions maybe set;
Owner Writable, Group Writable and Other Writable.
Also remembering that the Web Server generally doesn't run as your own user or in the same group. When you run the Web Installer from a browser, it is the Web Server trying to access the files, thus it is the "Other" permissions that will apply to it. If the "Other" permissions do not allow the Web Server to Read, Write or Execute commands in the Joomla! directories, you will receive the message saying that the directories are not "Writable".
In this case, you will need to configure the Other permissions to be "7" on the directories listed in the Web Installer. So your total permissions might be something like 757, in the worse case you might need to set 777. These very open permissions maybe reset back to 755 after the installer runs to assist in the security of your directories and files.
757 = rwx r-x rwx = Owner has Read, Write and Execute Group has Read and Execute Other has Read, Write and Execute
Just to make things even more confusing, many hosting firms make use of a software called phpsuExec or suExec, these tools change the way the Web Server runs, where the Web Server would not normally run as your username, in this case, it does.
So the use of the "Other" permissions, may not be required, now you may only need to configure directories to be "Writable" to your own username and groupname, this allows directory permissions to be set as 755 or 775 instead of 757 or 777.
755 = rwx r-x r-x = Owner has Read, Write and Execute Group has Read and Execute Other has Read and Execute
775 = rwx rwx r-x = Owner has Read, Write and Execute Group has Read, Write and Execute Other has Read and Execute
The Web Server will still need to Execute set for the username and Read, Execute groupname permissions set so that it can Execute the Read command on files inside the directory. Again, these permissions may be demoted back to 755 after the Web Installer completes. OK, so thats the basics for directories covered, what about files? This is where things get a little simpler.
Most of the files that Joomla! makes use of will be quite happy with the 644 default permissions.
644 = rw- r-- r-- = Owner has Read, Write Group has Read Other has Read
This is valid if you do not have a need to Write to the files from the Web Server, the same rules apply as for directories if you do have this need. One file that you may like to have "Writable" to the Web Server is your configuration.php file. This is the Joomla! configuration file, if you plan on changing configuration through the Web Admin interface, then this file will need to be Writable to the Web Server.
If your server needed directory permissions to be set to "Other" Writable for the install then this file will probably also need to be 757 or 777. Leaving this file as 757 or 777 is dangerous though, as you are letting everyone have "Write" access, many Web Site exploits take advantage of this fact, so in general it is not recommended to leave this file with these permissions.
If your Web Server has one of the SU tools installed and you only needed to configure 755 on directories for the installation, then you will probably also only need to set 755 or 775 on this file to allow editing through the Admin interface, and these permissions are generally accepted as more secure than 757 or 777.
In conclusion, what permissions should be set for the Joomla! installation? Well, as you can see, it depends!
I know this isn't maybe as helpful as you would have liked and it certainly is not a definitive answer, but in general, after the installation any insecure "7" settings can be reset back to something more secure.
for Example: Files = 644 and Directories = 755
These permissions would allow, for files;
644 = rw- r-- r-- = Owner has Read and Write Group has Read only Other has Read only
and for directories;
755 = rwx r-x r-x = Owner has Read, Write and Execute Group has Read and Execute only Other has Read and Execute only
Footnotes:
If you have SSH, Shell access the following commands should be able to be run from the command line to reset all your files and directories back to the server defaults of 755 and 644.
Change directory in to the top directory (" / ") of your Joomla! installation, then run these;
find . -type f -exec chmod 644 {} \; find . -type d -exec chmod 755 {} \;
If you only have FTP access, this can be a very time consuming job, however, unless you changed more directories during the installation that was requested, you should only need to reset about 10 directories and the configuration.php file.
Keep in mind that to install any extensions or templates after the actual Joomla! installation you may need to elevate the default permissions again on the appropriate directories just for the installation period, you may then demote them again after the add-on is installed.
If you decide to use "cache" the cache directory will need to be "Writable" to the Web-Server user to allow it to write its temporary files.
Once you have completed the installation, next thing to do is read Ron Liskey's "Joomla! Admins Security Checklist". I am sure you will find much of the security information that you will need in this post and the Security Forum.
For those of you that are either developing or delivering your Joomla! Web-Sites from the Windows environment, it is sometimes difficult to obtain relevant information regarding permissions. Unfortunately, it is a fact that most Web-Serving is offered under Unix and that Unix is pretty well documented within this environment. Hopefully the following information will go some way to clearing up any confusion and provide a little guidance.
Windows Web-Servers Overview Firstly, lets discuss the differences between servers, in general most Windows folks appear to be using either Apache(Win32) or Microsoft IIS, these two servers operate very differently and utilize slightly different models of delivery.
Apache(Win32) generally runs on the host computer as the User that it was installed under, whereas IIS installs under a specific user but will run under a newly installed user " IUSR_ ".
Permission Defaults By default, Unix tends to only give full access to the "owning" user to files and directories, in opposition to this approach Windows by default will also assign the Group "Everyone", Full permissions. The first thing any good Windows Administrator does is remove the rights of the "Everyone" group, to improve security. For local PC testing, this is probably not necessary, but explains why, if "Everyone" is not removed and you run some form of permissions check script or the Joomla! Pre-Installation check, on the whole you will have Full "Read, Write and Execute" permissions, because you are aquiring the rights of the "Everyone" Group.
Microsoft Internet Information Server (IIS) IIS comes in two main flavours, PWS (Personal WebServer), and IIS (Internet Information Server). Essentially these are the same application, PWS is just a cut-down version of IIS designed for desktop environments, whereas IIS is designed for Server environments. PWS limits you to a single main site, so your application installations will generally be in sub-directories of the main site. IIS, on the other hand, provides the functionality for Virtual Hosts to be run from these directories, delivering multi- site capability.
Due to the different functionality limitations, PWS does not have the "Permisisons Wizard" as it is determined to not be needed, only one user will be using the Server, but in IIS many users will be using the Server, thus differing permission assignments are needed.
Once the "Everyone" account is removed, Windows IIS is now left with the " IUSR_* " account having top-level rights to the Web-Server directories, a pemrisisons check now should yield different results. Only the IUSR_* account has full permissions and other users shuld acquire eihter "Read Only" or no rights. Read only rights are determined by which other users have been assigned what rights to the IIS directories manually.
Assigning Permissions Assigning permissions in Windows is reasonably straight forward, but can be a little confusing at times. Right-Click on the appropriate folder or file, selecting "Properties" or "Sharing and Security" will enter the Windows Security Management pane. Selecting (cick once) on any user name listed will display the rights that user has (in the bottom half of the pane), some rights might be "greyed" out, these are unavilable, either because the current user (you are logged in as) does not have higher enough pemrissions to alter them, or they are inherited from the directory above and have been set to use that higher level directories pemrissions (this is generally the default mechanism).
As you can see, Windows utilises the following Pemrissions/Rights scheme;
1.
Full Control
Allows: 1, 2, 3, 4, 5, 6, 7
2.
Modify
Allows: 2, 3, 4, 5, 6
3.
Read & Execute
Allows: 3, 4
4.
List Folder Contents
Allows: 4 (but connot run programs)
5.
Read
Allows: 5 (Implies: 4)
6.
Write
Allows: 6 (Implies:4 )
7.
Special Permissions
Allows: Combinations
Windows file permissions can be seen as having ^similar properties as UNIX or Linux file (Modes) permissions they are just represented differently. For example, you are probably used to having permissions represented as 644/666 755/777, instead of being described in the terms above. So, when you are quoted to use 644 this equates to:
The owner of this file can read and write to it. The owner's group can read the file. Everyone else can read the file.
^Windows and Unix permissions (Access Control Lists) do not equate exactly, as Windows does not use "Groups" mechanism in the same manner, but for this discussion and in regards to the Web-Hosting environment they can be summarily equated.
Ah but, in windows "Groups" are not used and "Everyone" should have been removed.....
So this is where Windows and Unix do not quite equate, but what can be done is to "match" or "correlate" equivalent meanings. So this outline is not really going to provide you with a Windows or an NTFS specific permissions guide but more of an understanding of how the commonly quoted numbered UNIX/Linux style permissions correlate on a machine with an NTFS file system.
The files that are placed in the www or public_html root folder, or whatever directory your site (www.domain.com.au or localhost) points to on your hard drive should be owned by your user account, but only if that user is not what i sconsidered as a privileged user like "Administrator" on Windows or "root" on UNIX/Linux. These accounts should not be used for everyday use.
Commonly used security practices suggest that all FILES should have the following permissions.
Owner : Read & Write
Group : Read Only
Others : Read Only
all DIRECTORIES/FOLDERS should have the following permissions.
Owner : Read, Write & Execute
Group : Read & Execute
Others : Read & Execute
Arguably, this is not necessarily "optimum" security, but a balance must be struck between security, functionality and maintainability.
Windows, unlike Unix, does not maintain a single ACL for "Execute", but simply provides "Read & Execute" combined, which does not imply "Write". The "Read & Execute" ACL does however also implies "List Directory Contents". Therefore, if you have only Read & Write permissions on a directory but no "Execute" you will not be able to see the contents of the directory and may also have problems when attempting you run the file through a Web-Browser.
Unfortunately a little understanding of UNIX/Linux permissions is required to fully equate/corrolate in to Windows permisiosns, the following "cheat-sheet" should assist;
Unix Mode
Windows ACL
Comments
7
Modify
Read, Write & Execute, you should be the owner of this file
6
Read & Write
5
Read & Execute
used for most applications
4
Read Only
security through obscurity is not a good practice
3
Write & Execute
not available through windows, unless "Special" Permissions is used, not commonly used
2
Write Only
not available through windows, unless "Special" Permissions is used, not commonly used
1
Execute Only
(not available through windows, unless "Special" Permissions is used, not commonly used)
So as a comparison example to Unix Modes, when you are quoted something like 644, you would now need to break that in to three entities; 6 : 4 : 4
The first number represents the "Owners" permissions, the second represents the "Group" permissions and the third, the "Other" permissions.
So the Windows equivalent would be something like;
Owner (6) : Read & Write
Group (4) : Read Only
Others(4) : Read Only
Hopefully, this example provides some insight in to the how to correlate Unix Modes/Permissions in to Windows Permissions/ACL's. this document does not include more complex subjects such as "effective". "Inherited" or "Special" permissions, despite Windows ease of use, Microsofts' Permissions and ACL's mechanisms are actually reasonably complex and very extensive, but this might just give you a quick reference to try and eleviate some of the confusion surrounding Unix and Windows Permissions translations.
What is phpSuExec is: On most Apache servers, PHP runs as an Apache module. This is the default method of installation. Many hosts have this setup because it is default and potentially they do not realize that it is also possible to configure PHP as a CGI. Running PHP as a CGI can be more secure whilst also avoiding file and directory ownership issues.
PHPSuExec provides the facility to have all scripts running the relevant user account instead of under the Web Servers account. This facility allows the server Administrators to isolate and manage malicious or runaway script usage very quickly, avoiding unwanted or un-authorised scripts from running for a lengthy period of time.
What does phpSuExec Do?
777 Permissions With non- phpSuExec configurations, PHP runs as an Apache Module it executes as the user/group of the webserver which is usually "nobody", "httpd" or "apache". Under this mode, files or directories that you require your php scripts to be able to write to need 777 permissions (read/write/execute at user/group/world level). This is not very secure because it allows the webserver to write to the file, it also allows anyone else to read or write to the file.
Under phpSuExec configurations, PHP running as a CGI with "suexec" enabled (su = switch user, allowing one user to "switch" to another if authorised) - Your php scripts now execute under your own user/group level. Files or directories that you require your php scripts to be able to write to no longer need to have 777 permissions. In fact, 777 permissions are no longer allowed, having 777 permissions on your scripts or the directories they reside in will not run and will instead cause a "500 internal server error" when attempting to execute them, this is done to protect you from someone abusing your scripts. Your scripts and directories can now, only have a maximum of 755 permissions (read/write/execute by you, read/execute by everyone else).
Goodbye ".htaccess" and Welcome ".ini" Under the old Apache Module mode it was possible to manipulate the PHP settings from within a ".htaccess" file placed in the script's top-level directory, this was also recursively applied to all other directories below it.
For example you could turn on the php setting "magic_quotes_gpc" with this line in .htaccess:
php_value magic_quotes_gpc on
Now, when PHP is running as a CGI and phpSuExec protected, manipulating the PHP settings is still possible however you can no longer make use of a ".htaccess" file. Using .htaccess with the required PHP prefix of "php_value" will cause a "500 internal server error" when attempting to access the scripts. This is due to php no longer running as an Apache module, thus Apache is unable to handle those directives any longer.
If your host has, or is, implementing phpSuExec, ALL php values should be removed from your .htaccess files to avoid the 500 internal server error. Instead, you will now be creating and using your own "Local php.ini" file to manipulate the desired php settings.
What is a php.ini file? The php.ini file is a configuration file that the server looks at to see what PHP options have been made available to the server or what their setting are, if different from the server's default php.ini. While the name may seem advanced to those unfamiliar with it, it is in essence a simple text file with the name php.ini
How to create a php.ini file To create a php.ini file, just open up a text editor, add in the lines you need and save the file. You can name the file whatever you wish when saving, to ensure the correct FTP transfer mode is used, you might wish to name it "php.ini.txt". Once you have configured all your settings, upload the file to the directory where your script is located and then rename it back to php.ini
For example you can turn on the php setting "magic_quotes_gpc" with this line in php.ini:
magic_quotes_gpc = on
In many cases, you might need to have multiple copies of the same php.ini file in different directories, unlike .htaccess files, php.ini files are not applied recursively to lower directories. If you need the same functionality across all lower directries also, you will then need to copy the php.ini file each directory in turn that will have .php scripts running from within them.
Troubleshooting, something went wrong My php script doesn't work or I have an error message.
1. Check that the php script that you are attempting to execute has permissions of no more than 755 - 644 will work just fine normally, this is not something that will need to be changed in most cases.
2. Check that the directory permissions that the script resides within is set to a maximum of 755. This also includes directories that the script would need to have access to also.
3. Check that you do not have a .htaccess file with php_values within it. They will cause a 500 Internal server error, when attempting to execute the script. The php_values will need to be removed from your .htaccess file and a php.ini put in its place, containing the php directives as explained above.
My script requires 777 So what about php scripts that say they require 777 permissions on some of their directory or files to work, such as a Joomla!, Forums, photo galleries and alike? Due to the transparent nature of phpSuExec this is solved very simply, any directories stated as requiring to be "writable" or "777" can safely be set to 755 (the maximum) instead. This is because, now that the web server runs under your own user account, only your own user account needs full write and execute permissions.
These rules have been applied to .cgi and .pl files historically and are now being applied php files also.
Original content reproduced from numerous sources across the internet
